we are currently exploring the Nitrokey to act as license token for one of our products to replace a mechanism that currently uses the host id of the machine. Ultimately, the software should run on any machine that has valid Nitrokey plugged into it.
I was wondering if anyone else has done something similar before and would be willing to share
experience? What we are thinking of doing right now is to (1) create a key-pair on the device, (2) sign those
keys with one of our licensing keys, and then upon startup of the software (3) let the token authenticate
itself (a random challenge that is encrypted on the token) and (4) check that the public key
is signed with our licensing key (whose public part is stored in the software binary).
Does anyone see anything wrong with that approach?