I develop an app and was able to gather some clients, the next step in the application backlog is a Licensing module.
I used and modified some code that helped me in the matter and was able to accomplish a simple licensing system. Although I master some concepts of software development, I know security is not there yet.
The licensing module does the following:
- Generate a license (
License.lic) signed with a private key. The
.licfile is and Xml with attributes, an expire date and the signature.
- Distribute the application with a license and the public key.
- The application periodically checks if the license is expired but first checks the integrity of the license with the signature and the public key.
I understand no system is perfect and its hard licensing system is bullet proof. But this approach raises some questions.
- Should I encrypt the
- Should I generate a key pair per license?
- Is it safe to ship the public key with the product?
- Is this a good approach at all?