Nitrokey as license token



we are currently exploring the Nitrokey to act as license token for one of our products to replace a mechanism that currently uses the host id of the machine. Ultimately, the software should run on any machine that has valid Nitrokey plugged into it.

I was wondering if anyone else has done something similar before and would be willing to share
experience? What we are thinking of doing right now is to (1) create a key-pair on the device, (2) sign those
keys with one of our licensing keys, and then upon startup of the software (3) let the token authenticate
itself (a random challenge that is encrypted on the token) and (4) check that the public key
is signed with our licensing key (whose public part is stored in the software binary).

Does anyone see anything wrong with that approach?



Hmm, why do you not use a stick that is build to do this for you - e.g. like CodeMeter from Wibu ?

It might also workk with the NK, but you might need more effort to do so …
Just an idea …


I read this far too late I presume, but I find funny that our OP is asking here for open signature technologies and we manage to tell him to go away to a similar competitor, but closed… :thinking:


Yeah, might be - but on the other side: you don’t use the same car for transportation, speed racing and other stuff, when there is a good solution in place for each separate area of duty. So I think you should use currently NK as designed (key storage and encryption).
BTW: if you want to use a dongle for licensing, I have my doubts if you really want to publish the way how you check the dongle, nor ?
Anyhow, nobody else has answered, so I assume nobody did use NK as dongle replacement.