Portable.Licensing is a cross platform software licensing framework which allows you to implement licensing into your application or library. It provides you all tools to create and validate licenses for your software.
Home Page: http://dev.nauck-it.de/projects/portable-licensing
License: MIT License
When validating a signature of a license where should I be storing the public key AND how do I know that the public key is even the one I published?
For example if I distribute my public key in my assembly as a string what prevents someone from just creating their own key pair, generating their own license, creating a signature for it and then replacing my public key in my assembly with their public key?
I think there needs to be some method for ensuring that the public key is authentic. e.g. the one I published.
What's stopping anyone from making there own public key file/license file to replace the public key distributed with your applications? What am I not seeing?
All someone needs to do it create a new key/license with your library
var keyGenerator = Portable.Licensing.Security.Cryptography.KeyGenerator.Create();
var keyPair = keyGenerator.GenerateKeyPair();
var privateKey = keyPair.ToEncryptedPrivateKeyString(passPhrase);
var publicKey = keyPair.ToPublicKeyString();
Make a new license like the one distributed with application
var license = License.New()
.WithUniqueIdentifier(Guid.NewGuid())
.As(LicenseType.Trial)
.ExpiresAt(DateTime.Now.AddDays(30))
.WithMaximumUtilization(5)
.WithProductFeatures(new Dictionary<string, string>
{
{"Sales Module", "yes"},
{"Purchase Module", "yes"},
{"Maximum Transactions", "10000"}
})
.LicensedTo("John Doe", "[email protected]")
.CreateAndSignWithPrivateKey(privateKey, passPhrase);
Copy that pub key into the application to replace the distributed public key and they can use a new license whenever they want. All they need to do is open the license file to see the format to recreate. I don't see how this enforced licensing.
The only way I see to make it more secure is to include the public key as a string in the application so it can't be replaced easily.
Do I understand this correctly?
IT TAKES ABOUT 10 seconds to crack!
this is an incredibly amazing library but it should be signed to prevent tampering!
thanks so much!
Is this project dead?
Why isn't there a more recent release then 2013 when the last commit was in 2015?
Hi, I apologise if this is an unbelievably stupid question but I was wondering if it was possible to use the public key that is generated and shipped with our code (using Portable.Licensing) to encrypt an attribute for the purpose of generating a machine specific license? We potentially do not want the user to know what attributes are being used for the purpose of validation. Can we use Portable.Licensing to do this.Any thoughts or advice welcomed.
Thanks,
Wilson
One of my application is built in 3.5, so i am not able to use Portable.Licensing with runtime 4.0.
Can you please suggest if Portable.licensing is available in 3.5?
Hello Daniel,
I try to export the keys that are generated by Portable.Licensing or to import keys that were generated with OpenSSL, but only get cryptic error messages. Do you have a hint how I can do this?
I want to issue licenses with a web application that doesn't run under asp.net
Thanks for your help!
Stefan
See https://github.com/gittools/GitLink
Happy to do a pr if you are interested.
Is it possible to generate activation keys that are based on clients CPU serial, motherboard serial etc..?
The project couldn't be built due to issues with packet, this was the error message:
The command ""C:\Users\Mohamed.Elshawaf\Downloads\Compressed\Portable.Licensing-develop.paket\paket.bootstrapper.exe"" exited with code 1.
I found out- from packet docs- that paket.bootstrapper.exe should be renamed to paket.exe, after renaming, the project has been built successfully (after re-installing nunit.framework)
I don’t see a role of any database (SQL Server , SQLite etc.). How do we achieve the following:
Would you be able to provide some sample code to include the Company name in the customer section of a license?
So rather than this:
Portable.Licensing.License lic = license.LicensedTo("Persons Name", "[email protected]");
I would like to do something like this:
Portable.Licensing.License lic = license.LicensedTo("Persons Name", "[email protected]", "Company Name");
But it doesn't seem to work that way.
Thanks
Hello,
I am very interested in your library. I tried to add it to my portable library, but Windows phone 8.1 is not added in your build.
Is there a chance that you add it and release a new version on nuget?
Thanks
The error messages:
'System.Collections.Generic.IEnumerable<Portable.Licensing.Validation.IValidationFailure>' does not contain a definition for 'Any' and no extension method 'Any' accepting a first argument of type 'System.Collections.Generic.IEnumerable<Portable.Licensing.Validation.IValidationFailure>' could be found (are you missing a using directive or an assembly reference?)
Any idea what might be going on here? Thanks.
Currently the library generates license file in xml format.
