cryptography – Licensing application approach

I develop an app and was able to gather some clients, the next step in the application backlog is a Licensing module.

I used and modified some code that helped me in the matter and was able to accomplish a simple licensing system. Although I master some concepts of software development, I know security is not there yet.

The licensing module does the following:

  1. Generate a license (License.lic) signed with a private key. The .lic file is and Xml with attributes, an expire date and the signature.
  2. Distribute the application with a license and the public key.
  3. The application periodically checks if the license is expired but first checks the integrity of the license with the signature and the public key.

I understand no system is perfect and its hard licensing system is bullet proof. But this approach raises some questions.

  • Should I encrypt the .lic file?
  • Should I generate a key pair per license?
  • Is it safe to ship the public key with the product?
  • Is this a good approach at all?