How can I add license to my C# desktop application? I need to find a suitable free method to prevent unauthorised users installing my software.
117k 18 18 gold badges 200 200 silver badges 299 299 bronze badges asked Sep 2, 2010 at 5:49 1,663 5 5 gold badges 22 22 silver badges 39 39 bronze badges What exactly do you mean by "add a license"? Commented Sep 2, 2010 at 5:55 Application must have a license key for install. Commented Sep 2, 2010 at 6:10I'm probably a bit late, but I spent a bit of time trying to work out a quick and effective method of securing a little C# application, and I would like to share my results.
It seems you can build your own, fairly secure licensing system using RSA reasonably easily.
Obviously, nothing is bullet-proof when it comes to protecting software (It's like protecting your house from burglars: alarms, barking dogs and fences make it more trouble than it's worth, but they won't stop someone determined to get in)
So, making it more trouble than it's worth is the key phrase in software protection: if you are offering a $1,000,000 E.R.P. system, you would want to have really good protection that authorized via a web-service (and users paying that much for a system would not have a problem with allowing that system constant internet access)
However, if you are charging only $5-$30 for a little app, users are not going to put up with very heavy handed authorization.
I think the simplest system to produce is to digitally sign a license-file that contains the details of product, the user and it's duration.
This means any modification of the license file makes the digital signature invalid.
The digital signature can be obtained from the DSACryptoServiceProvider class, using the SignData method.
A private key is required to sign the data, and the public part of that key can be used to validate the signature: (thus the public key must be accessible by the application)
The DSAXCryptoServiceProvider has methods for creating and using keys:
returns the Public or Public & Private keys currently in the service provider as an XML string.
This method sets up a new DSACryptoServiceProvider with existing private or public keys obtained from DSACryptoServiceProvider.ToXMLString()
The only flaw in the security of this system would be the possibility of a user breaking in an supplying their own public-key. This would allow them to generate their own license files from their own private-key.
This can be gotten around by additionally signing a required resource for the application (like a .dll that contains essential logic for the application, or even the .exe itself) - thus if the public key is changed, this additional (hidden) signature will become invalid.
Other ways to improve this include obscuring the license terms (serializing a data-structure containing the license terms using the binary-formatter to a byte array, then using Convert.ToBase64String() will quite effectively obscure the licensing terms, and even if the user was able to replace the public-key they would still need to work out the representation of the data)
I have an example system I wrote, but it is too big to quote entirely, but this is the CreateLicense method from it:
/// /// use a private key to generate a secure license file. the private key must match the public key accessible to /// the system validating the license. /// /// applicable start date for the license file. /// applicable end date for the license file /// applicable product name /// user-name /// the private key (in XML form) /// secure, public license, validated with the public part of the key public static License CreateLicense(DateTime start, DateTime end, String productName, String userName, String privateKey) < // create the licence terms: LicenseTerms terms = new LicenseTerms() < StartDate = start, EndDate = end, ProductName = productName, UserName = userName >; // create the crypto-service provider: DSACryptoServiceProvider dsa = new DSACryptoServiceProvider(); // setup the dsa from the private key: dsa.FromXmlString(privateKey); // get the byte-array of the licence terms: byte[] license = terms.GetLicenseData(); // get the signature: byte[] signature = dsa.SignData(license); // now create the license object: return new License() < LicenseTerms = Convert.ToBase64String(license), Signature = Convert.ToBase64String(signature) >; >
/// /// validate license file and return the license terms. /// /// /// /// internal static LicenseTerms GetValidTerms(License license, String publicKey) < // create the crypto-service provider: DSACryptoServiceProvider dsa = new DSACryptoServiceProvider(); // setup the provider from the public key: dsa.FromXmlString(publicKey); // get the license terms data: byte[] terms = Convert.FromBase64String(license.LicenseTerms); // get the signature data: byte[] signature = Convert.FromBase64String(license.Signature); // verify that the license-terms match the signature data if (dsa.VerifyData(terms, signature)) return LicenseTerms.FromString(license.LicenseTerms); else throw new SecurityException("Signature Not Verified!"); >
The License Terms Class:
/// /// terms of the license agreement: it's not encrypted (but is obscured) /// [Serializable] internal class LicenseTerms < /// /// start date of the license agreement. /// public DateTime StartDate < get; set; >/// /// registered user name for the license agreement. /// public String UserName < get; set; >/// /// the assembly name of the product that is licensed. /// public String ProductName < get; set; >/// /// the last date on which the software can be used on this license. /// public DateTime EndDate < get; set; >/// /// returns the license terms as an obscure (not human readable) string. /// /// public String GetLicenseString() < using (MemoryStream ms = new MemoryStream()) < // create a binary formatter: BinaryFormatter bnfmt = new BinaryFormatter(); // serialize the data to the memory-steam; bnfmt.Serialize(ms, this); // return a base64 string representation of the binary data: return Convert.ToBase64String(ms.GetBuffer()); >> /// /// returns a binary representation of the license terms. /// /// public byte[] GetLicenseData() < using (MemoryStream ms = new MemoryStream()) < // create a binary formatter: BinaryFormatter bnfmt = new BinaryFormatter(); // serialize the data to the memory-steam; bnfmt.Serialize(ms, this); // return a base64 string representation of the binary data: return ms.GetBuffer(); >> /// /// create a new license-terms object from a string-representation of the binary /// serialization of the licence-terms. /// /// /// internal static LicenseTerms FromString(String licenseTerms) < using (MemoryStream ms = new MemoryStream(Convert.FromBase64String(licenseTerms))) < // create a binary formatter: BinaryFormatter bnfmt = new BinaryFormatter(); // serialize the data to the memory-steam; object value = bnfmt.Deserialize(ms); if (value is LicenseTerms) return (LicenseTerms)value; else throw new ApplicationException("Invalid Type!"); >> >