In earlier discussions, I had pretty much settled on using an RSA key pair for my licensing (particularly, for per use licensing), giving the public key to the user and retaining the private key.
It just occurred to me, though: given that this lets them decrypt the entire license payload, which is full of cleartext, couldn't just plain anybody make their own key pair, encryupt, and feed my program the custom key? (kind of like mounting the screws on the lock on the outside of the house?[1]) If I'm correct, is the solution to have a somewhat longer public/private pair, and using that private key to encrypt the user's public key, and keep it buried in my code, so that the user never has the real key? And if it somehow escaped, I could update it in major releases? [1] We didn't notice a first, but our sliding back door was mounted inside out, allowing it to simply be lifted off from outside . . . we then found that the entire subdivision had been misinstalled like this decades ago. -- Dr. Richard E. Hawkins, Esq. (702) 508-8462 _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
