Periodic Key Validation (offline)

Most Viewed Article

Instead of checking a license key with the server each time the application launches, there is an option to perform the validation once and later use a temporary file. In this article, we are to look at how this can be done with SKGL Extension API. Later on, a short overview will be given of how this procedure can be accomplished on any other platform.

Implementation

There are many ways offline key validation can be configured. We can, for example, require the application to check the license key with the server (online key validation) periodically, i.e. once a month. However, it’s not required, we can do it only once or not at all, provided that we can supply an activation file to the end user computer (using Activation Form).

Periodic Validation

A great way of reducing the number of requests to the server is by keeping a local copy of the license information and then periodically check if something has changed. To achieve this, we are going to store license information as a signed file (by the server), then check the signature to ensure that the user has not changed any properties. Let’s specify our aim:

Goal: Check the license with the server each month (30 days). Ensure that the license is locked to the current computer.

Keep in mind

  • Ensure that you have the latest RSA public key, in order to validate the signature. You can find it here.
  • During Key Activation/Validation, please ensure that the  signDate = true , so that the server signs the activation date.
  • Ensure that you have read/write permission in the folder where the activation file will be stored. If the folder is not accessible, the whole point of offline key validation will be missed because the application will check the license with the server each time it starts.
  • Ensure that you use hardware/machine locking. If you don’t compare the machine code that the license is associated with and the end user computer’s, the user can copy the license file and use it on other devices. Therefore, don’t forget  IsOnRightMachine() !
  • The user will not need to enter the key once 30 days have passed. A good idea would be to allow users to change the license at any time (in case they’ve upgraded to a different one).
  • Since the KeyInformation object will not be updated, the TimeLeft will not be updated, please use DaysLeft method to find the number of days that are remaining (for time limited licenses).

Offline Activation (without Internet)

In some cases, when computers don’t have access to the Internet, it is meaningless to attempt to send a request to the server. Therefore, we can use the activation file only, without contacting the server. This is achieved by replacing  HasValidSignature(RSAPublicKey, 30) with  HasValidSignature(RSAPublicKey) . It can also be useful to consider to increase the time interval from one month (30 days) to a year (365 days). In this case, the user will still be forced to update the license file periodically, but not as often.

Some values where omitted in the examples above. You can access a working implementation (C# and VB.NET) at  OfflineKeyValidationExample (on GitHub).

Pre-Configured Code

There are two ways to include the code into your application. The easiest way is to press the get the code icon on the product page, shown below.

code

This will allow you to see the same code that was described in the last section with all variables pre-configured. If you would like to perform these steps manually (the hard way), there are two kinds of values you will need:

Additional downloads

About The Author

Most Helpful User

Rate This Article

(57 out of 104 people found this article helpful)

5 Comments

  1. Hi there,

    Just a quick question with this method an example sample code.

    Would this require use to store the serial key? In order to re-authorise with the server after a 30 day period? I.e. that serial key isn’t able to extracted from their local key (if it is present)?

    What I am meaning to say is:
    Day 30 ticks over and the first offline activation fails – how do we retrieve the serial key the user originally registered with to be able to re-activate online. Can we do this without needing to prompt the user?

    Thanks.

    1. Hi @Scott,

      Thank your for your question. KeyInformation field does not contain a “KeyString” property. I will add it today/tomorrow and let you know.
      Once this is done, this will be possible. In meantime, you can store the key in the NewKey field.

      Edit: it will probably be done sometime this week.

    2. Finally, it works! You can achieve this by adding the following code snippet:

      In this case, users won’t need to retype the key once 30 days have passed. Note, this requires the newest version of SKGL Extension, from 3.0.1 and above.

  2. jusvu

    Hi! This offline validation example seems to be for v2 API. I tested this on v3 API and it says: KeyInformation’ does not contain a definition for ‘LoadFromFile’

    Could it be possible to get an example for the same functionality in v3 API?

Leave A Comment?