Search code examples
electronserial-numberproduct-key

Is it possible to create product keys for my electron application?


I want to build a desktop application and be able to publish product keys or serial numbers.Before the user can use the application he will be requested to enter the product key/serial number.

Similar to Microsoft Office when they provide keys like XXXX-XXXX-XXXX-XXXX

The idea I have is to sell the app based on licenses and providing product key for every device seems more professional than accounts (usernames and passwords).

so my questions are:

1) Is it possible to accomplish this with electron?

2) Can you advice me wether I should go for serial numbers (if it is doable) or accounts? or are there better options?

3) if you answered the second question. Please state why?


Solution

  • Edit for 2021: I'd like to revise this answer, as it has generated a lot of inquiries on the comparison I made between license keys and user accounts. I previously would almost always recommended utilizing user accounts for licensing Electron apps, but I've since changed my position to be a little more nuanced. For most Electron apps, license keys will do just fine.

    Adding license key (synonymous with product key) validation to an Electron app can be pretty straight forward. First, you would want to somehow generate a license key for each user. This can be done using cryptography, or it can be done by generating a 'random' license key string and storing it in a database and then building a CRUD licensing server that can verify that a given license key is "valid."

    For cryptographic license keys, you can take some information from the customer, e.g. their order number or an email address, and create a 'signature' of it using RSA cryptography. Using Node, that would look something like this:

    const crypto = require('crypto')
    
    // Generate a new keypair
    const { privateKey, publicKey } = crypto.generateKeyPairSync('rsa', {
      // Using a larger key size, such as 2048, would be more secure
      // but will result in longer signatures.
      modulusLength: 512,
      privateKeyEncoding: { type: 'pkcs1', format: 'pem' },
      publicKeyEncoding: { type: 'pkcs1', format: 'pem' },
    })
    
    // Some data we're going to use to generate a license key from
    const data = '[email protected]'
    
    // Create a RSA signer
    const signer = crypto.createSign('rsa-sha256')
    signer.update(data)
    
    // Encode the original data
    const encoded = Buffer.from(data).toString('base64')
    
    // Generate a signature for the data
    const signature = signer.sign(privateKey, 'hex')
    
    // Combine the encoded data and signature to create a license key
    const licenseKey = `${encoded}.${signature}`
    
    console.log({ privateKey, publicKey, licenseKey })
    

    Then, to validate the license key within your Electron app, you would want to cryptographically 'verify' the key's authenticity by embedding the public (not the private!) key generated above into your application code base:

    // Split the license key's data and the signature
    const [encoded, signature] = licenseKey.split('.')
    const data = Buffer.from(encoded, 'base64').toString()
    
    // Create an RSA verifier
    const verifier = crypto.createVerify('rsa-sha256')
    verifier.update(data)
    
    // Verify the signature for the data using the public key
    const valid = verifier.verify(publicKey, signature, 'hex')
    
    console.log({ valid, data })
    

    Generating and verifying the authenticity of cryptographically signed license keys like this will work great for a lot of simple licensing needs. They're relatively simple, and they work great offline, but sometimes verifying that a license key is 'valid' isn't enough. Sometimes requirements dictate that license keys are not perpetual (i.e. 'valid' forever), or they call for more complicated licensing systems, such as one where only a limited number of devices (or seats) can use the app at one time. Or perhaps the license key needs a renewable expiration date. That's where a license server can come in.

    A license server can help manage a license's activation, expirations, among other things, such as user accounts used to associate multiple licenses or feature-licenses with a single user or team. I don't recommend user accounts unless you have a specific need for them, e.g. you need additional user profile information, or you need to associate multiple licenses with a single user.

    But in case you aren't particularly keen on writing and maintaining your own in-house licensing system, or you just don't want to deal with writing your own license key generator like the one above, I’m the founder of a software licensing API called Keygen which can help you get up and running quickly without having to write and host your own license server. :)

    Keygen is a typical HTTP JSON API service (i.e. there’s no software that you need to package with your app). It can be used in any programming language and with frameworks like Electron.

    In its simplest form, validating a license key with Keygen is as easy as hitting a single JSON API endpoint (feel free to run this in a terminal):

    curl -X POST https://api.keygen.sh/v1/accounts/demo/licenses/actions/validate-key \
      -d '{
            "meta": {
              "key": "C1B6DE-39A6E3-DE1529-8559A0-4AF593-V3"
            }
          }'
    

    I recently put together an example of adding license key validation, as well as device activation and management, to an Electron app. You can check out that repo on GitHub: https://github.com/keygen-sh/example-electron-license-activation.

    I hope that answers your question and gives you a few insights. Happy to answer any other questions you have, as I've implemented licensing a few times now for Electron apps. :)