If the user attempts to edit the license xml(chances are high when trial time ended), but finally corrupted the file to be invalid xml, then License.Load will get uncaught System.Xml.XmlException.
It will be much better if catch the exception and return some type of IValidationFailure.
For example, the message "Licensing for this product has expired!" is not appropriate if the application targets a different language.
Maybe validation should return an enumeration and we should use some kind of dictionary to get the message, and how to resolve information.
In License.ExpirationDate it is explictly setting the given DateTime object to UTC.
However in the validation it is comparing against DateTime.Now (local time).
This cause cause interesting results based upon what timezone you are in. Is this a bug, or is this intentional?
When testing modifying the expiration date in the license file, it appears that the DateTime parsing exceptions are not handled and translated into a proper IValidationResult. Instead, an exception is thrown as soon as the result is accessed. An example exception: "String was not recognized as a valid DateTime because the day of week was incorrect."
I'm working around this by surrounding my validation check in a try block, but it would be nice for invalid expiration dates to trigger the normal "License signature validation error" message.
Great work, thanks for this!
Please provide a PHP library to manage license generation.
Due to lack of documentation in Portable.Licensing, I was wondering what does the .WithMaximumUtilization(1) would do when a license is generated? Does this mean the license allowed 1 installation? If this is the case how is it validated?
Dear All,
I'd like manage to software license by using this OSS.
Does anyone knows default credential of License.Manager?
I've faced problem while using License.Manager, but I am not able to access URL(http://dev.nauck-it.de/projects/portable-licensing).
There is not Issues tab for License.Manager OSS. That's why I wrote question here.
Thanks in advance.
Sincerely,
Following unit tests show AssertValidLicense method throwing exceptions when invalid public keys are given. Types of exceptions change depending on the given public key string.
I can add tests to the project to ensure the method does not throw when given unexpected parameters, if it fits the goals.
Exceptions are commented in the code:
[Fact]
public void ShouldNotThrow()
{
var passPhrase = "TopSecret";
var generator = KeyGenerator.Create();
var pair = generator.GenerateKeyPair();
var privateKey = pair.ToEncryptedPrivateKeyString(passPhrase);
var publicKey = pair.ToPublicKeyString();
var license = License.New().CreateAndSignWithPrivateKey(privateKey, passPhrase);
var errors = license.Validate().Signature("invalidKey").AssertValidLicense();
Assert.True(!errors.Any());
//ShouldNotThrow' failed: System.FormatException : Invalid length for a Base-64 char array or string.
// at System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
// at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
// at System.Convert.FromBase64String(String s)
// at Portable.Licensing.License.VerifySignature(String publicKey)
// at Portable.Licensing.Validation.LicenseValidationExtensions.<>c__DisplayClassd.<Signature>b__c(License license)
// at Portable.Licensing.Validation.ValidationChainBuilder.<AssertValidLicense>d__1.MoveNext()
// at System.Linq.Enumerable.Any[TSource](IEnumerable`1 source)
// LicenseClientTests.cs(96,0): at Biltera.Licensing.Client.Tests.LicenseClientTests.ShouldNotThrow()
//0 passed, 1 failed, 0 skipped, took 1,11 seconds (xUnit.net 2.0.0 build 2929).
}
[Fact]
public void ShouldNotThrow2()
{
var passPhrase = "TopSecret";
var generator = KeyGenerator.Create();
var pair = generator.GenerateKeyPair();
var privateKey = pair.ToEncryptedPrivateKeyString(passPhrase);
var publicKey = pair.ToPublicKeyString();
var license = License.New().CreateAndSignWithPrivateKey(privateKey, passPhrase);
var errors = license.Validate().Signature("invalidPublicKey").AssertValidLicense();
Assert.True(!errors.Any());
// ShouldNotThrow2' failed: System.IO.EndOfStreamException : DEF length 123 object truncated by 113
// at Org.BouncyCastle.Asn1.DefiniteLengthInputStream.ToArray()
// at Org.BouncyCastle.Asn1.Asn1StreamParser.ReadTaggedObject(Boolean constructed, Int32 tag)
// at Org.BouncyCastle.Asn1.Asn1InputStream.BuildObject(Int32 tag, Int32 tagNo, Int32 length)
// at Org.BouncyCastle.Asn1.Asn1InputStream.ReadObject()
// at Org.BouncyCastle.Asn1.Asn1Object.FromByteArray(Byte[] data)
// at Org.BouncyCastle.Security.PublicKeyFactory.CreateKey(Byte[] keyInfoData)
// at Portable.Licensing.License.VerifySignature(String publicKey)
// at Portable.Licensing.Validation.LicenseValidationExtensions.<>c__DisplayClassd.<Signature>b__c(License license)
// at Portable.Licensing.Validation.ValidationChainBuilder.<AssertValidLicense>d__1.MoveNext()
// at System.Linq.Enumerable.Any[TSource](IEnumerable`1 source)
// LicenseClientTests.cs(122,0): at Biltera.Licensing.Client.Tests.LicenseClientTests.ShouldNotThrow2()
//0 passed, 1 failed, 0 skipped, took 1,16 seconds (xUnit.net 2.0.0 build 2929).
