Cached license files can function in two different ways. They can be something that your applications may only read (this is called a read-only license file), or they can be something your application can read, create, and update (called a writable license file). Each approach has its advantages and disadvantages.
In a previous blog article, we outlined 3 reasons why you should use cached license files, which you may find helpful if you are wondering what cached license files are and why you should use them. In short, a cached license file is simply a file your application uses to cache the status of a software entitlement so as to avoid the need to contact a server every time your application is used (thus improving the application’s availability, reliability, and performance).
To begin, your application can read a read-only license file, but the app cannot create the file or update it.
Next, a writable license is one that your application can create and update itself.
Additionally, some licensing toolkits (such as Protection PLUS) allow you to use a mix of both read-only and writable license files so you can leverage the best of both worlds.
Labelling license files as being “read-only” or “writable” provides a simplified description of the outcome when you make different choices with regards to cryptography. This is inevitably a subject that can get quite complicated, so we’ll summarize what’s important to know when selecting a licensing system and when making choices within a licensing system’s features and options. Here are a few key concepts to start:
In the case of read-only licenses, an asymmetric algorithm is used, which means two keys are involved. One of the two keys (which we call the “Client Key”) is entirely known to the licensed application. However, the private key data/parts of the second key (which we often refer to as the “Server Key”) is only known to a trusted source, such as a central licensing server, or an application that only you or your staff can access. In a nutshell, the licensed application can only read and verify digital signatures, it will not be able to generate digital signatures since it lacks the knowledge of the Server Key’s private key data/parts.
In the case of writable licenses, either a symmetric algorithm is used, or an asymmetric algorithm is used with only one key from the key pair that is fully known to the application (the “Client Key” as noted above). Even if a digital signature is generated in this case, it is generated using private key data known to the application. Since your application knows all the data needed to generate these digital signatures, it is able to write any data into license files freely. However, this means it is also possible for a hacker to find this information in the licensed application, and use it to write anything they desire in the license file.
Understanding the difference between read-only and writable licenses is important for making a choice that best suits the needs of your users and the environments in which they intend to use your applications. The SoftwareKey System gives you the ability to use a combination of both read-only and writable license files. If you’d like more guidance on what choice is best for you, rest assured the SoftwareKey team is always just a click or a call away.
Abram Pousada is one of the passionate Software Engineers with SoftwareKey.com. He started his career with SoftwareKey.com when he was in high-school and has been with the company for over a decade. After-hours, the self-proclaimed geek enjoys a variety of engaging hobbies ranging from even more programming to video games and mountain biking.
Why Software Licensing is a Smart Move
What you need to know about distributing and updating licensed software
Licensing for non-visual software and services
How to Protect a Web Application with Licensing Controls
7 Ways License Automation Increases Revenue and Saves Time
5 Essential Strategies to Boost Software Revenue through Licensing