-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Usman Riaz schrieb: > I believe with signing the > license information (correct me if I am wrong), I have to provide the > actually license info/data (in plain clear text) along with the data > generated during the signing process. Yes.
> The problem with this approach is, > that providing the license info in clear text I think will make it > little more tempting & almost all the softwares that I have used, > don't supply license info in clear text. To what could the user be tempted ? To generate an own license ? For that he needs your private key, and if he has that, you have lost anyway... if you really do not want the license data to be readable in plain text, you may obfuscate it in some way (ROT-13, base64,...) The question here is: What do you gain from encrypting the license information ? Unencrypted license information has the advantage that your user in case of an license error may look into the license file and see something like: product: not working piece of junk version: 0.99.8.123a company: Stupid Loosers Inc. user: Brain Dead IP: 192.168.1.1 from: 2007-01-01 until: 2008-01-01 key: fgjfgjfghhjsdfgjfhjkasdrt6be78utxdyvtdr6zungzbxcdbzr6... Indicating that user "Brain Dead", working in company "Stupid Loosers Inc." may use the software "not working piece of junk" starting with version "0.99.8.123a" on the host with the IP address "192.168.1.1" from 2007-01-01 until 2008-01-01. > Even though I agree the customer > should know what is in the license information thats why my software > will display info about it, after reading the license data but how > this license info is interpreted & transformed from one form to > another should be left to the software vendor. Naturally. The way you store the license data in the license file is completely to be defined by the vendor. But from the point of security you gain nothing from adding some encryption to the license data. Bye Goetz - -- DMCA: The greed of the few outweights the freedom of the many -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGEqdS2iGqZUF3qPYRAsZuAJwOVC5BmtleLurf4Ony8WLIBUf2zwCcCCe0 ORwK5B07Xb4DTYh1Kek3h54= =cDgq -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
