Java License Manager
A while back I wrote a licensing mechanism for studio for kdb+. This was based on a fairly simple concept - a digitally signed properties file. The process of protecting a java program with this concept involves the following steps:
1) Create a private/public key pair
2) Use the private key to sign the properties file
3) Embed the public key and some code to verify the signature into the end product
I chose to use a properties file as that is well supported in the java world, and programmers can use the key/value pairs in the file with some confidence that they have not been changed since issue. The programmer can then extend the functionality according to what features they require - e.g. disable certain features if the license type is an evaluation license, or restrict the usage to a specific user login, or ip address or domain etc.
I have made this code freely available without warranty and under license. You must agree with these license terms before downloading. It can be downloaded from here.
I have included 3 sample programs with the source.
To begin with, you should generate the public/private key pair by running
de.skelton.license.SampleKeyPairGenerator
This will generate 2 keys, output to the console as follows
Private key:3082014b0201003082012c0…
Public key:308201b73082012c06072a…
Copy the private key into the
de.skelton.license.SamplePublisher
class, as
public class SamplePublisher
{
private static String privateKeyHex=”3082014b020100…
and recompile that class. At some point you may wish to change this code to read the keys from a key file or database.
You can then run SamplePublisher giving it an input properties file and an output filename. e.g.
java de.skelton.license.SamplePublisher license_in.txt license_out.txt
This will take the contents of the input properties file, calculate the digital signature for it using the private key, and then write out the properties file including the signature (under the property name ‘key’) to the output filename.
The next step is to take the public key and embed that into the
de.skelton.license.SampleConsumer
class, as
public class SampleConsumer
{
private static String publicKeyHex=”308201b830820…
and recompile that class.
If you now invoke that class and give it the file generated using the Publisher, it will load the properties file, locate the digital signature, and then verifies that this signature matches the contents of the file, i.e. that the file has not been changed since signing. Once you have a validated properties file you can pursue checking whatever license restrictions you wish to enforce, e.g. ip address restriction.
Things to be aware of:
1) You should NOT publish your private key.
2) You should obfuscate your code. I use Zelix Klassmaster.
3) You do not need to distrubute all these classes - e.g. LicenseCreator class