生成许可密钥的方法有很多，但真正安全的方法很少。这很遗憾，因为对于公司来说，许可证密钥的价值几乎与真正的现金相同。

理想情况下，您希望您的许可密钥具有以下属性:

Only your company should be able to generate license keys for your products, even if someone completely reverse engineers your products (which WILL happen, I speak from experience). Obfuscating the algorithm or hiding an encryption key within your software is really out of the question if you are serious about controlling licensing. If your product is successful, someone will make a key generator in a matter of days from release. A license key should be useable on only one computer (or at least you should be able to control this very tightly) A license key should be short and easy to type or dictate over the phone. You don't want every customer calling the technical support because they don't understand if the key contains a "l" or a "1". Your support department would thank you for this, and you will have lower costs in this area.

那么如何解决这些挑战呢?

The answer is simple but technically challenging: digital signatures using public key cryptography. Your license keys should be in fact signed "documents", containing some useful data, signed with your company's private key. The signatures should be part of the license key. The product should validate the license keys with the corresponding public key. This way, even if someone has full access to your product's logic, they cannot generate license keys because they don't have the private key. A license key would look like this: BASE32(CONCAT(DATA, PRIVATE_KEY_ENCRYPTED(HASH(DATA)))) The biggest challenge here is that the classical public key algorithms have large signature sizes. RSA512 has an 1024-bit signature. You don't want your license keys to have hundreds of characters. One of the most powerful approaches is to use elliptic curve cryptography (with careful implementations to avoid the existing patents). ECC keys are like 6 times shorter than RSA keys, for the same strength. You can further reduce the signature sizes using algorithms like the Schnorr digital signature algorithm (patent expired in 2008 - good :) ) This is achievable by product activation (Windows is a good example). Basically, for a customer with a valid license key, you need to generate some "activation data" which is a signed message embedding the computer's hardware id as the signed data. This is usually done over the internet, but only ONCE: the product sends the license key and the computer hardware id to an activation server, and the activation server sends back the signed message (which can also be made short and easy to dictate over the phone). From that moment on, the product does not check the license key at startup, but the activation data, which needs the computer to be the same in order to validate (otherwise, the DATA would be different and the digital signature would not validate). Note that the activation data checking do not require verification over the Internet: it is sufficient to verify the digital signature of the activation data with the public key already embedded in the product. Well, just eliminate redundant characters like "1", "l", "0", "o" from your keys. Split the license key string into groups of characters.

我以前用过Crypkey。这是许多可用的之一。

使用任何许可方案，您只能在一定程度上保护软件。

我通过将我的程序与一个不和谐的服务器连接来解决这个问题，它在一个特定的聊天中检查用户输入的产品密钥是否存在并且仍然有效。通过这种方式获得产品密钥，用户将被迫破解不和谐，这是非常困难的。

简单的答案-无论你使用什么方案都可以被破解。

不要用一个旨在防止黑客的系统来惩罚诚实的客户，因为黑客无论如何都会破解它。

一个简单的散列代码绑定到他们的电子邮件或类似的可能就足够了。当人们需要重新安装或更新硬件时，基于硬件的id总是会成为一个问题。

关于这个问题的好帖子: http://discuss.joelonsoftware.com/default.asp?biz.5.82298.34

我已经在我公司的软件(c# .net)上实现了基于互联网的一次性激活，它需要一个许可证密钥，该密钥指向存储在服务器数据库中的许可证。软件用密钥攻击服务器，并获得许可信息，然后使用客户端计算机上的一些变量(CPUID和其他不经常更改的东西的组合)生成的RSA密钥在本地加密，然后将其存储在注册表中。

它需要一些服务器端编码，但它对我们来说工作得非常好，当我们扩展到基于浏览器的软件时，我能够使用相同的系统。它也给你的销售人员提供了关于谁，在哪里，什么时候使用软件的很好的信息。任何只在本地处理的许可系统都很容易被利用，特别是在。net中反射时。但是，正如其他人所说，没有一个系统是完全安全的。

在我看来，如果你不使用基于网络的授权，保护软件就没有任何意义。由于数字版权管理可能引起的头痛，这对已经为此付费的用户来说是不公平的。

要做到你所要求的一切，唯一的方法就是要求互联网接入和服务器验证。应用程序需要使用密钥登录到服务器，然后需要存储会话详细信息，如IP地址。这将防止密钥在多台不同的机器上使用。这通常不太受应用程序用户的欢迎，除非这是一个非常昂贵和复杂的应用程序，否则不值得这样做。

您可以只拥有应用程序的许可密钥，然后检查客户端密钥是否有效，但是很容易将此密钥分发给其他用户，并且可以使用反编译器生成新密钥。