From: Goetz Babin-Ebell <[EMAIL PROTECTED]>
Reply-To: openssl-users@openssl.org
To: openssl-users@openssl.org
Subject: Re: EVP Envelope & PKI Confusion...
Date: Tue, 03 Apr 2007 21:13:22 +0200
MIME-Version: 1.0
X-Sender: Goetz Babin-Ebell <[EMAIL PROTECTED]>
Received: from mmx1.engelschall.com ([195.30.6.154]) by bay0-mc6-f4.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Tue, 3 Apr 2007 12:15:10 -0700
Received: by mmx1.engelschall.com (Postfix)id E72A75647D; Tue, 3 Apr 2007 21:14:11 +0200 (CEST)
Received: from master.openssl.org (master.openssl.org [195.30.6.166])by mmx1.engelschall.com (Postfix) with ESMTP id C9E2456413for <[EMAIL PROTECTED]>; Tue, 3 Apr 2007 21:14:11 +0200 (CEST)
Received: by master.openssl.org (Postfix)id 480131AC6145; Tue, 3 Apr 2007 21:14:11 +0200 (CEST)
Received: by master.openssl.org (Postfix, from userid 29101)id 3FC971AC6103; Tue, 3 Apr 2007 21:14:11 +0200 (CEST)
Received: from webmail.hansenet.de (mail01.hansenet.de [213.191.73.61])by master.openssl.org (Postfix) with ESMTP id 7CBFC1AC60A0for <openssl-users@openssl.org>; Tue, 3 Apr 2007 21:13:59 +0200 (CEST)
Received: from mail.shomitefo.de (80.171.107.171) by webmail.hansenet.de (7.2.074) (authenticated as goetz%shomitefo.de) id 4600B9930063B1EA for openssl-users@openssl.org; Tue, 3 Apr 2007 21:13:23 +0200
Received: from hal64.shomitefo.de ([192.168.1.91])by mail.shomitefo.de with esmtp (Exim 4.50)id 1HYoRW-0001EE-Bx; Tue, 03 Apr 2007 21:13:22 +0200
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Usman Riaz schrieb:
> > I believe with signing the
> > license information (correct me if I am wrong), I have to provide the
> > actually license info/data (in plain clear text) along with the data
> > generated during the signing process.
>Yes.
>
> > The problem with this approach is,
> > that providing the license info in clear text I think will make it
> > little more tempting & almost all the softwares that I have used,
> > don't supply license info in clear text.
>To what could the user be tempted ?
>To generate an own license ?
>For that he needs your private key,
>and if he has that, you have lost anyway...
>
>if you really do not want the license data to be readable in plain text,
>you may obfuscate it in some way (ROT-13, base64,...)
>
>The question here is:
>What do you gain from encrypting the license information ?
>Unencrypted license information has the advantage that your user
>in case of an license error may look into the license file and
>see something like:
>
>product: not working piece of junk
>version: 0.99.8.123a
>company: Stupid Loosers Inc.
>user: Brain Dead
>IP: 192.168.1.1
>from: 2007-01-01
>until: 2008-01-01
>key: fgjfgjfghhjsdfgjfhjkasdrt6be78utxdyvtdr6zungzbxcdbzr6...
>
>Indicating that user "Brain Dead",
>working in company "Stupid Loosers Inc."
>may use the software "not working piece of junk"
>starting with version "0.99.8.123a"
>on the host with the IP address "192.168.1.1"
>from 2007-01-01 until 2008-01-01.
haha, that surely can't be my license, I sell working piece of junk :D
>
> > Even though I agree the customer
> > should know what is in the license information thats why my software
> > will display info about it, after reading the license data but how
> > this license info is interpreted & transformed from one form to
> > another should be left to the software vendor.
>Naturally.
>The way you store the license data in the license file is completely
>to be defined by the vendor.
>But from the point of security you gain nothing from adding some
>encryption to the license data.
>
>Bye
>
>Goetz
>
>- --
>DMCA: The greed of the few outweights the freedom of the many
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.2 (GNU/Linux)
>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
>iD8DBQFGEqdS2iGqZUF3qPYRAsZuAJwOVC5BmtleLurf4Ony8WLIBUf2zwCcCCe0
>ORwK5B07Xb4DTYh1Kek3h54=
>=cDgq
>-----END PGP SIGNATURE-----
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>User Support Mailing List openssl-users@openssl.org
>Automated List Manager [EMAIL PROTECTED]
Express yourself instantly with MSN Messenger! MSN Messenger Download today it's FREE! ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
