Any questions? Ask us: support@enigmaprotector.com

Proper use of serverside verification

Post here any topics that related to Enigma Protector, its functionality, your misunderstanding, offers to improvements etc etc etc

Proper use of serverside verification

Postby TechnoMan » Fri Nov 08, 2013 5:40 pm

Hello,

as i can see the only available way to use registration keys is by using that offline algorithm.

Unfortunately we need to sell our keys on a online site (unfortunately we also can't use a special algorithm cause our application gets reselled too).

Now i ask myself what would the proper way to handle this.

I guess the solution would be to do this check directly in the protected file by creating a own prompt (for the key) and send this key to our servers in order to verify them.

But there is one problem. Network sniffing & manipulation.

How could we handle this properly?

Thank you very much.
TechnoMan
 
Posts: 12
Joined: Fri Nov 08, 2013 5:32 pm

Re: Proper use of serverside verification

Postby Enigma » Mon Nov 11, 2013 1:06 pm

Hi TechnoMan,

Just to let you know, we have special product called Online Activation Panel that works together with the special version of Enigma Protector and that allows online activation, integration to payment systems for automatic orders processing and locking license to particular computer. If you would like to use ready made solution, you may take a look at this product: http://enigmaprotector.com/en/aboutoap.html

OK, if you would like to make such system yourself, then I could give you some advices.
- first of all, you should use hardware locked license keys. This solution will make it useless to sniff and manipulate the network. Imagine, user has an activation code that will be valid for activation of the program on the one computer only. So, program has to send activation code and hardware id (this is unique computer identifier generated by protection, you may get it using Enigma API function EP_RegHardwareID). Server checks if this activation id had not need already used. If it is not used, then server has to create a key for program, based on the hardware id. For server side keys generator I recommend you to use cgi keys generator available for Enigma Protector (see Examples folder). Then server has to send name and key back to program. Program has to register using EP_RegCheckAndSaveKey function. This is standard algorithm of software online activation.

If you will have more specific questions - feel free to ask me.
Enigma
Site Admin
 
Posts: 2182
Joined: Wed Aug 20, 2008 2:24 pm


Return to Basic

Who is online

Users browsing this forum: Majestic-12 [Bot], Yahoo [Bot] and 12 guests

cron