Joined: 18 Jul 2005
|Posted: Thu May 14, 2009 10:14 am Post subject: FAQ: Frequently Asked Questions about CryptoLicensing For ActiveX
|Q. Is every generated license code unique?
A. Yes, every license code generated by CryptoLicensing is guaranteed to be unique, even if you generate thousands of codes at a time.
Q. What makes CryptoLicensing so secure?
A. CryptoLicensing uses the latest cryptographic technology to generate and validate licenses. The cryptographic algorithm used is the RSA asymmetric public-key algorithm which can use upto 3072-bit keys. Given current computing power, it takes years to break a 3072-bit key.
Q. Is is possible for a hacker to develop a keygen for my software?
A. Impossible. The cryptographic algorithm used by CryptoLicensing consists of a pair of keys called as the private key and the public key. Data encrypted with one key can only be decrypted by the other key and vice versa. Licenses are generate using the private key and validated using the public key. Without the private key, it is impossible to generate valid licenses.
Q. What is the difference between validation key, public key and private key?
Private Key = Encryption/Signing/Generation Key.
This key is used by CryptoLicensing Generator to generate license codes and for signing/encrypting them. This key is stored in the license project file, so the license project file must be kept secure and confidential and must be accorded the same care as any other critical asset such as source code.
Public Key = Validation Key.
This key is used for validating generated license codes. It is the same key displayed in the 'Get Validation Key And Code' dialog and is used by your software when validating license codes (using crylic91.ocx). Unlike the private key, it is not necessary to keep this key secure and confidential.
Q. Do I have to include the license project file (.licproj) with my software?
A. No!!! This goes against the very essence of the security of the asymmetric cryptographic scheme because the project file contains both the public and private key. With your software, you only need to include the validation key (public key) which will be used to validate licenses generated by CryptoLicensing using the private key. The license project file should be treated as any other valuable and confidential asset such as your source code.
Q. Does the license service need the license project file?
A. Yes. The license project file is needed whenever new licenses are generated (via the UI, via the API or via the license service). As just one example, the license service generates new machine-locked licenses when activated licenses are presented to it for activation, therefore the license service needs the license project file.
Q. Is it possible to embed my own data in the generated licenses?
A. Yes. You can embed any amount of additional data in the licenses. This data will have the same amount of security as the license code itself and will be tamper-proof. The embedded user data can be retrieved from your software.
Q. What additional steps can I take to ensure that my software does not get cracked?
A. There are many methods and techniques which can make it extremely difficult for a hacker to crack your software. See Writing Effective License Checking Code And Designing Effective Licenses for more information.
Q. Why is the license service not working?
A. The most common cause is not setting the CryptoLicense.LicenseServiceURL property before trying to validate a license. Make sure that this property is set to the correct URL where your license service is hosted.
The most common cause after this is that the license project file on the web server where your license service is hosted is not the latest. This happens if you make changes to the license project (for example, set the 'Enable Usage in Service' setting for a profile), but don't upload the updated project file to your web server.
Q. Why are my serials not working?
Serial codes require the user of a license service. See Using Serial Codes for more details. Also see the earlier question 'Why is the license service not working?'
Q. Is the same validation key used to validate license codes generated from different profiles.
A. Yes. Profiles are just pre specified license settings for quickly generating licenses having those settings. The actual license code is still generated using the license project's cryptographic private key and thus, can be validated using the project's validation key.
Q. Why are changes made to a profile not getting saved?
A. Simply changing license settings via UI and saving the license project does not save those license settings to the active profile. You must first save the license settings to a profile using the Save/Save As command from the Profiles menu (see above).
Q. Why is validation of activated licenses failing from CryptoLicensing Generator, but works from my software?
A. Make sure that you have specified the URL of the license service using the Project Properties Dialog. Also see the earlier question 'Why is the license service not working?
Q. How can I extend the trial period of my customer?
A. To extend the evaluation period of the customer, simply send him a new license code specifying the desired evaluation limits. Evaluation information such as the current used days, executions, etc are stored in garbled form in a registry location which is derived from the license code. Therefore, when a new license code is used, the old evaluation information will not be used and a new evaluation period will be started.