Hi Forum,
I have asked questions about this before but my program has came to cross roads where I require more flexibility in my security procedures.
At the moment I generate a specific key based on certain details about the system, and I hash this data to file, which ensures it will only run on this system.
However it has now got to the point where I have a need for providing keys which will carry settings for the program within the key. So that if a customer wants an update its the matter of sending an updated key, which will allow certain areas of the program to be unlocked/locked.
Obviously I can no longer use the hash, as it can't be decrypted. I am looking to use key encryption system, which will allow to encrypt data within a license key. But obviously it brings the problem of where to store Crypt & decrypt key within the program.
A) Store it as variable within the program, but brings the problem of reverse engineering
B) Store key in registry, is still accessible to user.
C) Store in app settings, user can access the file using text editor.
I have been reading about DPApi, its not something I have used before, how secure is it and how do I go about using this. Does it encrypt key using the windows users detail as crypt?
Any suggestions would be greatly appreciated!
Best Regards
Boyindie
I have asked questions about this before but my program has came to cross roads where I require more flexibility in my security procedures.
At the moment I generate a specific key based on certain details about the system, and I hash this data to file, which ensures it will only run on this system.
However it has now got to the point where I have a need for providing keys which will carry settings for the program within the key. So that if a customer wants an update its the matter of sending an updated key, which will allow certain areas of the program to be unlocked/locked.
Obviously I can no longer use the hash, as it can't be decrypted. I am looking to use key encryption system, which will allow to encrypt data within a license key. But obviously it brings the problem of where to store Crypt & decrypt key within the program.
A) Store it as variable within the program, but brings the problem of reverse engineering
B) Store key in registry, is still accessible to user.
C) Store in app settings, user can access the file using text editor.
I have been reading about DPApi, its not something I have used before, how secure is it and how do I go about using this. Does it encrypt key using the windows users detail as crypt?
Any suggestions would be greatly appreciated!
Best Regards
Boyindie
Comment