I want to use RSA to protect license files in an application. The idea is as follows:
- Create a license file (plaintext).
- Create an RSA-keypair.
- Use the public key to encrypt the license file.
- Put the private key in the binary of the application.
- The application can then decode the license file and start running.
The thing is that I have to ship the private key with my application. Is that a problem if I keep the public key secret?
If not, what other good (enough) schemes exist to create a license-file system?
It is possible to recover a public key from a private key, so having the private key embedded in the application would be as good as publishing both the private and public keys in cleartext (modulo the effort of hacking the private key out of the binary).
Many people resort to obfuscation in these situations. Other solutions would be a hardware token, network authentication, or an off-the-shelf license management system.
This might provide some ideas about how other people are using public-key cryptography to create license file systems: http://www.codeproject.com/Articles/203840/RSA-License-Protection
来源:https://stackoverflow.com/questions/11413446/using-rsa-to-protect-license-files