StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>It sounds like you want to be using Public/Private cryptography to sign a license token (an XML Fragment or file for example) so you can detect tampering. The simplest way to handle it is to do the following steps:</p> <p>1) Generate a keypair for your company. You can do this in the Visual Studio command line using the SN tool. Syntax is: </p> <pre><code>sn -k c:\keypair.snk </code></pre> <p>2) Use the keypair to strongly name (i.e. sign) your client application. You can set this using the signing tab in the properties page on your application</p> <p>3) Create a license for your client, this should be an XML document and sign it using your Private key. This involves simply computing a digital signature and steps to accomplish it can be found at:</p> <p><a href="http://msdn.microsoft.com/en-us/library/ms229745.aspx" rel="noreferrer">http://msdn.microsoft.com/en-us/library/ms229745.aspx</a></p> <p>4) On the client, when checking the license you load the XmlDocument and use your Public key to verify the signature to prove the license has not been tampered with. Details on how to do this can be found at:</p> <p><a href="http://msdn.microsoft.com/en-us/library/ms229950.aspx" rel="noreferrer">http://msdn.microsoft.com/en-us/library/ms229950.aspx</a></p> <p>To get around key distribution (i.e. ensuring your client is using the correct public key) you can actually pull the public key from the signed assembly itself. Thus ensuring you dont have another key to distribute and even if someone tampers with the assembly the .net framework will die with a security exception because the strong name will no longer match the assembly itself. </p> <p>To pull the public key from the client assembly you want to use code similar to:</p> <pre><code> /// <summary> /// Retrieves an RSA public key from a signed assembly /// </summary> /// <param name="assembly">Signed assembly to retrieve the key from</param> /// <returns>RSA Crypto Service Provider initialised with the key from the assembly</returns> public static RSACryptoServiceProvider GetPublicKeyFromAssembly(Assembly assembly) { if (assembly == null) throw new ArgumentNullException("assembly", "Assembly may not be null"); byte[] pubkey = assembly.GetName().GetPublicKey(); if (pubkey.Length == 0) throw new ArgumentException("No public key in assembly."); RSAParameters rsaParams = EncryptionUtils.GetRSAParameters(pubkey); RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); rsa.ImportParameters(rsaParams); return rsa; } </code></pre> <p>I've uploaded a sample class with a lot of helpful Encryption Utilities on Snipt at: <a href="http://snipt.net/Wolfwyrd/encryption-utilities/" rel="noreferrer">http://snipt.net/Wolfwyrd/encryption-utilities/</a> to help get you on your way. </p> <p>I have also included a sample program at: <a href="https://snipt.net/Wolfwyrd/sign-and-verify-example/" rel="noreferrer">https://snipt.net/Wolfwyrd/sign-and-verify-example/</a>. The sample requires that you add it to a solution with the encryption utils library and provide a test XML file and a SNK file for signing. The project should be set to be signed with the SNK you generate. It demonstrates how to sign the test XML file using a private key from the SNK and then verify from the public key on the assembly.</p> <p><strong>Update</strong></p> <p>Added an <a href="http://www.leapinggorilla.com/Blog/Read/1019/signed-xml-licenses" rel="noreferrer">up to date blog post</a> with a nice detailed run through on license files</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload