You can do something like create a record which contains the data you want to authenticate to the application. This could include anything you want - e.g. program features to enable, expiry date, name of the user (if you want to bind it to a user). Then encrypt that using some crypto algorithm with a fixed key or hash it. Then you just verify it within your program. One way to distribute the license file (on windows) is to provide it as a file which updates the registry (saves the user having to type it).

您可以执行一些操作，例如创建一条记录，其中包含要向应用程序进行身份验证的数据。这可以包括您想要的任何内容 - 例如要启用的程序功能、到期日期、用户名（如果您想将其绑定到用户）。然后使用一些带有固定密钥的加密算法对其进行加密或对其进行散列。然后你只需在你的程序中验证它。分发许可证文件（在 Windows 上）的一种方法是将其作为更新注册表的文件提供（无需用户输入）。

Beware of false sense of security though - sooner or later someone will simply patch your program to skip that check, and distribute the patched version. Or, they will work out a key that passes all checks and distribute that, or backdate the clock, etc. It doesn't matter how convoluted you make your scheme, anything you do for this will ultimately be security through obscurity and they will always be able to this. Even if they can't someone will, and will distribute the hacked version. Same applies even if you supply a dongle - if someone wants to, they can patch out the check for that too. Digitally signing your code won't help, they can remove that signature, or resign it.

但请注意错误的安全感 - 迟早有人会简单地修补您的程序以跳过该检查，并分发修补版本。或者，他们会计算出一个通过所有检查并分发它的密钥，或者倒计时时钟等。 不管你的计划有多复杂，你为此所做的任何事情最终都将通过默默无闻而成为安全，他们将永远能够做到这一点。即使他们不能，也有人会分发被黑的版本。即使您提供加密狗，同样适用 - 如果有人愿意，他们也可以为此修补支票。对您的代码进行数字签名无济于事，他们可以删除该签名，或辞职。

You can complicate matters a bit by using techniques to prevent the program running in a debugger etc, but even this is not bullet proof. So you should just make it difficult enough that an honest user will not forget to pay. Also be very careful that your scheme does not become obtrusive to paying users - it's better to have some ripped off copies than for your paying customers not to be able to use what they have paid for.

您可以通过使用防止程序在调试器等中运行的技术使问题复杂化，但即使这样也不是万无一失的。所以你应该让它变得足够困难，以至于诚实的用户不会忘记付款。还要非常小心，您的计划不会对付费用户造成干扰 - 最好有一些盗版副本，而不是让付费客户无法使用他们付费的内容。

Another option is to have an online check - just provide the user with a unique ID, and check online as to what capabilities that ID should have, and cache it for some period. All the same caveats apply though - people can get round anything like this.

另一种选择是进行在线检查——只需为用户提供一个唯一的 ID，然后在线检查该 ID 应该具有哪些功能，并将其缓存一段时间。尽管如此，所有相同的警告都适用 - 人们可以绕过这样的事情。

Consider also the support costs of having to deal with users who have forgotten their key, etc.

还要考虑必须与忘记密钥等的用户打交道的支持成本。

edit: I just want to add, don't invest too much time in this or think that somehow your convoluted scheme will be different and uncrackable. It won't, and cannot be as long as people control the hardware and OS your program runs on. Developers have been trying to come up with ever more complex schemes for this, thinking that if they develop their own system for it then it will be known only to them and therefore 'more secure'. But it really is the programming equivalent of trying to build a perpetual motion machine. :-)

编辑：我只想补充一点，不要在这方面投入太多时间，也不要认为您的复杂计划会以某种方式不同且无法破解。只要人们控制您的程序运行所在的硬件和操作系统，它就不会，也不能。开发人员一直试图为此提出更复杂的方案，认为如果他们为此开发自己的系统，那么只有他们自己知道，因此“更安全”。但这确实是尝试构建永动机的编程等价物。:-)

The trick is to have an algorithm that only you know (such that it could be decoded at the other end).

诀窍是拥有一个只有你知道的算法（这样它就可以在另一端解码）。

There are simple things like, "Pick a prime number and add a magic number to it"

有一些简单的事情，例如“选择一个质数并为其添加一个幻数”

More convoluted options such as using asymmetric encryption of a set of binary data (that could include a unique identifier, version numbers, etc) and distribute the encrypted data as the key.

更复杂的选项，例如使用一组二进制数据（可能包括唯一标识符、版本号等）的非对称加密并将加密数据作为密钥分发。

Might also be worth reading the responses to this questionas well

也可能是值得一读的答复这个问题，以及

There are some tools and API's available for it. However, I do not think you'll find one for free ;)

有一些工具和 API 可用于它。但是，我认为您不会免费找到一个 ;)

There is for instance the OLicense suite: http://www.olicense.de/index.php?lang=en

例如有 OLicense 套件：http://www.olicense.de/index.php?lang=en

Who do you trust?

