c# - How to generate and validate a software license key?

Question

I'm currently involved in developing a product (developed in C#) that'll be available for downloading and installing for free but in a very limited version. To get access to all the features the user has to pay a license fee and receive a key. That key will then be entered into the application to "unlock" the full version.

As using a license key like that is kind of usual I'm wondering :

1. How's that usually solved?
2. How can I generate the key and how can it be validated by the application?
3. How can I also avoid having a key getting published on the Internet and used by others that haven't paid the license (a key that basically isn't "theirs").

I guess I should also tie the key to the version of application somehow so it'll be possible to charge for new keys in feature versions.

Anything else I should think about in this scenario?

Answer 1

Caveat: you can't prevent users from pirating, but only make it easier for honest users to do the right thing.

Assuming you don't want to do a special build for each user, then:

• Generate yourself a secret key for the product
• Take the user's name
• Concatentate the users name and the secret key and hash with (for example) SHA1
• Unpack the SHA1 hash as an alphanumeric string. This is the individual user's "Product Key"
• Within the program, do the same hash, and compare with the product key. If equal, OK.

But, I repeat: this won't prevent piracy

---

I have recently read that this approach is not cryptographically very sound. But this solution is already weak (as the software itself has to include the secret key somewhere), so I don't think this discovery invalidates the solution as far as it goes.

Just thought I really ought to mention this, though; if you're planning to derive something else from this, beware.