How should my Cocoa application store the user's license key? [closed]
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this questionAfter the user enters his / her license key, my application activates 开发者_如何学Pythonitself with that key (online). How do I store this activated state and the license key so that the next time the user opens the app, the app will know that it is already activated?
Apple provides a comprehensive facility for this kind of requirement. What you want is the Keychain API.
I just wrote the users license key and matching email to a file in "~/Library/Application Support/MyApplication/License.myApplicationlicense". I think this is better than using NSUserDefaults because the user will expect to be able to toss their prefs without having anything dramatic happen like having to re-register their application.
The file is just the contents of a NSDictionary written using writeToFile:atomically: and read using dictionaryWithContentsOfFile:. The contents are not encrypted but that is typically not important depending on how your license scheme works.
I would also suggest you take a look at AquaticPrime if you have not done so already. I decided to roll my own license scheme because I wanted license codes and not license files. In the end I feel I would have been better off sticking to AquaticPrime which is much more cryptographically secure than my own license scheme. When I had been using AquaticPrime during my beta I stored the license file in the same location mentioned above.
I suggest making the key dependent on a user specific thing, ie email or full name or perhaps a machine specific id if necessary. Then you can store it in the NSUserDefaults or a plain dot named file in the users home directory. This without needing to encrypt it or make some crazy obfuscation. There will be piracy be sure about it, I believe this is people who would never pay for anything anyway so you do not actually loose anything. By making the key dependent on a user specific thing makes the user a little more resistant to share it.
About piracy. How far do you think they can go? I made a small tool that worked fine without paying anything. But as a treat for those who would like to support the effort in creating it I added a small feature to change color of the graphs in it for only $5. Well, what did they do? Someone actually reverse engineered the key and they created a keymaker. I admit I didn't put too much effort in obfuscating the algorithm, but hey, I focused more on making it easy for all real nice users to input than making life hard for any cracker. I'm more happy about that they thought my little app was worth the effort to reverse engineer the key for.
Links:
- Original AirPort Flow
- Cracked Torrent
I've decided to use NSKeyedArchiver because it keeps the data encoded so it's harder to manually access and change sensitive data like license key and activated state.
You can either use NSUserDefaults or a system of your own devising.
精彩评论