Mawg Mawg - 25 days ago 9
PHP Question

How to make a file that user can read, but not write?

I want to distribute s/w licenses as encrypted files. I create a new file every time someone buys a licence & email it out, with instructions to put it in a certain directory.

The PHP code which the user runs should be able to unencrypt the file (and the code is obfuscated to stuff him hacking that). Obviously the user should not be able to write a similar file.

Let's not discuss whether this is worth it. I have been ordered to implement it, so ... how do I go about it? Can I use public key encryption and give him one key?




Can't I just give the user one key & keep the other? HE can read & I can write

caf caf
Answer

It sounds like what you are looking for is a digital signature.

When you create the license file, you sign it using your private key. When the application loads the license file, it verifies the signature using your public key, which is hardcoded into your obfuscated license check.

Obviously, the user can just patch the license check code itself - either to replace your public key with their own, or just to avoid the license check altogther - but there's really nothing you can do about that.