}Hello Daniel;
How can I implement a sound licensing model (at a reasonable level) using Portable.Licensing? There are few considerations about the model I am looking for:
Should I utilize license Id and some kind of machine based property to validate the license with a server?
What is your suggestions for this kind of requirements? Does this sound right to you? I am not experienced in licensing so I am looking for your advice.
I can create a tutorial based on your suggestions and contribute to the project so that others can follow the tutorial and get an insight on how to implement a real-world licensing scenario.
Thanks for the great library and your precious time.
I Can't find anywhere what is the maximum utilization. What is it for?
Thanks
Are there any plans on making this library implement the .NET standard?
Also, has this project stalled and will you accept pull requests?
Thanks.
I had used 1.0 version in Win Forms project. Every thing worked on my machine.
But once I deployed application on my customer machine. Portable.Licensing started giving below errors.
Here reference to System.xml.linq.dll is added from Silverlight installation folder. Those machine doesen't have it installed it will fail there. It worked on my machine as I have it installed.
This reference should be added from :
C:\Program Files\Reference Assemblies\Microsoft\Framework.NETFramework\v4.0\System.Xml.Linq.dll
Curenlty it is -
Assembly Location - C:\Program Files\Microsoft SDKs\Silverlight\v4.0\Libraries\Client\System.Xml.Linq.dll
Assembly name - System.Xml.Linq, Version=2.0.5.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
Platform - Silverlight v4.0
System.IO.FileLoadException: Could not load file or assembly 'System.Xml.Linq, Version=2.0.5.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, Retargetable=Yes' or one of its dependencies. The given assembly name or codebase was invalid. (Exception from HRESULT: 0x80131047)
File name: 'System.Xml.Linq, Version=2.0.5.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, Retargetable=Yes'
at Portable.Licensing.License.Load(String xmlString)
The PR states that it will be backward compatible, but after migrating our project to dot.net 5.0 all previous licenses fail signature validation. Due to the fact they were signed with BouncyCastle key pair and now try to validate with OpenSsl. Give Asn1 corrupted error. I think BouncyCastle compresses the keys and OpenSSL doesn't. Maybe due to the fact that before it was forced to named elliptic curve and now in OpenSsl it is different one.
I wrote the below console application trying to test the implementaton of this. I have not been successful as i have been getting the "InvalidSignatureValidationErrorFailure" exception thrown.
I have pasted my code below. I appreciate any help you can give
static void Main(string[] args)
{
string path = @"C:\Development\Licenses\";
string fileName = "Licence.lic";
Console.WriteLine("Enter the application name:");
string appName = Console.ReadLine();
Console.WriteLine("Do you wish to create a new License? (Y/N):");
var createLicense = Console.ReadLine();
if (createLicense.Equals("Y"))
{
Console.WriteLine("Enter the customer company:");
var company = Console.ReadLine();
Console.WriteLine("Enter the customer full name:");
var fullname = Console.ReadLine();
Console.WriteLine("Enter the customer email:");
var email = Console.ReadLine();
Console.WriteLine("Enter the validity days before expiry (number of days):");
var days = Console.ReadLine();
Console.WriteLine("Enter the number of allowed uses of this license (numbers only):");
var count = Console.ReadLine();
var license = License.New();
license.LicensedTo(fullname, email);
if (days != null)
{
license = license.ExpiresAt(DateTime.Now.AddDays(Int32.Parse(days)));
}
var productFeatures = new Dictionary<string, string>
{
{"Version", "1.0"}
};
string passphrase = GeneratePassPhraseForProduct();
var keyPair = GenerateKeysForProduct(passphrase);
string privateKey = keyPair.ToEncryptedPrivateKeyString(passphrase);
string publicKey = keyPair.ToPublicKeyString();
var finalLicense = license.WithUniqueIdentifier(Guid.NewGuid())
.As(LicenseType.Standard)
.WithMaximumUtilization(1)
.WithProductFeatures(productFeatures)
.CreateAndSignWithPrivateKey(privateKey, passphrase);
