Key Generator
Moderator: General Moderators
- Jonah Bron
- DevNet Master
- Posts: 2764
- Joined: Thu Mar 15, 2007 6:28 pm
- Location: Redding, California
Key Generator
I'm working on an application that sells product keys. I want it to generate one as soon as the payment is made. All it has to do is create a random key, and store it in a database. But I don't know what sort of pattern the model would be. How would you structure something like that?
Edit: I've got a hunch that it's supposed to be two models: keyGenerator and keyStore/keyRecord (or something like that).
Edit: I've got a hunch that it's supposed to be two models: keyGenerator and keyStore/keyRecord (or something like that).
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Re: Key Generator
Your question isn't clear to me. Perhaps you can re-word it for my benefit?
- Jonah Bron
- DevNet Master
- Posts: 2764
- Joined: Thu Mar 15, 2007 6:28 pm
- Location: Redding, California
Re: Key Generator
Okay, let me take another whirl at it 
My application sells product keys to customers. I need to develop a set of domain models to handle key generation, key encapsulation, and key searching. How would you structure that sort of thing?
This is what I'm thinking:
My application sells product keys to customers. I need to develop a set of domain models to handle key generation, key encapsulation, and key searching. How would you structure that sort of thing?
This is what I'm thinking:
Code: Select all
class keyManagerModel {
find()
generateKey()
saveKey()
}
class keyModel {
...
}- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Re: Key Generator
I'm not sure what you meant by key encapsulation, so I will just ignore that. However, I would separate the generator from the key model. Your models generally shouldn't know how to generate their entities, only save them. I wouldn't expect the key generator to be a model either, it doesn't represent an entity, it only generates them.
Code: Select all
class KeyGenerator {
generateKey();
}Code: Select all
class KeyModel {
find();
save();
}- Jonah Bron
- DevNet Master
- Posts: 2764
- Joined: Thu Mar 15, 2007 6:28 pm
- Location: Redding, California
Re: Key Generator
Okay, that's exactly what I was looking for. By "key encapsulation", I meant a domain model to represent the key itself (and all it's sibling data).
- Jonah Bron
- DevNet Master
- Posts: 2764
- Joined: Thu Mar 15, 2007 6:28 pm
- Location: Redding, California
Re: Key Generator
Related question: should the KeyGenerator be a model, or a library? Or a combination of both?
- Jonah Bron
- DevNet Master
- Posts: 2764
- Joined: Thu Mar 15, 2007 6:28 pm
- Location: Redding, California
Re: Key Generator
In the classes in your post, one of them is KeyModel. What's the best way to represent the key data itself?
Update: here's what I have so far:
[text]class KeyManagerModel {
findById($id);
findByKey($key);
saveKey($key);
}[/text]
[text]class KeyGeneratorModel {
setKeyManager($keyManager);
createAndSaveKey($keyData);
}[/text]
The KeyGenerator depends on KeyManager to make sure that the key is unique, and to save it immediately; that's what setKeyManager() is for.
Update: here's what I have so far:
[text]class KeyManagerModel {
findById($id);
findByKey($key);
saveKey($key);
}[/text]
[text]class KeyGeneratorModel {
setKeyManager($keyManager);
createAndSaveKey($keyData);
}[/text]
The KeyGenerator depends on KeyManager to make sure that the key is unique, and to save it immediately; that's what setKeyManager() is for.
Re: Key Generator
Is there a reason you are generating an entity for product key? Why not just have a Guid property on the product?
- Jonah Bron
- DevNet Master
- Posts: 2764
- Joined: Thu Mar 15, 2007 6:28 pm
- Location: Redding, California
Re: Key Generator
Come again?Jenk wrote:Why not just have a Guid property on the product?
Re: Key Generator
Sorry, a Guid.. Globally Unique ID, aka uuid. I'm using .NET fulltime and it just rolls off the tongue/finger tips now. 
- Jonah Bron
- DevNet Master
- Posts: 2764
- Joined: Thu Mar 15, 2007 6:28 pm
- Location: Redding, California
Re: Key Generator
Oh, no, yeah, I know what a GUID is, I just don't quite understand what you mean? Like, embed the key in the software itself?
Edit: perhaps the confusion is the fact that I haven't conveyed that this is a commercial product, and the product key is required to register it.
Edit: perhaps the confusion is the fact that I haven't conveyed that this is a commercial product, and the product key is required to register it.
Re: Key Generator
I understand what you meant by product key etc, all I mean is.. why does this need its very own class/state/behaviour/etc.
What is it that means the key needs to be more than an arbitrary unique string/byte array per instance of a product?
What is it that means the key needs to be more than an arbitrary unique string/byte array per instance of a product?
- Jonah Bron
- DevNet Master
- Posts: 2764
- Joined: Thu Mar 15, 2007 6:28 pm
- Location: Redding, California
Re: Key Generator
I see what you mean now. It has other data associated with it, such as "date-created", "date-registered", "owner", etc. This system sells keys to users of the software so that they can use the full version.
Re: Key Generator
You need to:
1. Obfuscate the code by writing a compiler that copies virtually all of the logic into a single file. Not difficult.
2. Encrypt the code using ioncube.
3. Ensure that the master file containing the code doesn't execute any includes before it has initialized most of the system components, even if it means parsing the config file with RegEx.
4. Create a long random key and use RSA to encrypt/decrypt a serialized array containing the license key information.
5. Digitally sign the array data with a different, private key by contencating all the values. Keep the private key private, it's not in the code, never leaves your PC.
6. Validate the digital signature with the public key on every page request.
7. Include countermeasures allowing you to perform maintenance on the software as required.
This is the bare minimum if you do not want your application to be cracked by some script kiddy. The best solutions are obscure, so just be creative.
1. Obfuscate the code by writing a compiler that copies virtually all of the logic into a single file. Not difficult.
2. Encrypt the code using ioncube.
3. Ensure that the master file containing the code doesn't execute any includes before it has initialized most of the system components, even if it means parsing the config file with RegEx.
4. Create a long random key and use RSA to encrypt/decrypt a serialized array containing the license key information.
5. Digitally sign the array data with a different, private key by contencating all the values. Keep the private key private, it's not in the code, never leaves your PC.
6. Validate the digital signature with the public key on every page request.
7. Include countermeasures allowing you to perform maintenance on the software as required.
This is the bare minimum if you do not want your application to be cracked by some script kiddy. The best solutions are obscure, so just be creative.
- Jonah Bron
- DevNet Master
- Posts: 2764
- Joined: Thu Mar 15, 2007 6:28 pm
- Location: Redding, California
Re: Key Generator
I was a little confused at your post Benjamin, but then I realized that I had not made my situation sufficiently clear: the client is written in Java. The PHP part is on the server creating the key.