C
C#13mo ago
Danielx64

❔ guidance on protecting sensitive details (licence details) needed

Q: does anyone have any guidance on protecting sensitive details (licence name and serial) from being yanked from my app? Vendor says this "The first licensing option is to make a method call at app startup before any UI is referenced to register your license information. This option is quick and easy, and works best for scenarios where Actipro NuGet packages or build servers are used. See the "Licensing Via a RegisterLicense Call" section below for detailed information on this option. The second licensing option is to provide licensing via a licenses.licx file. This option is only available for classic .NET Framework applications that have direct assembly references, and is what Actipro exclusively used prior to v20.1. See the "Licensing Via a Licenses.licx File" section below for detailed information on this option" Further down the page it says this "It is important to protect your licensee and license key combination from decompilers. We highly recommend using some form of string encryption on the licensee and licenseKey values passed into the ActiproLicenseManager.RegisterLicense method. Many obfuscators include string encryption as an option, or you can use other custom logic to scramble/descramble the strings.'
4 Replies
Chiyoko_S
Chiyoko_S13mo ago
honestly it'd be really hard to really secure against that on a device where the user has full access to the device the app runs on it has to be decrypted at some point, a determined person can figure out where the encryption / decryption happens and just sniff the license keys when the key gets decrypted which is why people tend to store those kind of secrets on a server and lets the server perform on behalf of the client, but that doesn't really seem applicable here Obviously you'd want to avoid it just being visible as a plain-text all willy-nilly through decompilers... in which case you can use obfuscators or employ some sort of encryption method, but don't ever think it would be 100% secure
Danielx64
Danielx64OP13mo ago
Thanks @not Aoba , I did manage to find a bunch of encryption and decryption functions online so I might just bite the bullet and do that. I also have the option of using the Licence.licx file so that could be the way to go.
Accord
Accord13mo ago
Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.
Want results from more Discord servers?
Add your server