We moved
away from this for two reasons. First, we want to demonstrate how to use public key cryptography
in building control license schemes, and second, we want to solve the problem of how to
embed the key in the code without giving away the secrets to the operation. This is not to say
our approach is infallible or that private key techniques are any worse. Any technique chosen
can be broken with patience through a brute-force attack or similar means on the part of the
attacker. The purpose of encryption is to provide enough barriers to deter the effort for enough
time to make attack less likely.
The starting point with building the licensing system is to generate a public and private
key pair. An organization building a control library can use a tool such as the one we provide in
the sample code project to generate all the necessary data. The control provider then keeps the
generated private key in a secure location, so it is safe from loss and is not compromised. The
public key is inserted into the metadata of the control in an XML format for use as part of the
CHAPTER 13 ?– P ACKAGI NG AND DEPLOYMENT 683
license validation process. We also take the extra step of inserting a GUID metadata value into
the control to give us a way to version licenses without having to continually regenerate public/
private key pairs.
Pages:
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869