воскресенье, 30 октября 2011 г.

Prepare assembly for encryption - best practice

When you protect your intellectual property using code encryption you probably want your customers and/or competitors are unaware of how your code works inside. But at the same time your encrypted code should intercommunicate with other (not encrypted) parts of your application. So we can consider your assembly for encryption as a black box which has some interfaces (properties and methods) which are used to communicate with outside world.

What is a best practice to create those “black box”? I could recommend you some rules which help you to create good assembly for encryption.

First of all we should detect what data types (mostly it concerns to the classes, interfaces and exceptions) will be used from both (encrypted and not encrypted) parts of your application and then decide where and how they will be declared. 

Your encrypted assembly shouldn’t declare publically visible interfaces. For example, class in your encrypted assembly implements interface which than is used in the not encrypted code. In this case you should define that interface in the separate assembly and reference it from the projects of the encrypted and not encrypted assembly:
If your encrypted assembly uses delegates which should be publically visible then define them in the separate assembly and reference it from the projects of the encrypted and not encrypted assembly.

If some members in your encrypted assembly can throw an exception of the custom type which should be caught and processed in the not encrypted code, then it is not recommended to define custom exception type in the encrypted assembly. Define it in the separate assembly and reference it from the project of the encrypted assembly and from the project where exception will be caught and processed.

As the next step we should decide which classes from the encrypted assembly should be accessible from the not encrypted code through the automatically generated wrappers. We strong recommend minimizing the number of the publically visible classes. Structure of the publically visible classes can give a lot of information about internal implementation of the hidden functionality. If it is not supposed to use class from the external code then declare it as internal (Friend in VB.NET).

Try to make classes in your assembly to have small number of the publically visible properties and methods. If it is not supposed to use property or method from the external code then declare it as private or internal.

Try to not use publically visible nested classes.

понедельник, 24 октября 2011 г.

Version 6.2 of the Manco .NET Licensing System released

Manco .NET Licensing System version 6.2 is available now. You can get 15-days trial version at the http://www.mancosoftware.com/licensing/download.htm

List of the most significant changes made in new version:

1. The major changes in the version 6.2 have been made for the protection library (protection library for the .NET Compact Framework have not been changed):
    a) Code have been significantly changed to hide protection implementation in a better way.
    b) Public API changed to complicate potential hack of the system.
    c) Added functionality which perform internal integrity check.
    d) Added support for the .NET Framework Client Profile for both .NET Framework 3.5 and .NET Framework 4.0.
    e) Improved support for the Medium trust environment (time limited evaluation can be used, Unlock Key licensing schemas can be used, license activation can be used with custom system profile).

2. Added functionality to upgrade license from one version to another (both License Manager and License Shop).

3. Added ability to transfer license from one customer to another (both License Manager and License Shop).

4. "New license type" toolbar button extended with dropdown which contains good-known predefined licensing schemas.

5. Changed implementation of the licensing schema in the AWS. Validation of the domain name now don't use DNS, but get it from HTTP request. Pay attention, evaluation version of the AWS now accept requests made to the 'localhost' domain only.