Changing the encryption keys used to encrypt your license keys and license files is a good practice for an enhanced security of your application. This article describes the process to follow for changing encryption keys.
It is recommended to never change encryption keys for a product version that you've already created license keys for. Instead, you should always create a new version of an existing product and change the encryption keys in the new product.
For example, assume you've released a product called "My Product 1.0". Instead of changing the encryptions keys of "My Product 1.0", you should create a new version of the product in QLM, say "My Product 1.1" and create new encryption keys for "My Product 1.1".
- In the QLM Management Console, go to the Define Products tab
- Click New and select "New version of an existing product"
- Keep the "Use same GUID" option checked
- Click Ok
- Specify a version for the new product
- To avoid having the new product available to your customers until it's officially released:
- Go to the "Latest version" tab and uncheck "Include in Check for updates"
- Go to the "Advanced" tab and uncheck "Include on customer site"
- Go to the Encryption tab for the new product
- In the "Encryption keys use to encrypt license keys" section, click New and agree to the next prompt.
- In the "Encryption keys use to digitally sign license files" section, click New and agree to the next prompt.
- Note previous encryption keys are copied to the "Previous Encryption Keys" tab. They will be uploaded to the server when your product definition is uploaded to the server.
- Save the product
- Go to the Manage Keys tab to trigger a synchronization of the product and select to "update the modified" products when prompted to upload the new product definition to the server.
In order to continue to recognize license keys created with the old encryption keys, you must include the old encryption keys in your application. The old encryption keys will be used to validate activation keys only. Any new computer key generated by the server will use the new encryption keys.
To include the old encryption keys in your application:
- Go to the Protect Your Application tab
- Step through the wizard to generate the LicenseValidator class and the XML Settings file for the new product. The previous encryption keys will be automatically added to the XML Settings file and the LicenseValidator class.
If you are not using the LicenseValidator class or the XML Settings file, you can set the QlmLicense.PreviousPublicKeys and QlmLicense.PreviousRsaPublicKeys properties.
System Behavior for Existing Customers
Customers using older version
For customers using the older version of your product ("My Product 1.0"), they will continue to use the old encryption keys since the old encryption keys are still associated with the older version of your product.
Customers who upgraded to the new version
Existing customers who upgrade to the new version of your product, they will need to reactivate their license in order to receive a new Computer Key. If you enable server-side license validation, the process is automatic.
Customers using the new version
Customers who install the new version of your product with a license key generated for the new version will work normally as expected.
Note that for customers who install a new version and want to downgrade to an older version, you will need to issue a new Activation Key for the older version.