Key Generator

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Key Generator

Post by Jonah Bron »

I'm working on an application that sells product keys. I want it to generate one as soon as the payment is made. All it has to do is create a random key, and store it in a database. But I don't know what sort of pattern the model would be. How would you structure something like that?

Edit: I've got a hunch that it's supposed to be two models: keyGenerator and keyStore/keyRecord (or something like that).
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: Key Generator

Post by John Cartwright »

Your question isn't clear to me. Perhaps you can re-word it for my benefit?
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: Key Generator

Post by Jonah Bron »

Okay, let me take another whirl at it :D

My application sells product keys to customers. I need to develop a set of domain models to handle key generation, key encapsulation, and key searching. How would you structure that sort of thing?

This is what I'm thinking:

Code: Select all

class keyManagerModel {
    find()
    generateKey()
    saveKey()
}
class keyModel {
    ...
}
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: Key Generator

Post by John Cartwright »

I'm not sure what you meant by key encapsulation, so I will just ignore that. However, I would separate the generator from the key model. Your models generally shouldn't know how to generate their entities, only save them. I wouldn't expect the key generator to be a model either, it doesn't represent an entity, it only generates them.

Code: Select all

class KeyGenerator {
   generateKey();
}

Code: Select all

class KeyModel {
   find();
   save();
}
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: Key Generator

Post by Jonah Bron »

Okay, that's exactly what I was looking for. By "key encapsulation", I meant a domain model to represent the key itself (and all it's sibling data).
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: Key Generator

Post by Jonah Bron »

Related question: should the KeyGenerator be a model, or a library? Or a combination of both?
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: Key Generator

Post by Jonah Bron »

In the classes in your post, one of them is KeyModel. What's the best way to represent the key data itself?

Update: here's what I have so far:

[text]class KeyManagerModel {
findById($id);
findByKey($key);
saveKey($key);
}[/text]
[text]class KeyGeneratorModel {
setKeyManager($keyManager);
createAndSaveKey($keyData);
}[/text]
The KeyGenerator depends on KeyManager to make sure that the key is unique, and to save it immediately; that's what setKeyManager() is for.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Re: Key Generator

Post by Jenk »

Is there a reason you are generating an entity for product key? Why not just have a Guid property on the product?
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: Key Generator

Post by Jonah Bron »

Jenk wrote:Why not just have a Guid property on the product?
Come again?
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Re: Key Generator

Post by Jenk »

Sorry, a Guid.. Globally Unique ID, aka uuid. I'm using .NET fulltime and it just rolls off the tongue/finger tips now. :)
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: Key Generator

Post by Jonah Bron »

Oh, no, yeah, I know what a GUID is, I just don't quite understand what you mean? Like, embed the key in the software itself?

Edit: perhaps the confusion is the fact that I haven't conveyed that this is a commercial product, and the product key is required to register it.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Re: Key Generator

Post by Jenk »

I understand what you meant by product key etc, all I mean is.. why does this need its very own class/state/behaviour/etc. :)

What is it that means the key needs to be more than an arbitrary unique string/byte array per instance of a product?
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: Key Generator

Post by Jonah Bron »

I see what you mean now. It has other data associated with it, such as "date-created", "date-registered", "owner", etc. This system sells keys to users of the software so that they can use the full version.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: Key Generator

Post by Benjamin »

You need to:

1. Obfuscate the code by writing a compiler that copies virtually all of the logic into a single file. Not difficult.
2. Encrypt the code using ioncube.
3. Ensure that the master file containing the code doesn't execute any includes before it has initialized most of the system components, even if it means parsing the config file with RegEx.
4. Create a long random key and use RSA to encrypt/decrypt a serialized array containing the license key information.
5. Digitally sign the array data with a different, private key by contencating all the values. Keep the private key private, it's not in the code, never leaves your PC.
6. Validate the digital signature with the public key on every page request.
7. Include countermeasures allowing you to perform maintenance on the software as required.

This is the bare minimum if you do not want your application to be cracked by some script kiddy. The best solutions are obscure, so just be creative.
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: Key Generator

Post by Jonah Bron »

I was a little confused at your post Benjamin, but then I realized that I had not made my situation sufficiently clear: the client is written in Java. The PHP part is on the server creating the key.
Post Reply