Frequently asked questions about Cryptolens.
How does expiry date work?
Expires
. The question is, how can we create licenses that never expires?It turns out that expiration date will not affect the validity of a license by default. For example, all code snippets provided in the key verification tutorial assume that a license is time-unlimited.This may feel a bit counter-intuitive and we are continuously working on improving the APIs to make this more trivial.For now, if you see that a code-example contains a call to the activate
method (which all examples do at the moment), it means that you need to check the expiration date even if you get a successful result. A way to do this is to call HasNotExpired
(depending on the library) or simply check the Expire
field. If you plan to support both time-limited and time-unlimited licenses, you can use one of the feature flags as a way to distinguish this. Please read more here.How do I block expired licenses?
start countdown upon activation=true
and MaxNoOfMachines=1
, it will not be blocked if it has not been activated. This way, you can pre-generate the licenses and ensure that your customer can still activate them, even when the expiration date has passed. However, once it has been activated, it will be blocked after the new expiration date (assuming that the license is marked as time-limited).How do I start the time limit from the moment the license activates?
How to specify which license is time-limited?
Activate
method). When the limit is reached, no more machine codes will be added. There are two special cases that is important to keep in mind:
What happens when Maximum number of machines is set to zero?
Helpers.IsOnRightMachine()
will return false if no machine code is registered with the license, which will be the case if maximum number of machines is set to 0. As a solution, please check the MaxNumberOfMachines
field, ensuring it is not 0, before calling Helpers.IsOnRightMachine()
.What happens when Maximum number of machines is decreased?
How can access can be restricted to specific machines?
What's the difference between Node-locked vs. floating licenses?
ActivatedMachines
property of a LicenseKey or in the list of Activated devices (in the dashboard). You will need to deactivate unused devices if want to allow new devices to use the license.In the floating license case, the devices will be registered with the license key temporarily and it will therefore not be possible to list all of them in ActivatedMachines
property. Only the floating license device that is being activated in the request will be shown.FloatingTimeInterval
variable. If a device fails to send a request (aka heartbeat) within that interval, it will automatically be deactivated and other devices will be able to activate (i.e. use that seat).FloatingTimeInterval
is set to 100 by default and can easily be changed.What is the friendly name?
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
. If you customer has many end users (i.e. activated devices), navigating between these device fingerprints can become troublesome. To resolve this, you can provide a FriendlyName
when you call Key.Activate
. At the time of writing, this is supported in our .NET client.There are a couple of ways you can compute the friendly name for a particular user. At this point, our recommendation is to set it to Environment.MachineName. For example, if your customers use Active Directory, the machine name will show up in the list of devices (for a particular user) in Active Directory Admin dashboard:What is an end user / machine code?
Key.Activate
method with MachineCode=Helpers.GetMachineCode()
. The Helpers.GetMachineCode()
will return a device fingerprint that is unique for each device.However, there are other ways end users can be defined. The choice will depend on your specific licensing model. We will briefly outline several other ways it can be defined:Per processIf your customers will be able to run multiple instances on the same machine, you can define the end user so that includes the process id in addition to the fingerprint of the device. For example, it can be defined in .NET as follows:Machine code generation
cat /proc/device-tree/model
), we will extract the “Serial” by running the following command:Helpers.GetMachineCodePI(v:2)
in .NET, you will get the same machine code generated on Windows as in the Python library with similar settings.Helpers.GetMachineCode(2)
on Windows. It will use the UUID of the device and works in the cryptolens-android.jar
, which does not depend on slf4j
.Helpers.GetMachineCode(v=2)
in Python and Helpers.GetMachineCodePI(v: 2)
in .NET, the machine code will be the same on Windows.Protecting RSA Public Key and Access Tokens
RSA Public Key
, Access Token
and ProductId
.Note: the RSA public key can only be used to verify a license key object, the private key that is used for signing is stored on our server.
Activate
a license key. The permission to Create Key
should only be accessible in applications that you control, eg. on your server.So if you have a restricted access token, the chances that an adversary will be able to do any harm is minimal. For example, the worst that an adversary can do is to activate more devices (up to a certain limit), which can be fixed quite easily in the dashboard.Troubleshooting
Error message | Description |
---|---|
Unable to authenticate | The access token is wrong. It is also shown if the subscription has expired. API access requires an active subscription. |
Something went wrong. Please contact [email protected] and we will try to fix it. | A temporary server error. Try again with a new request. |
No active subscription found. Please contact support. | No active subscription is associated with the account and thus the API call failed. The error can be fixed by updating your billing information and add a valid payment method on the billing page. |
Access denied | The access token is correct but it does not have sufficient permission. Make sure that if you, for example, want to call GetKey that the access token has “GetKey” permission. |
Not enough permission and/or key not found. | If you have checked that the product contains the license key and the access token has the right permission to call the method, this error can be fixed by setting Key Lock to -1 when creating the access token (assuming that you are working with data object related methods). |