
Using Apple Security Framework for software registration.

For those needing a software registration system which prevents people from giving away your app, this method might be of help.

No cost: you don't need a server and you don't need to pay for some wrapper service to protect your software.

The concept is extremely simple. You fingerprint your client machine and issue a license based on that fingerprint. 

You have just one variable that is completely under your control (the master lock). The nice thing about this approach is that even though the source code is published, without knowing the master lock, no one can duplicate the license you issue.

When I started this, I couldn't get it to work. It is simply my rusty C and lack of knowledge. After I did the Open SSL version I went back and got it working. So this version utilizes Apple Security Framework.

Why am I doing two versions? After I finished the Open SSL version I realized that in the future, Apple might restrict how the unix commands are used (or what it is allowed or not allowed to do). So I figured an alternative might be in order.

For me it was a little more work and I am hoping one day Bernie with his magic would create a header file that will allow us to get rid of most of the code in here (the C Wrappers).

There are two source files included in the package.

The first one "fingerprinter-security" is the client side app. This is the "include" code you will have inside your app used by your clients (the source is well commented and pretty much self explanatory).

The second one "KeyGen-Security" is the key issuing authority. This is where you receive your client "fingerprint" of their machine and issue a license key. This app obviously will never leave your possession. It generates your private key which will stay on your Mac. While the public key, you will include in your app (and share with your client without them knowing).

Both source are commented to death and should be self explanatory but here is a checklist:

It should be noted that the three files involved all have the prefix "s" to differentiate it from the Open SSL version (spublic.txt, sprivate.txt, and spref.txt).

Implementation:

-------------------------------
In the KeyGen-Security program:
-------------------------------
 (FIRST RUN CHECKLIST):

   1. Set gGenerateNewKeys = YES
   2. Set gMasterLock to your private secret code
	(this can be a product code but it MUST match
	 on the client app side)
   3. Run — and click [Generate]

Ignore all output except the "Public Key" box.
Copy the public key into a text file and save it.

-----------------------------
In the FingerPrinter program:
-----------------------------

Remove everything below the comment 
// END fingerPrinter-Security. The rest is UI

Save As.. "Client-Sec.Incl"

Client-Sec.incl needs customization for your product. 
The first is to set the constant "gPublicKey"
Open the text file that has your public key saved from 
Step 3 above. 

Paste this line between the quotes of the sample gPublicKey.
(making sure the string begins with @" and ends with ".

NOTE: If you lost your public key info, 
in the Finder use Shift-command-G (Goto Folder..) and enter:
"/Users/<your user name>/Library/Application Support/guid"
It is in the file "spublic.txt"

Set the variable gMasterLock to your secret code or product code
from Step 2 above. Add comments so you know exactly for what 
product this include will be.

Do a global replace for "guid" to your app code. If you already
have preferences saved into the app support directory, use the
same folder.

This "Client-Sec.incl" now is ready for your product.

You don't have to do anything but include this file as one of the
first include in your project
------------ end of customizing "Client-Sec.incl"-----------

In your app, you must decide how you want to present the 
registration screen.

The easiest is probably just a dialog panel displaying the
client "fingerprint" on the top in a textfield. you can 
call it "Serial Number:" or whatever wording you decided.
Just make sure the user can select it to copy:

Textlabel _fingerprint,@"", rect, wndTag
TextFieldSetSelectable(_fingerprint, YES )

Underneath it, you can have another textfield or textview
big enough to receive the license key you would supply. 

Lastly a button to [Register]

Action needed:

a. Fill the text label with the fingerprint:

CFStringRef fingerPrint, theKey
fingerPrint = fn MakeFingerPrint
TextLabel _fingerprint,fingerprint, rect, wndTag

b. In the dialog, when register is clicked
 
theKey = textview(_licenseTxt )
fn WriteRegistration ( theKey )

At any time you need to verify the licence, just call:

verified = fn VerifyLicense

verified will be a 1 or 0 for valid and invalid license.

That's about it. See the sample user interface in the fingerPrinter.
-------------------------------------------------------

-------------------------------
In the KeyGen-Security program:
-------------------------------
(a non first run)

   4. Set gGenerateNewKeys = NO (for all future runs)

 SUBSEQUENT RUNS (signing a new license):

   5. Leave gGenerateNewKeys = NO
   6. Fill in / Paste the Fingerprint that your client supply
   7. Ensure gMasterLock code is IDENTICAL to the
      one in your client app

When the user supply you with a serial number (fingerprint)
simply enter this number and

   8. Run — and click [Generate]
      This signs and writes spref.txt to your guid folder
			(so you can verify it)
   9. Send the text to the user (step b above).

That's it, pretty much automatic.

If you have a client database, add the fingerprint and license text so you can always resuply it to this client. If it doesn't work then you know the client has moved the app to another machine.

What you do when you encounter an invalid, altered, or copied license is up to you. If you have a "crippled" demo mode, you may want to default to that. 
