Passwort Protection "Enter E-Mail"
-
@d-healey said in Passwort Protection "Enter E-Mail":
I've said this several times on different forums, but I'll say it again. The reason people buy software is not because they can't get it without paying for it, that is a very very minor reason.
This is the argument made all the time by open source advocates - and I get it I really do, but its actually ignoring the evidence of other developers, for instance U-he....
Here's what Urs Heckman has to say (Im boiling down his very long series of emails on this subject):
U-he add several copy protection mechanisms to its products, some of these are timed mechanisms, set to "go off" on a particular day of the year..
In the period after a timer mechanism has gone off U-he see significant bump in sales for that product.
So Urs conclusion is that people use hacked versions of U-he software because they can, not because they cant afford it, (because clearly they can afford it - they buy it once the ability to not pay has been taken away) , and they dont care at all about support, or it being more secure, or updates(they will wait for the next hacked version)
I think its very dangerous to compare sales software releases in an open source model (and more power to your elbow if it works for you) with sales of commercial closed source software
-
@treynterrio said in Passwort Protection "Enter E-Mail":
@d-healey I know that many plugins are quickly cracked or hacked, and sometimes protection is not needed. I released a Kontakt instrument in January that has still been selling well. It also has no protection and has not been posted online yet.
However, I would still be interested in having a solution for it, whether I end up using it or not. I already have a Label inside that writes the E-Mail into a .js file and then displays it at the top corner of the plugin.
but I still haven't figured out how to write into the serial number label only after entering the email.Ok so welcome to copy protection 101:
- your stuff is likely to be pirated sooner if you have no protection
- If you have protection in plain sight(an open readable file on a hard drive) you will get hacked soon
- If you have a simple (not encoded) system you will get hacked soon
- Key-Gens are Pirates favourite way of hacking you software - they dont need to touch your software - they just make a small program that will generate valid keys and give that away
- An encrypted key pair will stop KeyGens and force a serious hacker to alter your code base to get a pirated version
- Constant version updates(1.0,1.1,1.2,1.3 etc..) are your friend - it forces the prate to re-hack your source code
- A server side system is a lot more secure
- There is no secure system...everything will get hacked eventually...
So your approach falls squarely into points 2 and 3, you actually want to fall into point 5. So use the HISE RSA system to build key pairs and use the public key in your plugin to decrypt it and validate it. Forget the email thing, its pointless.
-
@Lindon how does this HISE RSA system work?
-
@treynterrio Here's how the system works:
https://forum.juce.com/t/juce-rsa-implementation/10341/17I highly suggest you check out HISE Activate if you're looking for instant integration:
https://activate.hise.dev/- Tight integration with the HISE framework
- No additional 3rd party software required
- Activation procedure directly from within the plugin
- Completely customizable activation UI
- Ready-to-use HiseScript code templates
-
-
create a key-pair using HISE... Tools>License Management> Create RSA Key Pair
-
Build an off-line system that takes a set of verifiable strings and encrypts each of them with the private key to create the serials:
FileSystem.encryptWithRSA( String dataToEncrypt, String privateKey)
-
get your system to save these serials in a text file so you can send a serial to each customer - so you back end system keeps a record of the user, email and issued serial.
-
Add a dialog to your plugin that gets a serial from the user...
-
use the HISE command to decrypt the entered serial using the public key
FileSystem.decryptWithRSA( String dataToDecrypt, String publicKey)
- you now have a string that you need to verify (how you do that is up to you)
So at this point the only way to generate keys for your product is to know the private key - and if you dont accidentally give this away then there massively difficult for a hacker to obtain this key - so they cannot build a KeyGen for your product - even if they know exactly what the un-encrypted verify string looks like.
If it all sounds too hard, it isnt, I have an RSA encryption system I have licensed to other developers.
- see? all this was just to sucker you in.....:face_with_tongue:
Or as Dan says if you want an online solution look at HISE activate
-
-
@Lindon is there another thread or something that explains what to do because I couldn't follow anymore at step 2 :D
I've created a RSA Key Pair and now?I found this but this makes no sense to me:
https://forum.hise.audio/topic/8786/hise-rsa-not-working?_=1712747148847 -
@Lindon I also found this post from you with a snippet that isnt available anymore https://forum.hise.audio/topic/8053/rsa-output-length?_=1712747613015
-
@treynterrio said in Passwort Protection "Enter E-Mail":
@Lindon I also found this post from you with a snippet that isnt available anymore https://forum.hise.audio/topic/8053/rsa-output-length?_=1712747613015
there is no snippet in that thread - its an example of a serial that RSA generates..
-
@d-healey If I want do the same with the Activation Button that there is a Panel in front of it that you couldn't click before you've not entered a Serial what would the definition for this?
inline function onSerialInputControl(component, value)
{
Panel3.showControl(????????????(value));
}
const var Panel3 = Content.getComponent("Panel3");
Panel3.showControl(false); -
@treynterrio I'm not sure what you're asking
-
@d-healey oh I thought I'd response to the post.
you've send me this :
const var Label1 = Content.getComponent("Label1"); Label1.setControlCallback(onLabel1Control); inline function onLabel1Control(component, value) { Panel1.showControl(Server.isEmailAddress(value)); } const var Panel1 = Content.getComponent("Panel1"); Panel1.showControl(false);and I want do the same for the Serial Label only when you Input the Serial you can click activate.
When the Serial Number is entered enable the Panel
-
@treynterrio Just do the same but replace Panel with Button.
-
@d-healey I tried this but its not Server.isEmailAdress it need this for the License
-
@treynterrio Oh right, how are you validating the license?
-
@d-healey said in Passwort Protection "Enter E-Mail":
Oh right, how are you validating the license
setvalidLicense?
-
@treynterrio There is no built in functionality for this. You're creating your own system here so you need to do your own validation.
-
@d-healey something like this?
var licenseInput = Content.getComponent("licenseInput");
licenseInput.set("textChangedCallback", function() { -
@treynterrio Not really. Only you know how you want to validate your license. You have to write a function to do that, then worry about the GUI side of it.
-
@d-healey ok this sounds to difficult for me :D