Licensing System Recommendation

cristina.b · March 3, 2017, 4:01pm

Hi,

Could you please recommend a licensing system for RhinoCommon plug-ins?

Thank you!

Cristina

dale · March 3, 2017, 4:25pm

Hi Cristina,

I’m not sure we can, for we wrote our own licensing system.

@brian, any advise for a plug-in developer in this area?

– Dale

menno · March 3, 2017, 5:13pm

If you’re distributing .NET based code (RhinoCommon is .NET), anyone can de-compile your code. There is even a free tool to do this at http://www.jetbrains.com/decompiler/

This is because .NET code is not compiled to machine code, but to intermediate language (IL). On execution, the Just-In-Time compiler (JIT) compiles IL to machine code. One way to make it the decompilation results more difficult to understand is to apply obfuscation to your code, where the human-readable names are changed to random characters and code flow is changed.

That is not to say you shouldn’t use a licensing mechanism in order to sell licenses to your customers. Just be aware of the unintended consequences of distributing .NET code: any mechanism for .NET licensing can easily be circumvented by de-compiling your code, removing the licensing code or calls to a licensing library, and re-compiling it.

brian · March 3, 2017, 6:40pm

Piracy prevention and intellectual property theft are different topics from making sure law-abiding customers are properly licensed. The vast majority of our customers love to make sure they are compliant with our licensing, and we constantly work to make it easy for them to tell when they are out of compliance.

I agree with @dale - we wrote our own, and so we don’t have a great solution to share at this point.

We are considering making a new licensing system that is based on modern cryptography that would allow you to use a system we develop, and provide your own public and private keys (thereby ensuring that only you can generate licenses for your products). This project hasn’t even started yet, though, and so we don’t have anything there to share, either.

The general idea would be to use something akin to a JWT (JSON Web Token) - essentially a digitally signed object that contains the license data. You would be able to specify whatever text is inside your license, and you’d be able to sign and verify the signatures. If you’re feeling like writing your own, there are probably enough tools out there for you to do that. The trick is making it easy for customers to enter the license keys - JWTs are not very human friendly.