I have a program which has paid addons, which get updated frequently. Users will have to buy a subscription to be able to use certain addons (i.e pay a monthly free).
The main reason I chose a subscription based model for the addons is simple, the updates are really the selling point as the addons must be updated frequently. Long story short, these addons are basically useless without updates because the software it works with also gets updated frequently and things will beak.
Now to the file download. I would basically like to only allow paid users to use these addons.
Normally with a central server and database this is rather trivial, but not so when you can not have a central server with a database. (I have no influence over this.)
This is the most efficient solution I came up with:
The above solution has the following characteristics:
This solution is alright, but starts getting problematic when the user and addon count increases.
Example:
** key (64) + initialization vector (32) + file format overhead per key, so that the software can find the right key to decrypt.
Even in the best case (impossible) scenario it would be a 96 MB keyfile.
Are there any other solutions to this (un)known problem? What are they called and where are they used?
You are trying to implement DRM, although the data in this case is the add-on. This is known to have no solution unless you control the user's device (to a large extend).
A direct solution to your problem is to use a single data key to encrypt your data a single time. You then encrypt the data key with the users key. Of course, it only takes one known key to decrypt the data this way, but that's also true for your previous scheme.
Note that by default, AES encryption only adds confidentiality. Confidentiality is easily broken. I would at least add integrity and authenticity using an authentication tag (e.g. using HMAC). This way you can make a relatively safe scheme that works unless (or, for DRM, until) the code of your application is hacked or user keys are shared.