你信任谁？

I've always considered this area too critical to trust a third party to manage the runtime security of your application. Once that component is cracked for one application, it's cracked for all applications. It happened to Discreetin five minutes once they went with a third-party license solution for 3ds Maxyears ago... Good times!

我一直认为这个领域太重要了，不能信任第三方来管理应用程序的运行时安全性。一旦该组件为一个应用程序破解，它就会为所有应用程序破解。几年前，当Discreet使用3ds Max的第三方许可解决方案时，它在五分钟内就发生了……美好的时光！

Seriously, consider rolling your own for having complete control over your algorithm. If you do, consider using components in your key along the lines of:

说真的，考虑使用自己的算法来完全控制你的算法。如果您这样做，请考虑在您的密钥中使用以下组件：

• License Name - the name of client (if any) you're licensing. Useful for managing company deployments - make them feel special to have a "personalised" name in the license information you supply them.
• Date of license expiry
• Number of users to run under the same license. This assumes you have a way of tracking running instances across a site, in a server-ish way
• Feature codes - to let you use the same licensing system across multiple features, and across multiple products. Of course if it's cracked for one product it's cracked for all.

• 许可证名称 - 您正在许可的客户端（如果有）的名称。对管理公司部署很有用 - 让他们觉得在您提供给他们的许可证信息中有一个“个性化”的名字是特别的。
• 许可证到期日期
• 在同一许可证下运行的用户数。这假设您有一种方法可以以服务器式的方式跟踪跨站点运行的实例
• 功能代码 - 让您可以跨多个功能和多个产品使用相同的许可系统。当然，如果它是针对一种产品破解的，那么它就会针对所有产品破解。

Then checksum the hell out of them and add whatever (reversable) encryption you want to it to make it harder to crack.

然后对它们进行校验和并添加您想要的任何（可逆）加密以使其更难破解。

To make a trial license key, simply have set values for the above values that translate as "trial mode".

要制作试用许可证密钥，只需将上述值设置为“试用模式”即可。

And since this is now probably the most important code in your application/company, on top of/instead of obfuscation consider putting the decrypt routines in a native DLL file and simply P/Invoketo it.

由于这现在可​​能是您的应用程序/公司中最重要的代码，因此考虑将解密例程放在本机 DLL 文件中并简单地对其进行P/Invoke，而不是混淆。

Several companies I've worked for have adopted generalised approaches for this with great success. Or maybe the products weren't worth cracking ;)

我工作过的几家公司已经为此采用了通用的方法，并取得了巨大的成功。或者也许这些产品不值得破解;)

Whether it's trivial or hard to crack, I'm not sure that it really makes much of a difference.

无论是微不足道的还是难以破解的，我都不确定它是否真的有很大的不同。

The likelihood of your app being cracked is far more proportional to its usefulness rather than the strength of the product key handling.

您的应用程序被破解的可能性与它的实用性而非产品密钥处理的强度成正比。

Personally, I think there are two classes of user. Those who pay. Those who don't. The ones that do will likely do so with even the most trivial protection. Those who don't will wait for a crack or look elsewhere. Either way, it won't get you any more money.

我个人认为有两类用户。付钱的人。那些不这样做的人。那些这样做的人可能会在最微不足道的保护下这样做。那些不这样做的人会等待裂缝或寻找其他地方。无论哪种方式，它都不会让你赚更多的钱。

If you are asking about the keys that you can type in, like Windows product keys, then they are based on some checks. If you are talking about the keys that you have to copy paste, then they are based on a digitial signature (private key encryption).

如果您询问可以输入的密钥，例如 Windows 产品密钥，则它们基于某些检查。如果您在谈论必须复制粘贴的密钥，那么它们基于数字签名（私钥加密）。

A simple product key logic could be to start with saying that the product key consists of four 5-digit groups, like abcde-fghij-kljmo-pqrst, and then go on to specify internal relationships like f+k+p should equal a, meaning the first digits of the 2, 3 and 4 group should total to a. This means that 8xxxx-2xxxx-4xxxx-2xxxx is valid, so is 8xxxx-1xxxx-0xxxx-7xxxx. Of course, there would be other relationships as well, including complex relations like, if the second digit of the first group is odd, then the last digit of the last group should be odd too. This way there would be generators for product keys and verification of product keys would simply check if it matches all the rules.

