Question

I was initially going to use a signed serialized xml file to store license details. In planning, more and more has moved into this "license file" which will allow for us to distribute a single application and control available functions via the supplied license file.

标准化股和印刷报告与发行人日志合编,因此,如果能够列入许可证,那将是好的。我知道这可以用序列号Xml文档来完成,但我想知道,在汇编的大会中储存这一数据的利弊是什么?

发放许可证的工具可以将集会汇编成适当的特性和资源,并签字。

Update
From what I can see, using serialized xml or an assembly would be pretty similar. From my point of view, assemblies would allow me to add other resources and leaves some flexibility for the future. As soon as the resources get complicated, xml serialization is a pain.

Update2
The software only works with our hardware so licence security is not a massive concern. The main aim is to stop the casual user from enabling features that they have not paid for. I would be choosing one over the other for design simplicity!

Answer 1

签发的Xml许可证档案没有什么好处,但可能无法复制你的情况:

You can inspect the contents of it using a simple tool like notepad or a web browser. If you have to manage a lot of licenses and a lot of time goes by, you can check the license scope more easily by simply viewing the file. Even the customer can read you the most important points of his license over the phone.
If a single application installation can have many licenses assigned to it (per user, per function, etc), it is easier to manage a list of xml files, than to dynamically load assemblies.
It is easier to create a tool for client-side license creation -> the application would submit an unsigned xml file for signing.
It s easier for versioning. If a new version of your software has new licensing options, and the old license should work with the upgraded version, depending of your implementation of the singed licensing assembly, you can break the old software.

如果你没有这些具体需要,那么就采用议会授权办法,因为这样做更简单。

<>Update>

看看矿后涌现的其他答案——对当地计算机软件的完美保护并不存在,而且很可能不会存在很长时间。不要花太多时间保护你的软件,因为如果任何人真的想要免费使用软件,他将找到这样做的途径。让用户有更多的理由使用你的申请并简化购买经验。

在批量或外部Xml文档中签署许可证就足够了。

Answer 2

你可以使用集会代替许可证档案,但你应当这样做。总是有可能从议会中删除数字签字;现在使用Reflexil工具是微不足道的。

See the article CAS Tamper-Proofing is Broken: Consequences for 软件 Licensing for more details.

Answer 3

一直为我工作的一个良好解决办法是,建立一个拥有所有所需财产的许可证级,如姓名、到期、标志等。将该类别注入双元数据以备存,然后加以加密,并保存到档案中。这样做并不要求签署,而档案是抗 ha的。读到你的执照只是相反的,读到档案、不加密、不飞行。其中一个告诫是,如果多个议会读到这一许可文件,那么加密/非加密功能就应当放在单独的共同组合中。

Answer 4

I wouldn t go with using an assembly as a license file - as others have pointed out it s relatively trivial to break.
I would use a file ( xml or whatever ) then lock it to the users machine. This can be achieved in several ways :
1) Use System.Cryptography.ProtectedData - this just wraps the Windows DPAPI and uses the windows key store ( either per user or per local machine ). This a simple(ish) approach but you will have to using Encoding.UTF8.GetString ( or whatever your encoding is ) to convert back from a byte array. This is simple but not industrial strength as someone could still dig out the key store etc.
2) Use a machine unique ID such as the SID with a symmetric algorithm such as Rijndael or Blowfish and provide the SHA-256 hash of the unencrypted license file as the IV. This is a bit more complex to implement as you d need to use WMI to find the SID and then use System.Security.Cryptography.RijndaelManaged etc to do the encryption/decryption.

Answer 5

我认为,利用大会是富有创造性的,但比较容易逆转。在你向反照人开放申请后,所有检查许可证的地点都可以按照许可证类别的财产确认。我看到的另一个问题是行文。当2.0版时,你的营销团队可能要求你接受1.0份许可证。您的2.0软件可能有一个新的许可证级,其额外性质不再与1.0版的类别相联。你可以为此而努力,但会打败最初设计的简单明了。

Answer 6

我更喜欢大会版本,因为:

Instead of .net sign, you can use authenticode (you need a certificate for it, but it’s not that expensive), or you can use both. Than in your application, you can check the signature. This removes the security hole for a tampered .net sign.
It’s more flexible. You can define an interface for the license assembly which can be later extended.
You can have some logic in the license assembly.

但记住。它只是软件保护。下一步是使用加密钥匙(hasp ,marx 。

友情链接