lastlink
commented
5 years ago your public and private key should probably be hard coded into your application or at least built into it (not stored in git). these absolutely should not be in the db. also the licenses probably should be encrypted, besides the signature users can edit the values if you keep it as plain text. although this is great for debug purposes.
for validation you could lock licenses by device if you request a device id from the user first, you'll have to do your own validation for this. the better option is to use a validation server that you have users register and deregister devices, the application should check if it's still registered or there is an open slot when it first turns on.
Hi ,
if we validate license with PC , and same distribution copied to new PC , i need to installation copied so i will ask user to enter some password or whatever feature , is it possible ?
in first run of application , my idea to ask user enter a key and i will validated once after that in each run of application i need to run validation but i don't want to ask user to entered key ? also it is not right to save Key in database even if it is hashed ?
thanks in advance