
Using Open SSL for software registration.

For those needing a software registration system which prevents people from giving away your app, this method might be of help.

No cost: you don't need a server and you don't need to pay for some wrapper service to protect your software.

The concept is extremely simple. You fingerprint your client machine and issue a license based on that fingerprint. 

You have just one variable that is completely under your control (the master lock). The nice thing about this approach is that even though the source code is published, without knowing the master lock, no one can duplicate the license you issue.

I started using the Apple Security framework but ran into a couple of hickups which made me uncomfortable. Apple past history of abandonment of support helped me to make up my mind to use Open SSL. This is free and has been included on the Mac for ages. Since it is one of NIST standard, it is unlikely it will be abandoned by anyone who needs to be "government compliant".

There are two source files included in the package.

The first one "fingerprinter" is the client side app. This is the "include" code you will have inside your app used by your clients (the source is well commented and pretty much self explanatory).

The second one "KeyGen-OpenSSL" is the key issuing authority. This is where you receive your client "fingerprint" of their machine and issue a license key. This app obviously will never leave your possession. It generates your private key which will stay on your Mac. While the public key, you will include in your app (and share with your client without them knowing).

Both source are commented to death and should be self explanatory but here is a checklist:

Implementation:

------------------------------
In the KeyGen_OpenSSL program:
------------------------------
 (FIRST RUN CHECKLIST):

   1. Set gGenerateNewKeys = YES
   2. Set gMasterLock to your private secret code
	(this can be a product code but it MUST match
	 on the client app side)
   3. Run — and click [Generate]

Ignore all output except the "Public Key" box.
Copy the public key into a text file and save it.

-----------------------------
In the FingerPrinter program:
-----------------------------

Remove everything below the comment 
// END fingerPrinter. The rest is UI

Save As.. "Client.Incl"

Client.incl needs customization for your product. 
The first is to set the constant "gPublicKey"
Open the text file that has your public key saved from 
Step 3 above. Paste this underneath the existing
gPublicKey so you can keep an eye on the format before
deleting the sample.

Paste this block. Add a new line (\n) and line continuation (option-L) 
on each line (except for the last line).
(making sure the string begins with @" and ends with ".

It should look something like this:

CFStringRef gPublicKey = @"-----BEGIN PUBLIC KEY-----\n¬
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8xZ8BdbgLAlFKgDjnp4\n¬
xGHTR1I8MPNRKSsh9+85XwGNXXZWV7qos01dhmDvpMoLemsrUH0CsALIOC+aBOuq\n¬
u5VATSXVuMsLOaTl3WR4+Gy6JpfN3AQo2gDFSgK170N0qEf6dw8x3X98fdOjXzoM\n¬
+x71yyT5HDY2854FDXeFPGONErKSU7jchJPh36FQXzR9BPurhFXvbMDPTCVjrvsA\n¬
QVGC3omjugSpiw7Higue1u1nBxVGwcWA5n4yapsjGJgansBuSppwepwFfabExdVV\n¬
sUFluFH1qf8kHV7v9xpeiu17CnASCCuxdXseCPT4V9PWd/YKf4IpcL9FSr+OyjiI\n¬
cQIDAQAB\n¬
-----END PUBLIC KEY-----"


NOTE: If you lost your public key info, 
in the Finder use Shift-command-G (Goto Folder..) and enter:
"/Users/<your user name>/Library/Application Support/guid"
It is in the file "public.txt"

Set the variable gMasterLock to your secret code or product code
from Step 2 above. Add comments so you know exactly for what 
product this include will be.

Do a global replace for "guid" to your app code. If you already
have preferences saved into the app support directory, use the
same folder.

This "Client.incl" now is ready for your product.

You don't have to do anything but include this file as one of the
first include in your project
------------ end of customizing "Client.incl"-----------

In your app, you must decide how you want to present the 
registration screen.

The easiest is probably just a dialog panel displaying the
client "fingerprint" on the top in a textfield. you can 
call it "Serial Number:" or whatever wording you decided.
Just make sure the user can select it to copy:

Textlabel _fingerprint,@"", rect, wndTag
TextFieldSetSelectable(_fingerprint, YES )

Underneath it, you can have another textfield or textview
big enough to receive the license key you would supply. 

Lastly a button to [Register]

Action needed:

a. Fill the text label with the fingerprint:

CFStringRef fingerPrint, theKey
fingerPrint = fn MakeFingerPrint
TextLabel _fingerprint,fingerprint, rect, wndTag

b. In the dialog, when register is clicked
 
theKey = textview(_licenseTxt )
fn WriteRegistration ( theKey )

At any time you need to verify the licence, just call:

verified = fn VerifyLicense

verified will be a 1 or 0 for valid and invalid license.

That's about it. See the sample user interface in the fingerPrinter.
-------------------------------------------------------

------------------------
In the KeyGen program:
------------------------
(a non first run)

   4. Set gGenerateNewKeys = NO (for all future runs)

 SUBSEQUENT RUNS (signing a new license):

   5. Leave gGenerateNewKeys = NO
   6. Fill in kFingerprint that your client supply
   7. Ensure gMasterLock code is IDENTICAL to the
      one in your client app

When the user supply you with a serial number (fingerprint)
simply enter this number

   8. Run — and click [Generate]
      This signs and writes pref.txt to your guid folder
			(so you can verify it)
   9. Send the text to the user (step b above).

That's it, pretty much automatic.

If you have a client database, add the fingerprint and license text so you can always resuply it to this client. If it doesn't work then you know the client has moved the app to another machine.

What you do when you encounter an invalid, altered, or copied license is up to you. If you have a "crippled" demo mode, you may want to default to that. 
