I am trying to figure out a way to stop people faking the license file that comes with my software. I watched RSA and used a signature to verify the data.
Now, from my understanding, I basically have some data (license file), and I use the RSAryptoServiceProvider SignData method to create a signature for the public and private key data that was created using ExportParameters (true).
Then I would provide the license file and public key using software so that I can check the data (license) on the client using VerifyData, but that should stop the user creating their own public / private key pair and recreate the data and just overwrite the public key and data?
I read and did some search queries, but I still stick to this, I'm pretty new to encryption and signing, but I need to understand this.
I know that it's almost impossible to protect a license such as a file, as if they just wanted to decompile the code and delete the checks, so I just want it hard for them to abuse the software, I don’t want them to they could simply compose their own license or transfer one license to another machine.
Can someone point me in the right direction or offer some advice?
Thank.
source
share