一个简单的产品密钥逻辑可以首先说产品密钥由四个 5 位数字组组成，例如abcde-fghij-kljmo-pqrst，然后继续指定内部关系，例如 f+k+p 应该等于 a，这意味着 2 , 3 和 4 组应合计为一个。这意味着 8xxxx-2xxxx-4xxxx-2xxxx 是有效的，8xxxx-1xxxx-0xxxx-7xxxx 也是如此。当然，也会有其他关系，包括复杂的关系，例如，如果第一组的第二位数字是奇数，那么最后一组的最后一位数字也应该是奇数。这样就有了产品密钥的生成器，并且产品密钥的验证将简单地检查它是否符合所有规则。

Encryption are normally the string of information about the license encrypted using a private key (== digitally signed) and converted to Base64. The public key is distributed with the application. When the Base64 string arrives, it is verified (==decrypted) by the public key and if found valid, the product is activated.

加密通常是有关使用私钥（== 数字签名）加密并转换为Base64的许可证信息的字符串。公钥随应用程序一起分发。当 Base64 字符串到达​​时，它通过公钥进行验证（==解密），如果发现有效，则产品被激活。

There is the option Microsoft Software Licensing and Protection(SLP) Services as well. After reading about it I really wish I could use it.

还有Microsoft 软件许可和保护(SLP) 服务选项。在阅读了它之后，我真的希望我可以使用它。

I really like the idea of blocking parts of code based on the license. Hot stuff, and the most secure for .NET. Interesting read even if you don't use it!

我真的很喜欢根据许可证阻止部分代码的想法。热门内容，最安全的 .NET。即使你不使用它也很有趣！

Microsoft? Software Licensing and Protection (SLP) Services is a software activation service that enables independent software vendors (ISVs) to adopt flexible licensing terms for their customers. Microsoft SLP Services employs a unique protection method that helps safeguard your application and licensing information allowing you to get to market faster while increasing customer compliance.

微软？软件许可和保护 (SLP) 服务是一种软件激活服务，使独立软件供应商 (ISV) 能够为其客户采用灵活的许可条款。Microsoft SLP 服务采用独特的保护方法，帮助保护您的应用程序和许可信息，使您能够在提高客户合规性的同时更快地进入市场。

Note: This is the only way I would release a product with sensitive code (such as a valuable algorithm).

注意：这是我发布带有敏感代码（例如有价值的算法）的产品的唯一方式。

I have to admit I'd do something rather insane.

我不得不承认我会做一些相当疯狂的事情。

1. Find a CPU bottleneck and extract it to a P/InvokeableDLL file.
2. As a post build action, encrypt part of the DLL file with an XOR encryption key.
3. Select a public/private key scheme, include public key in the DLL file
4. Arrange so that decrypting the product key and XORing the two halves together results in the encryption key for the DLL.
5. In the DLL's DllMain code, disable protection (PAGE_EXECUTE_READWRITE) and decrypt it with the key.
6. Make a LicenseCheck() method that makes a sanity check of the license key and parameters, then checksums entire DLL file, throwing license violation on either. Oh, and do some other initialization here.

1. 找到 CPU 瓶颈并将其提取到P/InvokeableDLL 文件中。
2. 作为构建后操作，使用 XOR 加密密钥加密部分 DLL 文件。
3. 选择一个公钥/私钥方案，在DLL文件中包含公钥
4. 安排以便解密产品密钥并将两半异或在一起产生 DLL 的加密密钥。
5. 在 DLL 的 DllMain 代码中，禁用保护 (PAGE_EXECUTE_READWRITE) 并使用密钥对其进行解密。
6. 制作一个 LicenseCheck() 方法，对许可证密钥和参数进行完整性检查，然后对整个 DLL 文件进行校验和，对其中任何一个抛出许可证违规。哦，在这里做一些其他的初始化。

When they find and remove the LicenseCheck, what fun will follow when the DLL starts segmentation faulting.

当他们找到并删除 LicenseCheck 时，当 DLL 开始出现分段错误时，会有什么有趣的事情发生。

If you want a simple solution just to create and verify serial numbers, try Ellipter. It uses elliptic curves cryptography and has an "Expiration Date" feature so you can create trial verisons or time-limited registration keys.

如果您想要一个简单的解决方案来创建和验证序列号，请尝试 Ellipter。它使用椭圆曲线密码术并具有“到期日期”功能，因此您可以创建试用版或限时注册密钥。

Another good inexpensive tool for product keys and activations is a product called InstallKey. Take a look at www.lomacons.com

另一个用于产品密钥和激活的物美价廉的工具是名为 InstallKey 的产品。看看www.lomacons.com