Introduction
This is my first article posting to CodeProject.
I needed a quick way to sell a small, inexpensive WinForms application from my website; either after the customer completes a free trial period, or when purchasing at download time. I wanted to provide the customer with the following scenario:
- Customer comes to my website and downloads the setup package as a free 30 day trial (by default, the software behaves in trial mode unless an unlock key is purchased and entered).
- Customer decides if they want to buy it or not.
- If customer decides yes, then they purchase an unlock key from my website, providing me with the serial number of their copy of the software (or they download a new copy and purchase the key all at once).
- Customer is emailed the unlock key that unlocks the following:
- The specific software copy they downloaded (based on the serial number).
- The software they purchased (based on their name).
- The software provided by my company (based on my company name).
- The software feature set they purchased (based on what they bought).
- All of the above must be true for the emailed key to actually unlock the software.
- User is now in possession of an unlocked software and a key that cannot unlock any of my other products. They can freely re-install the software on multiple machines, but the key will only unlock the copy they downloaded.
Background
This is a very common way of purchasing software that we are all familiar with. The method presented here is as secure as you are able to keep your company cipher keys. See other articles at Microsoft on how to obfuscate cipher keys in your deployed applications. 99.99% of people don't have the time to spend hacking unlock keys. Of the remaining .01%, how many of those are going to give away a hacked key to thousands of people? Also, since this method hashes all of the following items, any hacker would still need to know these things to create the keys for other people's copies. Additionally, your software company can easily invalidate all the keys floating around in the marketplace by simply changing one of the items in the hash. Most likely, it would be the product feature. The following items are hashed into the unlock key:
- Company name
- Customer name
- Serial number of the software downloaded
- The product or product feature code
By extending the classes, you can hash even more information like machine MAC address if you want to restrict unlocking to only a specific computer.
Using the code
As you can see from the demo program, the code is ultra-simple and self explanatory once you open the solution file. The following code is deployed to your web site to make the key. Note: btnSell_Click is deployed only to your website, not the product you are selling. This is the code your website needs to create an unlock key after your customer pays for the desired product.
To give the customer a key, they must know two things:
- Their name.
- What feature set or product they want to purchase.
Your website must know these two things:
- The serial number of the copy of the software the customer just downloaded (optional; if you are not serial stamping your downloads, then just leave it blank, but the key won't be as secure; otherwise, create a serial number and download that to the customer to the config file or the DLL itself.) Hint:
environment.tickcount makes a good serial number. - The name of your company (of course, your website code knows this).
After you create the key, email it to the customer so they can use it to unlock the software they just downloaded.
Private Sub btnSell_Click(ByVal sender As System.Object, _
ByVal e As System.EventArgs) Handles btnSell.Click
Try
Dim locKeyHandler As OMBKeySell.KeySeller = _
New OMBKeySell.KeySeller(_MyCompanyKey, _MyCompanyIV)
txtSellKey.Text = locKeyHandler.SellKey(txtSellCompanyName.Text, _
txtSellSerial.Text, txtSellCustomerName.Text, _
CType(btnSell.Tag, Key.ProductOrProductFeatureSet))
My.Computer.Clipboard.SetText(txtSellKey.Text, TextDataFormat.Text)
lblSellStatus.Text = "Thank you for purchasing our software, " & _
"your unlock key has been placed in your computer " & _
"clipboard, paste it below to activate your copy " & _
"of the software." & vbCrLf & vbCrLf & _
"(In real use the key would be emailed)"
lblSellFeature.Text = "You just bought a key to unlock this " & _
"feature or product: " & CType(btnSell.Tag, _
Key.ProductOrProductFeatureSet).ToString
lblBuyStatus.Text = ""
lblBuyFeature.Text = ""
txtBuyCustomerName.Text = ""
txtBuyKey.Text = ""
Catch ex As Exception
lblSellStatus.Text = ex.Message
lblSellFeature.Text = ""
txtSellKey.Text = ""
txtSellCustomerName.Text = ""
End Try
End Sub
The following code is deployed to your product to validate the key and provide your program with the product or product feature that was purchased. Note: btnBuy_Click is deployed only in the product you are selling, not in your website. This is the code your purchased software needs on the product unlocking form.
For the customer to unlock, they must know two things:
- The name they used as their name when they made the purchase above.
- The key that was emailed to them.
Your deployed software must know these two things (embedded into the software or the config file):
- The name of your company (same name used by your website code when you created and sold the unlock key, embedded in the code or config file of the downloaded package).
- The serial number of the copy of the software the customer just downloaded (embedded in the software or downloaded config file).
After you process their key, place the provided product feature code in the Registry. Now, your program looks at that Registry key to determine how/if it should run itself.
Private Sub btnBuy_Click(ByVal sender As System.Object, _
ByVal e As System.EventArgs) Handles btnBuy.Click
Try
Dim locKeyHandler As OMBKeyBuy.KeyBuyer = _
New OMBKeyBuy.KeyBuyer(_MyCompanyKey, _MyCompanyIV)
Dim locFeatureBeingBought As Key.ProductOrProductFeatureSet = _
locKeyHandler.BuyKey(txtBuyCompanyName.Text, _
txtBuySerial.Text, txtBuyCustomerName.Text, txtBuyKey.Text)
lblBuyStatus.Text = "Thank you for purchasing our software, " & _
"your specific copy of the software is now unlocked"
lblBuyFeature.Text = "You unlocked this feature or product: " & _
locFeatureBeingBought.ToString
lblSellStatus.Text = ""
lblSellFeature.Text = ""
txtSellCustomerName.Text = ""
txtSellKey.Text = ""
Catch ex As Exception
lblBuyStatus.Text = ex.Message
lblBuyFeature.Text = ""
txtBuyKey.Text = ""
txtBuyCustomerName.Text = ""
End Try
End Sub
The demo program (is in the zip)
To use the demo program... make a key on the top half by entering your name. This simulates your purchase at a website. Then, to simulate unlocking your software, enter your name and paste the key. The unlocked feature will be returned.
Points of interest
I had a hard time finding code samples for unlock keys on the Internet that suited my purpose and that were not too complicated.
History
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
