At 06:41 PST on 2015-01-12, Dave Fernande wrote:
If you use AquaticPrime, unfortunately, it does not generate standard
signatures. It manually hashes and then encrypts using the private key. This
sounds like a normal signature, but it is missing some information stored in
standard PKCS
On 13 Jan 2015, at 13:51, Jens Alfke j...@mooseyard.com wrote:
The license mechanism serves as a reminder to new users that their demo has
expired, or that the copy they borrowed from their roommate hasn't been paid
for yet.
Precisely. I haven't commented on this
On 13 Jan 2015, at 07:42, João Varela joaocvar...@gmail.com wrote:
all I’m saying be careful how you expose your licensing code if you are going
to use objective C.
I take the opposite POV. If someone's going to start messing around with otool
and class-dump on my app, I know they're not
On 12 Jan 2015, at 03:59, Charles Srstka cocoa...@charlessoft.com wrote:
After all, you’re going to want some sort of automatic system for generating
license codes for your users,
Actually, no. As I said, the licence codes are being generated via FastSpring
(and that's OpenSSL). All I
On 12 Jan 2015, at 10:52, 2551 2551p...@gmail.com wrote:
Given that my licences are being generated with OpenSSL in the FastSpring
website,
Didn't FastSpring have an SDK that you just drop into your app to validate
their licenses?
does that mean I HAVE TO use OpenSSL to validate them? I'm
So my guess would be that you have somewhere on the Fastspring site asked
them to generate a CocoaFob key.
Correct.
What that string of stuff most likely is is .. some information you have
supplied, like a user name or serial number or whatever fields you told
FastSpring you want in
On Jan 12, 2015, at 6:39 AM, Uli Kusterer witness.of.teacht...@gmx.net
wrote:
On 12 Jan 2015, at 10:52, 2551 2551p...@gmail.com wrote:
Given that my licences are being generated with OpenSSL in the FastSpring
website,
Didn't FastSpring have an SDK that you just drop into your app to
On Jan 12, 2015, at 7:51 AM, 2551 2551p...@gmail.com wrote:
if anyone here is using FastSpring or similar (eSellerate, Kagi)
I've used eSellerate for many years. They provide a very well-documented API
for generating and validating registration keys in a variety of formats for
purchase
On 12 Jan 2015, at 20:38, Bill Cheeseman wjcheese...@gmail.com wrote:
I've used eSellerate for many years. They provide a very well-documented API
for generating and validating registration keys in a variety of formats for
purchase i
Thanks for that, Bill.
I'm not in any way
On 12 Jan 2015, at 20:37, 2551 2551p...@gmail.com wrote:
On 12 Jan 2015, at 18:44, Roland King r...@rols.org wrote:
Part of the problem, at least for me, is I haven’t figured out yet what you
actually have that you’re trying to verify. Is it a string, a file
Thanks, Roland.
On 12 Jan 2015, at 18:44, Roland King r...@rols.org wrote:
Part of the problem, at least for me, is I haven’t figured out yet what you
actually have that you’re trying to verify. Is it a string, a file
Thanks, Roland.
It's a string that looks like this:
On 12 Jan 2015, at 18:39, Uli Kusterer witness.of.teacht...@gmx.net wrote:
Didn't FastSpring have an SDK that you just drop into your app to validate
their licenses?
That's actually what I expected when I signed up, but it doesn't appear to be
the case, unless I've overlooked something
On 12 Jan 2015, at 17:52, 2551 2551p...@gmail.com wrote:
On 12 Jan 2015, at 03:59, Charles Srstka cocoa...@charlessoft.com wrote:
After all, you’re going to want some sort of automatic system for generating
license codes for your users,
Actually, no. As I said, the licence codes
This is a fight you cannot win, so don't waste your time. A dedicated
cracker will bypass any protection. I use minimal obfuscation and
asymmetric key generation, and that's it.
