Page 1 of 1
Key Generator
Posted: Tue May 03, 2011 11:43 am
by Jonah Bron
I'm working on an application that sells product keys. I want it to generate one as soon as the payment is made. All it has to do is create a random key, and store it in a database. But I don't know what sort of pattern the model would be. How would you structure something like that?
Edit: I've got a hunch that it's supposed to be two models: keyGenerator and keyStore/keyRecord (or something like that).
Re: Key Generator
Posted: Tue May 03, 2011 12:53 pm
by John Cartwright
Your question isn't clear to me. Perhaps you can re-word it for my benefit?
Re: Key Generator
Posted: Tue May 03, 2011 12:59 pm
by Jonah Bron
Okay, let me take another whirl at it
My application sells product keys to customers. I need to develop a set of domain models to handle key generation, key encapsulation, and key searching. How would you structure that sort of thing?
This is what I'm thinking:
Code: Select all
class keyManagerModel {
find()
generateKey()
saveKey()
}
class keyModel {
...
}
Re: Key Generator
Posted: Tue May 03, 2011 3:11 pm
by John Cartwright
I'm not sure what you meant by key encapsulation, so I will just ignore that. However, I would separate the generator from the key model. Your models generally shouldn't know how to generate their entities, only save them. I wouldn't expect the key generator to be a model either, it doesn't represent an entity, it only generates them.
Code: Select all
class KeyGenerator {
generateKey();
}
Code: Select all
class KeyModel {
find();
save();
}
Re: Key Generator
Posted: Tue May 03, 2011 5:48 pm
by Jonah Bron
Okay, that's exactly what I was looking for. By "key encapsulation", I meant a domain model to represent the key itself (and all it's sibling data).
Re: Key Generator
Posted: Fri May 06, 2011 10:56 pm
by Jonah Bron
Related question: should the KeyGenerator be a model, or a library? Or a combination of both?
Re: Key Generator
Posted: Sat May 07, 2011 5:48 pm
by Jonah Bron
In the classes in your post, one of them is KeyModel. What's the best way to represent the key data itself?
Update: here's what I have so far:
[text]class KeyManagerModel {
findById($id);
findByKey($key);
saveKey($key);
}[/text]
[text]class KeyGeneratorModel {
setKeyManager($keyManager);
createAndSaveKey($keyData);
}[/text]
The KeyGenerator depends on KeyManager to make sure that the key is unique, and to save it immediately; that's what setKeyManager() is for.
Re: Key Generator
Posted: Thu May 12, 2011 9:39 am
by Jenk
Is there a reason you are generating an entity for product key? Why not just have a Guid property on the product?
Re: Key Generator
Posted: Thu May 12, 2011 11:40 am
by Jonah Bron
Jenk wrote:Why not just have a Guid property on the product?
Come again?
Re: Key Generator
Posted: Thu May 12, 2011 12:43 pm
by Jenk
Sorry, a Guid.. Globally Unique ID, aka uuid. I'm using .NET fulltime and it just rolls off the tongue/finger tips now.

Re: Key Generator
Posted: Thu May 12, 2011 1:48 pm
by Jonah Bron
Oh, no, yeah, I know what a GUID is, I just don't quite understand what you mean? Like, embed the key in the software itself?
Edit: perhaps the confusion is the fact that I haven't conveyed that this is a commercial product, and the product key is required to register it.
Re: Key Generator
Posted: Fri May 13, 2011 5:00 am
by Jenk
I understand what you meant by product key etc, all I mean is.. why does this need its very own class/state/behaviour/etc.
What is it that means the key needs to be more than an arbitrary unique string/byte array per instance of a product?
Re: Key Generator
Posted: Fri May 13, 2011 10:36 am
by Jonah Bron
I see what you mean now. It has other data associated with it, such as "date-created", "date-registered", "owner", etc. This system sells keys to users of the software so that they can use the full version.
Re: Key Generator
Posted: Mon Jun 13, 2011 2:01 am
by Benjamin
You need to:
1. Obfuscate the code by writing a compiler that copies virtually all of the logic into a single file. Not difficult.
2. Encrypt the code using ioncube.
3. Ensure that the master file containing the code doesn't execute any includes before it has initialized most of the system components, even if it means parsing the config file with RegEx.
4. Create a long random key and use RSA to encrypt/decrypt a serialized array containing the license key information.
5. Digitally sign the array data with a different, private key by contencating all the values. Keep the private key private, it's not in the code, never leaves your PC.
6. Validate the digital signature with the public key on every page request.
7. Include countermeasures allowing you to perform maintenance on the software as required.
This is the bare minimum if you do not want your application to be cracked by some script kiddy. The best solutions are obscure, so just be creative.
Re: Key Generator
Posted: Mon Jun 13, 2011 9:35 am
by Jonah Bron
I was a little confused at your post Benjamin, but then I realized that I had not made my situation sufficiently clear: the client is written in Java. The PHP part is on the server creating the key.