Licensing using JCE

Hi all,

I'm trying to implement a licensing feature to one our products using JCE.

I just need to encrypt some details, create a license key.

My Questions are,

1.How can I store the key by which we are encrypting (if we are using JCE)
2.How can I make the encrypted value (which will include some special characters) to a readable format. (like a HEXADECIMAL or ASCII String)

Thanks

Nish

#1) What are you encrypting - the license key? In that case you need to store the encryption key in plain text somewhere, so you're not gaining much. Maybe I'm missing something?
You could possibly implement an online registration scheme, where a license key is checked live against a database of keys.

#2) There are various ways to do this, e.g. Base64 encoding.
[ December 02, 2005: Message edited by: Ulf Dittmer ]

Appreciate your help. What I was planning is to encrypt the license key. In my case, online checking is not possible. Do you have any other idea.

I know if I store the key in plain text can be easily found out. And its not a commercial product. What I need to check is the expiry date. Program should not be run, after the expiry date or without a license at all.

Why do you want to embed a license key at all? I would use a system where the correctness of the key entered can be computed by an algorithm. You can use formulas that can be as tricky and obfuscated as you like, so that even from decompiled source code it is not immediately obvious which key would work.
On top of that, I would embed the expiry date into the license key, otherwise it would probably be pretty easy to remove the expiry date check from the decompiled source code.

I was not talking about storing the license key inside the source code. But the key with I would encrypt the license key. Confusing ?

What I was planning is some thing like, creating a license key, which will include the expiry date. Expiry date will be evaluated by decrypting the license key.

If I'm encrypting the license key using JCE or something, I need to store the KEY (note the license key) with which I'm encrypting the license key right ?

I understand what you're trying to do. But like you say, you need to store the crypto-key in cleartext, so you're not gaining much by using one at all. That's why I suggested not to store the full license key (encrypted or not) in the code, but to use algorithmically checkable license keys. That way you don't have "a" license key, but an algorithm, which you can obscure and obfuscate.
Without an online component, all these attempts merely make it harder for a would-be attacker, though, not impossible. And even with an online component it's ultimately crackable.
[ December 05, 2005: Message edited by: Ulf Dittmer ]

Greatly appreaciate your help. let me try something as you suggested.


by the way, do you have any idea to prevent the user accessing the product after the license is being expired, by changing the system date ?

I can think of some really involved approaches, but since even commercial software from big companies doesn't handle this one, it's probably not worth your while either.
It's such a nuisance to have to change dates back and forth repeatedly that I can't imagine a sizeable number of people doing that.