Gleb
On 13 January 2015 at 02:32, Graham Cox graham@bigpond.com wrote:
On 13 Jan 2015, at 1:18 pm, Charles
On Monday, January 12, 2015, João Varela joaocvar...@gmail.com wrote:
Hi
I rolled out my own license scheme so that I don’t have to pay anyone. ;)
I find that coding license checking methods with Cocoa and Objective-C is
terribly unsafe. Objective-C has the nasty habit of exposing classes
On Jan 12, 2015, at 6:42 PM, João Varela joaocvar...@gmail.com wrote:
Hi
I rolled out my own license scheme so that I don’t have to pay anyone. ;) I
find that coding license checking methods with Cocoa and Objective-C is
terribly unsafe. Objective-C has the nasty habit of exposing
On Jan 12, 2015, at 8:32 PM, Graham Cox graham@bigpond.com wrote:
On 13 Jan 2015, at 1:18 pm, Charles Srstka cocoa...@charlessoft.com wrote:
Now I just put it in plain C/Obj-C functions, because:
1. The assembly is always there.
I agree about just using plain code, as the
Hi
I rolled out my own license scheme so that I don’t have to pay anyone. ;) I
find that coding license checking methods with Cocoa and Objective-C is
terribly unsafe. Objective-C has the nasty habit of exposing classes and their
methods, which you can easily access/find out if you know what
On 13 Jan 2015, at 1:18 pm, Charles Srstka cocoa...@charlessoft.com wrote:
Now I just put it in plain C/Obj-C functions, because:
1. The assembly is always there.
I agree about just using plain code, as the obfuscation is in the source
mostly, not the resulting object code.
But if it's
On 13 Jan 2015, at 00:34, Gleb Dolgich gleb...@gmail.com wrote:
You can throw it at me as well, what with me being the author of CocoaFob
Gleb, I appreciate your input. I found the no_openssl branch and downloaded it,
but I'm still unsure what to do with it.
On the CocoaFob page it says
On Jan 12, 2015, at 9:07 PM, pscott psc...@skycoast.us wrote:
Experience has taught me that copy protection and license keys almost never
prevent software piracy, except where the cost of ownership is so low that
defeating the protection isn't worth the effort. I don't mean to discourage
You don't need cocoafob.m as it's test code. CFobLicVerifier.{h|m} and
CFobError.{h|m} should be it as all the necessary decoding in the
no_openssl branch is handled using SecurityFramework. The function
codecheck() in cocoafob.m just shows you how to verify a licence.
Regards,
Gleb
On 13
On 13 Jan 2015, at 11:05, 2551 2551p...@gmail.com wrote:
Presumably, I only need the stuff in the objc folder, do I import all of
those files? And if so, what headers do I import into the class that contains
my registration view? What method/methods do I connect the Enter button and
On 13 Jan 2015, at 11:52, Gleb Dolgich gleb...@gmail.com wrote:
You don't need cocoafob.m as it's test code. CFobLicVerifier.{h|m} and
CFobError.{h|m} should be it as all the necessary decoding in the no_openssl
branch is handled using SecurityFramework. The function codecheck() in
On 13 Jan 2015, at 11:23, 2551 2551p...@gmail.com wrote:
Is that all I need to do?
I see I need CFobError, too. Is just this stuff going to be enough to get this
to work?
CFobError.h √
CFobError.m √
CFobLicVerifier.h
On 1/12/2015 7:30 PM, Gleb Dolgich wrote:
This is a fight you cannot win, so don't waste your time. A dedicated
cracker will bypass any protection. I use minimal obfuscation and
asymmetric key generation, and that's it.
Gleb
I haven't been following this thread closely, but I do wish to
On Jan 12, 2015, at 8:05 PM, 2551 2551p...@gmail.com wrote:
On the CocoaFob page it says There is no framework or a library to link
against. You include the files you need in your application project directly.
That's pretty inadequate, IMHO (speaking as a library developer.) The project
We just implemented a bunch of license code in our upcoming app and we went
with CocoaFob. I updated it a bit as I don’t think its been updated in a bit,
but honestly its not hard. The foundation of the code is good, so it works.
Just my two cents.
