I've got my encryption based reg system going, but it creates an issue.

The keys are 1024 bits long, which is 128 bytes, or 256 characters in hex. No user is going to sit there and type in 256 characters.

So what I've done is put tags around the username and reg key:

<regkey>
43435ab345 52452 453 ....
</regkey>

Users can cut and paste the whole email into the registration box, and have the app parse out the reg code and username. Or, alternatively, users can save the email to a text file and open it with the comon open dialog box.

Is this too much to ask of the user? Can I expect someone down the road is going to be able to handle copy and paste. My thinking is that if they can use a credit card to buy an app, then they should be able to at least copy and paste an email.

Our reg keys are not that long, but we ask the customers to just copy the code and then run the game.
It's not necessary to make them paste, you can read from the copy buffer (clipboard) when your game launches.

This works fine for us, but we do instruct them how to copy.

I would be a bit confused and put off by the idea of copy pasting the whole e-mail. I think simply having them paste the code would be sufficient, although the tags are a good idea in case someone unknowingly copy pastes all or part of the e-mail (it's not like Outlook doesn't have copy paste problems). Might I ask though why such a long key is necessary? What's the theory behind it actually deterring crackers (and if you want to get more technical, the proof that the piracy reduction is financially worth the trouble caused for paying customers)? If someone writes a keygen, won't the length of the key quickly become irrelevant? My software will be using a 20 character key, what am I missing out on?

You could do this 3 ways.
1)Send the key in the email, and tell them to copy and paste it. Also, have your game smart enough so that you can just copy and paste the whole email, and your game will figure it out.

2)Have your game register a file extension, and send an attachment of this type with the email. The user could then just open the attachment and it will be passed to your game.

3)You could include a link in the email where the user could click to download the reg key as a file (in case they don't know how to open an attachment). Of course, the file downloaded would also be of your registered extension, so it would be passed to your game automatically when they opened it

Or mix and match. 1 & 2 or 1 & 3 seem good. You could possibly do 1, 2 & 3, but that might be a bit confusing.

Hi LizardSoft,

The key has to be long because its an RSA encrypted string. A 1024 bit RSA key is about equivalent to a 80-bit block cipher. From what I've read, 256-bits can be cracked pretty easy, and 128-bits can take minutes on a home PC. 512 would probably be ok, but is not long enough to encrypt what I'm trying to encrypt.

A key generator is not possible with an algorithm like RSA. There are two keys, a private (encrypt) key and a public (decrypt) key. Crackers cannot get the encrypt key because the app only has (and needs) the decrypt key. Since only the encrypt key is used to generate keys, no keygens.

The only way to crack the software would be for someone to actually buy it, and use the valid key to get the full code out. If no one buys the game ever, it will never be cracked this decade. They could also distribute the valid key, but since the valid key contains a username hash, it will not work unless the correct user name is also presented. This means that if John Smith leaks his code, all the serial sites have to list "John Smith" for the reg key to work.

Even with all this protection, its still crackable with a purchased key and a debugger. Hopefully, the purchased key part will make crackers feel like cheaters.

Originally posted by WreckerOne
Even with all this protection, its still crackable with a purchased key and a debugger. Hopefully, the purchased key part will make crackers feel like cheaters.
Not at all. They will happily buy your game with a stolen credit card.

Lots of good ideas so far. Also read the last few posts in this thread:

http://www.dexterity.com/forums/showthread.php?s=&threadid=487

I liked the idea about not requiring pasting the key from the clipboard. But I think it may be confusing for inexperienced users if you try to implement some feedback (like saying they have copied only a part of the key). In this case they will launch your game and will get an error. Guess where will they go? Tech. support. :)

As for attachments, I would like to go this way myself as I've found it's a much easier way for newbies. Unfortunately, RegSoft can't handle them as well as multi-line registration numbers *sigh*. By the way, you can use ".reg" extension to avoid the hassle of registering your own. Then read you registration key from the registry. It may be a bit less crackers proof compared to copying and pasting though.

I'd recommend to focus on somewhere else than registration codes (if users have to do something), Sometimes even a simple "copy & paste" can be too hard if not-so-experienced players "just wants to play"...

Every month I get an email from someone who bought my game and can't get the reg key entered into the game.

The email always comes in like this:

"I can't get your game. help".

Or soemthing like that. I need to go through all the steps "What error message are youg etting"

I eventually get it to work. But I've learned that these people either:

Are having problems with long URLs or are typing the reg code instead of copying and pasting.

I wrote a "how to copy and paste" section for my website, and this sovles the problem. Sometimes I still have to email them the text from it (or a short link to it) but it has always worked:

http://www.monolux.com/support/store-solutions.htm#copy

However For my next game I'm going to be looking at making this even better: It turns out there's javascript code to automatically copy into (and paste from) a user's Copybuffer. So you can have a URL to a page that will Copy the serial number into your their copybuffer, then have the game Paste it.

The website that I saw that does this is SnipURL. First, copy a URL that is NOT THEIRS (try www.monolux.com, for example). Then visit http://www.snipurl.com . The URL should appear automatically in the text box on the page. If you go ahead and make a snipURL (their website does URL shortening), you'll find on the next page that the URL will be in your copybuffer, ready to be pasted.

The Javascript to do this is in the website's source code.

~Hanford

I really would avoiud using attachments in an email. Most attachments in emails are viruses. I get many Virii a day and even have rules set up to filter emails with attachments to a potential spam directory. Im sure many people do likewise, and some antivirus progs might even reject your email if it has an attachment with an unknown file extension, and a .reg file is an absolute no-no I guess.

Originally posted by bstone
By the way, you can use ".reg" extension to avoid the hassle of registering your own.
Actually, I thought there was a reason to avoid using .reg files. We had this discussion some time ago in the ASP newsgroups, and I think someone suggested that there was problem with using .reg files (either it was blocked by a virus scanner, or Outlook express doesn't allow you to open them as a security precaution, or something like that).

OK, everything said about the disadvantages of attachments is valid. I should have thought about them more carefully. Just forget about them :)