[pmwiki-users] OT: Public key cryptography in PHP?
Thomas -Balu- Walter
list+pmwiki-users at b-a-l-u.de
Sat Jul 30 17:00:00 CDT 2005
Hey everyone,
this is fairly off topic, so if you don't think it needs to be discussed
here, please send me a personal mail.
I needed to create some kind of license key mechanism for a commercial
software in PHP. So far the software uses a very obscure mechanism:
generate a MD5 hash based on the actual timestamp, modify some bytes and
add a simple checksum. This method generates a nice randomly looking
key.
But since the PHP code itself is kept open people can easily disable the
key checking mechanism. This can not be easily defeated, but it is a
minor problem. They can also analyze the fairly easy mechanism and start
creating (and selling) keys which is worse of course.
This can also be easily catched, since the key was not created on the
central server and can be identified as a fooled.
However while working on this issue I thought wether there are any
methods of having a fast and easy public key mechanisms in PHP.
E.g. I have some kind of license file and sign it with a private key.
The delivered software could now check the signature using the public
key, but no one could fake the signature without getting the private
key.
Any cryptographic experts here that can point me to interesting
ressources? :)
Balu
More information about the pmwiki-users
mailing list