On Jan 12, 2015, at 7:09 AM, Roland King
Or you go find documentation on CocoaFob’s file format,
Tried that…
There is no file involved, it’s just a string containing user name and whatever
else you need to verify the license. It is described in CocoaFob README and
there is a small sample available as well.
which I’m sure is
If you use AquaticPrime, unfortunately, it does not generate standard
signatures. It manually hashes and then encrypts using the private key. This
sounds like a normal signature, but it is missing some information stored in
standard PKCS #1 v2.0 signatures. This means that
Of course, I could have missed something, and if anyone here is using
FastSpring or similar (eSellerate, Kagi) and can confirm otherwise, I'd be
both relieved and grateful to get your advice. I must admit when I started
this thread, I did so in the hope that someone else on the list
On Jan 12, 2015, at 12:05 PM, Jens Alfke j...@mooseyard.com wrote:
Somebody (Dave Fernandes, apparently) wrote:
If you use AquaticPrime, unfortunately, it does not generate standard
signatures. It manually hashes and then encrypts using the private key.
This sounds like a normal
Somebody (Dave Fernandes, apparently) wrote:
If you use AquaticPrime, unfortunately, it does not generate standard
signatures. It manually hashes and then encrypts using the private key. This
sounds like a normal signature, but it is missing some information stored in
standard PKCS #1
On Jan 12, 2015, at 11:53 AM, Tamas Nagy tamas.lov.n...@gmail.com wrote:
If you use AquaticPrime, unfortunately, it does not generate standard
signatures. It manually hashes and then encrypts using the private key. This
sounds like a normal signature, but it is missing some information
On Jan 10, 2015, at 10:34 PM, 2551 2551p...@gmail.com wrote:
Yes, that's precisely what I'm looking for and don't seem able to find. Can
anyone suggest one? I've been all over stackexchange etc, and there seems to
be a lot of confusion out there (or, rather, the more I read, the more
On Jan 11, 2015, at 2:05 PM, Jens Alfke j...@mooseyard.com wrote:
On Jan 10, 2015, at 10:34 PM, 2551 2551p...@gmail.com
mailto:2551p...@gmail.com wrote:
Yes, that's precisely what I'm looking for and don't seem able to find. Can
anyone suggest one? I've been all over stackexchange etc,
On Jan 11, 2015, at 12:59 PM, Charles Srstka cocoa...@charlessoft.com wrote:
IMO, it’s better to just static-link OpenSSL into the app and use that.
Kind of big, though! libSodium* (based on NaCl) is a much smaller crypto
library, which also has the benefit that it uses an elliptic-key
On 11 Jan 2015, at 21:59, Charles Srstka cocoa...@charlessoft.com wrote:
IMO, it’s better to just static-link OpenSSL into the app and use that.
Short caveat: Do not get the actual OpenSSL. Get LibreSSL, which is a fork of
OpenSSL done by the OpenBSD folks (i.e. people who actually know
Can anyone point me in the right direction for the (simplest) solution to
validate a DSA key in my OS X app?
I've looked at both CocoaFob and AquaticPrime; both contain deprecations and
look as if they are more or less dead. In neither case have I been able to get
my head around the incomplete
On 10 Jan 2015, at 10:33, sqwarqDev 2551p...@gmail.com wrote:
I'm not looking for anthing fancy. The simplest implementation will do, and
an idiot's guide on how to do it would be ideal, but any pointers from anyone
that's done this recently would be hugely appreciated.
Really, all you need
Thanks for the overview Uli, and the pointer towards Security.framework. I'm
working my way through the docs, but there's a lot that doesn't seem relevant
to my task.
Most of the rest in your outline I've got. However, it's these specific parts
I'm struggling with and which prompted my
On 11 Jan 2015, at 13:34, 2551 wrote:
any tutorial on...validating messages will do.
Yes, that's precisely what I'm looking for […]
I wrote one a decade ago:
http://sigpipe.macromates.com/2004/09/05/using-openssl-for-license-keys/
Previous thread here:
42 matches
Mail list logo