Remote Key Encryption

Discussion in 'Spigot Plugin Development' started by juicykitten, Apr 21, 2017.

  1. Hello,

    I have a question about Spigot development. One of the resources I am working on uses AES encryption to protect the integrity and structure of certain plugin data files - the key for the encryption is stored on a remote web server as a sort of DRM feature. Is it permitted by the submission rules/regulations to have a plugin download the raw encryption key string from a remote server via HTTPS and use that to decrypt the data files out of their encrypted form? The encryption stuff is only operating on data files associated with this resource.
     
  2. foncused

    Moderator Patron

    From the Premium Resource Guidelines:

    DRM systems are (provisionally allowed), with the following key caveats:
    • All resources must run directly from downloaded file without any manual installation steps or internet access. This means that licensing systems of any form are prohibited.
    Due to the above rule, I do not believe this is allowed.
     
  3. What would it matter anyway: you can simply extract the keys from the incoming requests
     
    • Winner Winner x 1
  4. We've devised a solution to mitigate the risk of interception via this method; I've simplified the problem for the benefit of not confusing the question.
     
  5. I can assure you, it doesn't exist :p. A legitimate user will have access to the whole key, no matter what (because that's what they'd pay for)
     
    • Winner Winner x 1
  6. MiniDigger

    Supporter

    your plugin has to work without connection to the internet. those any of those request are useless, I could just block your server in my firewall and you would still have to be able to decrypt the files.
     
    • Optimistic Optimistic x 1
  7. I made a key system that does not attempt a customer to use directly the plugin.
    But if he did not enter the key, he get a spam message for all players every 10 minutes.
    This method is totally rexpecting the rules, however spigot has said: "NO!"
    So do not try to do any key system this is useless...