Console.WriteLine("Private key: {0}", privateKey);
Console.WriteLine("Public key: {0}", publicKey);
System.IO.File.WriteAllText(path + string.Format("{0}-private-key.txt", appName), privateKey);
System.IO.File.WriteAllText(path + string.Format("{0}-public-key.txt", appName), publicKey);
File.WriteAllText(path + fileName, finalLicense.ToString(), Encoding.UTF8);
Console.WriteLine("License file successfully created");
Console.WriteLine("Do you wish to validate the licence? (Y/N)");
var validate = Console.ReadLine();
if (validate.Equals("Y"))
{
using (XmlReader reader = XmlReader.Create(path + fileName))
{
License readLicence = License.Load(reader);
var validationFailures = readLicence.Validate()
.ExpirationDate()
.When(lic => lic.Type == LicenseType.Trial)
.And()
.Signature(publicKey)
.AssertValidLicense().ToList();
foreach (var failure in validationFailures)
Console.WriteLine(failure.GetType().Name + ": " + failure.Message + " - " + failure.HowToResolve);
}
}
}
Console.WriteLine("Press any key to exit");
Console.ReadLine();
}
public static KeyPair GenerateKeysForProduct(string PassPhrase)
{
if (string.IsNullOrWhiteSpace(PassPhrase))
{
throw new Exception("No passphrase was given. Cannot generate keys.");
}
var keyGenerator = Portable.Licensing.Security.Cryptography.KeyGenerator.Create();
var keyPair = keyGenerator.GenerateKeyPair();
return keyPair;
}
public static string GeneratePassPhraseForProduct()
{
return Guid.NewGuid().ToString();
}`
System.ArgumentException: illegal object in GetInstance: DerOctetString
at Org.BouncyCastle.Asn1.DerBitString.GetInstance(Object obj)
at Org.BouncyCastle.Asn1.X509.SubjectPublicKeyInfo..ctor(Asn1Sequence seq)
at Org.BouncyCastle.Asn1.X509.SubjectPublicKeyInfo.GetInstance(Object obj)
at Org.BouncyCastle.Security.PublicKeyFactory.CreateKey(Byte[] keyInfoData)
at Portable.Licensing.Security.Cryptography.KeyFactory.FromPublicKeyString(String publicKey)
at Portable.Licensing.License.VerifySignature(String publicKey)
at Portable.Licensing.Validation.LicenseValidationExtensions.<>c__DisplayClassd.b__c(License license)
at Portable.Licensing.Validation.ValidationChainBuilder.d__1.MoveNext()
at LicenseGen.Program.Main(String[] args) in c:\Users\0xFireball\Programs\C#\ExaPhaser\Licensing\FireCryptEx\KeyGen\LicenseGen\Program.cs:line 39
Hi, please sign your assemblies (NuGet package)! Otherwise they can't be used in signed applications and unsigned applications can be subject to a spoofed vesion of your assembly!
thanks! regards, Tilli
I should add that I realize this isn't an 'Issue', more of a feature request, and could be a large effort, especially since this is cross platform.
Am I at least able to add my own assertion if I come up with my own mechanics for detecting system clock change?
http://www.pluralsight.com/courses/discussion/licensing-dotnet-applications
Hi.. Guess this discussion actually belongs here.
Is my comment valid?
Cheers & and thanks for portable.licensing
Steffen
Hi, could u help me with this error "'The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters"?
License was generated by Portable.Licensing 1.1.0 in .NET 7 console app and validation was by Portable.Licensing 1.1.0 in WPF app .NET 4.8.
We had an issue recently due to a configuration (the public key) being null. However, it was a bit weird to find the real issue because we got this:
[ERROR] [Orc.LicenseManager.Services.LicenseValidationService] [1] An error occurred while loading the license | [ArgumentNullException] System.ArgumentNullException: Value cannot be null.
Parameter name: s
at System.Convert.FromBase64String(String s)
at Portable.Licensing.License.VerifySignature(String publicKey)
at Portable.Licensing.Validation.ValidationChainBuilder.<AssertValidLicense>d__1.MoveNext()
at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)
at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)
at Orc.LicenseManager.Services.LicenseValidationService.ValidateLicense(String license) in c:\CI_WS\Ws\77085\Source\Orc_LicenseManager\src\Orc.LicenseManager.Client\Orc.LicenseManager.Client.Shared\Services\LicenseValidationService.cs:line 72
The real reason it fails is because the public key input is never checked in the license object. I think it would be a good idea to add a null reference check at the beginning of the method, or is this behavior intended?
