19Şub
Are file signatures sufficient for a quick licensing scheme?
Overall I wanted to implement the following concept to "license" a system based on some very high level requirements (offline, isExpired). Is this a safe/secure way to ensure your product can be used offline and managed easily?
- Create public/private key pair. Software contains public key and I would maintain private key.
- Create a file that contains basic user information (user, date, expirationDate,etc) Call license.data
- Generate file signature using your private key and convert to base64 format. Call license.key
- Send license.data and license.key to user
- User places key at xyz location
- Software checks expiration date in license.data on startup and verifies signature is correct.
Ultimately at the end I would run
openssl dgst -sha256 -verify <pub-key> -signature license.key license.data
To verify the license.data file and license.key still align.
Any thoughts as to why this would not work or something more complex would be required? Thank you.
