Creating an activation key generator in JAVA

Question

Creating an activation key generator in JAVA

I want to create a key generator for my telephone applications. I am currently using an external service to do this work, but I'm a little worried that the service might shut down one day, so I will be a little pickle.

How authentication works.

The public key stored on the phone.
When the user requests a key, the “Phone Identifier” is sent to the “key generation service”, and the encrypted key key is returned and stored inside the license file.
On the phone, I can check if there is a key for the current phone using the getPhoneId () method, which I can check with the current phone and provide or not grant access to the functions.

I like it and it works well, however I want to create my own “key generation service” on my own website.

Requirements:

Public and private key
Encryption: (Bouncy Castle)
Written in JAVA
Must support getApplicationId () (so that many applications can use the same key generator) and getPhoneId () (to get the phone ID from an encrypted license file)
I want to be able to send ApplicationId and PhoneId to a service to generate a license key.

Can someone give me some guidance on how to do this? I tried using java encryption but definitely not an expert and can not find anything that will help me.

I will need to use the list of Java classes that I need to instantiate.

+5

java authentication cryptography encryption

jax 24 '10 7:39

2

sfussenegger · Answer 1 · 2010-06-16T07:02:35+0000

, . , , . , , - - , , , downvoting;)

RSA, , , , . , .

Java, ( Signature Sign and Verify):

import java.security.*;

public class Main {
  public static void main(String args[]) throws Exception {
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

    // our server, imagine it a webservice
    KeyServer server = new KeyServer(42);

    // init client with a copy of public key from server
    KeyClient client = new KeyClient(server.getPublicKey());

    // create string that identifies phone and application
    byte[] data = (getPhoneId() + ":" + getApplicationId()).getBytes("utf-8");

    // send data to server for signature creation
    byte[] digitalSignature = server.signData(data);

    // verify on client side
    System.out.println("verified = " + client.verifySig(data, digitalSignature));

    // bad data
    byte[] wrongData = ("anotherPhoneId" + ":" + getApplicationId()).getBytes("utf-8");
    System.out.println("verified = " + client.verifySig(wrongData, digitalSignature));

    // bad signature
    digitalSignature[5] = (byte) 0xff;
    System.out.println("verified = " + client.verifySig(data, digitalSignature));
  }

  private static String getPhoneId() {
    return "somephone";
  }

  private static String getApplicationId() {
    return "someapp";
  }

  public static class KeyClient {

    private PublicKey _publicKey;
    private Signature _signer;

    public KeyClient(PublicKey publicKey) {
      if (publicKey == null) {
        throw new NullPointerException("publicKey");
      }
      _publicKey = publicKey;

      try {
        _signer = Signature.getInstance("SHA1withRSA");
      } catch (NoSuchAlgorithmException e) {
        throw new RuntimeException("failed to get Signature", e);
      }
    }

    public boolean verifySig(byte[] data, byte[] sig) throws Exception {
      synchronized (_signer) {
        _signer.initVerify(_publicKey);
        _signer.update(data);
        return (_signer.verify(sig));
      }
    }
  }

  public static class KeyServer {

    private KeyPair _keyPair;
    private Signature _signer;

    public KeyServer(int seed) {
      try {
        _keyPair = generateKeyPair(seed);
      } catch (Exception e) {
        throw new RuntimeException("failed to generate key pair for seed " + seed, e);
      }

      try {
        _signer = Signature.getInstance("SHA1withRSA");
      } catch (NoSuchAlgorithmException e) {
        throw new RuntimeException("failed to get Signature", e);
      }
    }

    public PublicKey getPublicKey() {
      return _keyPair.getPublic();
    }

    public byte[] signData(byte[] data) throws InvalidKeyException, SignatureException {
      synchronized (_signer) {
        _signer.initSign(_keyPair.getPrivate());
        _signer.update(data);
        return (_signer.sign());
      }
    }

    private KeyPair generateKeyPair(long seed) throws Exception {
      KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance("RSA");
      SecureRandom rng = SecureRandom.getInstance("SHA1PRNG", "SUN");
      rng.setSeed(seed);
      keyGenerator.initialize(2048, rng);
      return (keyGenerator.generateKeyPair());
    }

  }
}

Gabriel Ščerbák · Answer 2 · 2010-06-20T01:26:13+0000

, , , , , , (, ), -, . , , .

, , .

Creating an activation key generator in JAVA

More articles: