Storing sensitive data in signed-XML format has been around for quite some time and Rhino Licensing uses the same technique to generate application licensing data. To protect the license file from any manipulation, license file will be signed using a digital signatures. The algorithm used to sign the license file is RSA which is an asymmetric algorithm. This means the key that is used to sign the file has a public and private part and theoretically it would not be possible to manipulate the license file using only one part of the key.
Although mathematically this method is impossible to break, the license file generated by Rhino Licensing can be transferred to other computers so the person who purchases a license may resell the license or release it to others over the internet. To work around this problem, generated license file can be tied to individual's machine by following matters:
- Tie the generated license to individual's machine using machine unique identifier such as computer SID, HDD serial number, CPU Identifier, etc.
Use float licenses and check the availability of the license on the server at runtime.
Rhino Licensing provides necessary infrastructure for you to achieve this.
- Include custom data in the license file so you have the ability to easily store your customer information in the license file.
With all these said, having a licensing scheme on your application does not mean you are completely safe. Hackers and crackers try to reverse engineer your application code to see how the licensing is done, so you make look into other security concerns and it is advised to use an obfuscation tool to make this harder for malicious users.