Copy protection with server-side js


#1

Hey Folks,

  I'm trying to write a simple RSA-based licensing scheme using server-side js and, of course, JUCE (plus whatever else I can find) on the app-side.

Becuase I'm using an e-commerce provider, server-side functions are limited to:

Special Functions

The following additional functions are available:

sha1HexDigest(arg1) - arg1 is the String to produce the SHA1 hex digest for.
md5HexDigest(arg1) - arg1 is the String to produce the MD5 hex digest for.
aes(arg1,arg2) - arg1 is a 128 bit AES key in Base64. arg2 is the String to encrypt. Returns a Base64 String.
dsaSign(arg1,arg2) - arg1 is a 512 or 1024 byte DSA key in PEM format. arg2 is the String to sign. Returns a Base64 String.
base64(arg1) - arg1 is the String to convert to Base64. Returns a Base64 String.
base64Decode(arg1) - arg1 is the Base64-encoded String to decode. Returns a String.
rsaSha512Sign(arg1, arg2) - arg1 is the private key PEM, arg2 is the data to sign using SHA-512 with RSA. Returns the signature as a Base64 String.

So I tried the following:

rsaSha512Sign(privateKey, license);

Where license is just based on user info. I'm making the assumption that rsaSha512Sign does a sha512 hash followed by RSA (does that sound right?)

Then on the JUCE side, I hashed the same user info with sha512 (I had to find an implementation, since JUCE only has SHA256). Then compared the hash with the decrypted license (using the public key for decryption).

Unfortunately the decrypted license is much longer than the sha512-hashed user info. Any ideas?

Given the above functions, and JUCE, would you do the licensing differently?

thanks!