Hi,
First thanks for this great and easy to use library.
The application I'm trying to release does not have any websites, and the trial edition is supposed to expire in 30 days after installation.
So I guess the Windows installer is supposed to generate the license file (any alternatives?). To do that I suppose I need to create a console application that generates the license and run it after installation is over. However that program will contain private key and pass phrase embedded into it, which is something I'm trying to avoid. Is there any advice or best practices on how to generate a license as part of Windows installer for apps that don't have a Web API?
How can i use it in production for example if i publish the application and make setup file how its works
Hi Daniel;
I have problem when testing expiration date with milliseconds. I know, no one will ever need to use milliseconds to set an expiration date but the issue makes writing tests hard.
Test code is below:
[Fact]
public void Expiration()
{
var passPhrase = "TopSecretPhrase";
var keyGen = KeyGenerator.Create();
var keyPair = keyGen.GenerateKeyPair();
var privateKey = keyPair.ToEncryptedPrivateKeyString(passPhrase);
var dateNoMs = DateTime.Parse("01.01.2015");
var licenseNoMs = License.New().ExpiresAt(dateNoMs).CreateAndSignWithPrivateKey(privateKey, passPhrase);
Assert.Equal(dateNoMs, licenseNoMs.Expiration); // Cool, no problem.
var dateWithMs = DateTime.Now; // Has milliseconds
var licenseWithMs = License.New().ExpiresAt(dateWithMs).CreateAndSignWithPrivateKey(privateKey, passPhrase);
Assert.Equal(dateWithMs, licenseWithMs.Expiration); // Fails
// Expected: 2015-05-08T17:43:51.9035841+03:00
// Actual: 2015-05-08T17:43:51.0000000+03:00
}
Using DateTimeStyles.RoundtripKind enum seems to solve the issue but the MSDN says it cannot be used with DateTimeStyles.AssumeUniversal.
While validating the License, following error is coming out:
InvalidSignatureValidationFailure: License signature validation error! - The license signature and data does not match. This usually happens when a license file is corrupted or has been altered.
Using the following code for validation:
string licPath = Server.MapPath("\LicenseFiles\License.lic");\LicenseFiles\public-key.txt");
var keypath = Server.MapPath("
string publicKey = System.IO.File.ReadAllText(keypath, System.Text.Encoding.UTF8);
StringBuilder sb = new StringBuilder();
using (XmlReader reader = XmlReader.Create(licPath))
{
License readLicence = License.Load(reader);
var validationFailures = readLicence.Validate()
.ExpirationDate()
.When(lic => lic.Type == LicenseType.Trial)
.And()
.Signature(publicKey)
.AssertValidLicense().ToList();
foreach (var failure in validationFailures)
sb.Append(failure.GetType().Name + ": " + failure.Message + " - " + failure.HowToResolve);
}
Can anybody suggest why is this happening?
@dnauck
I do not understand what I am doing wrong:
// make the keys
var KeyGenerator = Portable.Licensing.Security.Cryptography.KeyGenerator.Create();
var KeyPair = KeyGenerator.GenerateKeyPair();
var PrivateKey = KeyPair.ToEncryptedPrivateKeyString(Common.ID_ENCRYPTION_KEY);
var PublicKey = KeyPair.ToPublicKeyString();
// make a license
var L = License.New()
.WithUniqueIdentifier(Guid.NewGuid())
.As(LicenseType.Standard)
.ExpiresAt(DateTime.Now.AddDays(LICENSE_DAYS))
.WithProductFeatures(new Dictionary<string, string>
{
{ "Generated on", DateTime.UtcNow.ToString(CultureInfo.InvariantCulture) },
{ "ComputerId", ComputerId }
})
.CreateAndSignWithPrivateKey(PrivateKey, Common.ID_ENCRYPTION_KEY);
// save the license
using (var Writer = File.CreateText(LicenseFile))
{
L.Save(Writer);
}
// reload the license
var LicenseText = File.ReadAllText(LicenseFile, Encoding.UTF8);
var L1 = License.Load(LicenseText);
// validate it
var ValidationFailures = L1.Validate().Signature(PublicKey).AssertValidLicense();
foreach (var Failure in ValidationFailures)
{
Console.WriteLine(Failure.GetType().Name + ": " + Failure.Message + " - " + Failure.HowToResolve);
}
If I do this, it works.
Now, if I change the writing of the license to
Console.WriteLine(L.tostring())
and I paste the text as the license file (a.txt in my example), I get an invalid signature validation... I feel that I missed something very simple somewhere :)
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.