Can I do customized value checking on the server side?

[HanShijia999]

We want to store the checksum of our source code on the Keygen server side.
At license activation time, the client-side app will calculate the checksum and send it to the server. Then the server can compare the checksum with the stored value and reject any request with a wrong checksum.

Is this possible?

Any help is appreciated!

[ezekg]

Not out of the box. I mean, you could use machine activation for this (e.g. make the machine fingerprint the checksum), but that's not really what it's meant for. Are you using Keygen to distribute your application? E.g. using releases ¹ and artifacts ².

Footnotes

1. https://keygen.sh/docs/api/releases/ ↩

2. https://keygen.sh/docs/api/artifacts/ ↩

[HanShijia999]

Hello Zeke,
Thank you for your comment. I'm surprised that we somehow reached the same solution.
We are using the offline licensing and we currently append the checksum after the machine fingerprint.
The downside of this solution is, a user can edit the source code before doing the activation and a wrong checksum will be saved.

Our App is still in the development phase, we haven't thought about distribution. Surprised to know we can even do that with Keygen.

Zeke, do you think I can store a checksum as some empty Artifact or some other object, then retrieve it and do checking on the client side?

[ezekg]

I was asking if you used Keygen to distribute because we're working on a new feature that may align with what you're asking for here: keygen-sh/keygen-api#620. Essentially, you would be able to send a scope.checksum parameter during validation, and if the license doesn't have permission to access an artifact with that specific checksum, the validation will fail.

[HanShijia999]

Thank you Zeke!

[ezekg]

This is now available via the scope.checksum license validation scope.

[HanShijia999]

Thank the help Zeke.
The new feature fits our needs well!