Application Locking using Asymmetric Encryption
A common feature request for professional software is to prevent abuse of
For licensing or security reasons, you may be requested to "lock" the execution of programs, maybe tools or services.
Our Open-Souce mORMot framework can leverage
Asymmetric Cryptography to ensure that only allowed users could run some
executables, optionally with dedicated settings, on a given computer.
It offers the first brick on which you may build your own system upon.
From the User point of view, he/she will transmit
email@example.com file, then receives a corresponding
firstname.lastname@example.org file, which will unlock the application.
Pretty easy to understand - even if some complex asymmetric encryption is involved behind the scene.
dddInfraApps.pas unit publishes the following
ECCAuthorize function and type:
type TECCAuthorize = (eaSuccess, eaInvalidSecret, eaMissingUnlockFile, eaInvalidUnlockFile, eaInvalidJson);
function ECCAuthorize(aContent: TObject; aSecretDays: integer; const aSecretPass, aDPAPI, aDecryptSalt, aAppLockPublic64: RawUTF8; const aSearchFolder: TFileName = ''; aSecretInfo: PECCCertificateSigned = nil; aLocalFile: PFileName = nil): TECCAuthorize;
This function will use several asymmetric key sets:
- A main key set, named e.g.
applock.private, shared for all users of the system;
- Several user-specific key sets, named e.g.
userhost.secret, one for each
userand associated computer
ECCAuthorize function is executed, it will search for
userhost.unlock file, named after the current logged user
and the computer host name. Of course, the first time the application is
launched for this user, there will be no such file. It will create two local
userhost.secret files and return
The main key set will be used to digitally sign the
User-specific key sets will be used to encrypt the
Please check for updated information in our online documentation!
Feedback is welcome in our forum, as usual.