licensing - Multicast encryption for a file download -


i have program has paid addons, updated frequently. users have buy subscription able use addons (i.e pay monthly free).

the main reason chose subscription based model addons simple, updates selling point addons must updated frequently. long story short, these addons basically useless without updates because software works gets updated , things will beak.

now file download. allow paid users use these addons.

normally central server , database rather trivial, not when can not have central server database. (i have no influence on this.)

this efficient solution came with:

  • user gets random aes256 key.
  • we encrypt paid addon random aes256 key.
  • we encrypt addon's key users key.
  • rinse , repeat above users , addons , create 1 monolithic keyfile.
  • upload encrypted addon file, , monolithic keyfile filesharing service.

the above solution has following characteristics:

  • ability revoke keys in subsequent versions. (very important)
  • no security obscurity. can download addon or keyfile of no use them unless have key computationally infeasable bruteforce aes256.

this solution alright, starts getting problematic when user , addon count increases.

example:

  • we have 10,000 users , 100 addons.
  • 10,000 users * 100 addons = 1,000,000 keys
  • 1,000,000 keys * 300 bytes per key** = 300mb

** key (64) + initialization vector (32) + file format overhead per key, software can find right key decrypt.

even in best case (impossible) scenario 96 mb keyfile.

are there other solutions (un)known problem? called , used?

you trying implement drm, although data in case add-on. known have no solution unless control user's device (to large extend).

a direct solution problem use single data key encrypt data single time. encrypt data key users key. of course, takes 1 known key decrypt data way, that's true previous scheme.

note default, aes encryption adds confidentiality. confidentiality broken. @ least add integrity , authenticity using authentication tag (e.g. using hmac). way can make relatively safe scheme works unless (or, drm, until) code of application hacked or user keys shared.


Comments

Post a Comment

Popular posts from this blog

javascript - RequestAnimationFrame not working when exiting fullscreen switching space on Safari -

request animation frame stops working when exiting fullscreen clicking on original space's safari window. fine if fullscreen mode canceled escape key or calling cancelfullscreen(). steps reproduce: open https://dl.dropboxusercontent.com/u/769042/prezi/safari-fullscreen.html click "draw raf", kittie appears click "fullscreen", go fullscreen click "draw raf", kittie appears go space original safari was, showing "click exit fullscreen mode", click anywhere, out fullscreen click "draw raf", nothing happens what handling click calling: window.requestanimationframe(draw); which draws on canvas context: function draw() { ctx.drawimage(img, math.random()*500|0, math.random()*400|0, 100, 100); } i checked .hidden , .visibilitystate, updated correctly. tested on osx 10.9.3, safari 7.0.4 (9537.76.4). has workaround/solution other switching old settimeout? this sounds webkit bug 88940 : using reque
Read more

Python ctypes access violation with const pointer arguments -

i have api i'm trying wrap in python (2.7.6 on win7) code using ctypes. here's api: client_dllfunc bool clientapi search_exporttoclipcopy(clienthsearch handle, int channel, lpctstr filename, const time_t& from, const time_t& to, const bool* cameras, int length, bool usepassword, lpctstr password, bool includetextin = false, bool excludeplayer = false); the issue i'm having cameras argument; , i've had issue other const pointer arguments well. here's how i'm wrapping api: def search_exporttoclipcopy(self, hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, password, includetextin=true, excludeplayer=false): exporttoclipcopy = self.sdkdll.search_exporttoclipcopy exporttoclipcopy.argtypes = [c_int, c_int, c_wchar_p, c_long, c_long, pointer(c_bool), c_int, c_bool, c_wchar_p, c_bool, c_bool] exporttoclipcopy.restype = c_bool exporttoclipcopy(hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, pass
Read more