cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
KevinL33
Flexera beginner

lmcrypt security

We ran into a situation recently where the tech who was tasked to create licenses left the company. Although we're not worried about that particular individual's ethics or morals, we can see that its a definite security issue. Someone could walk away with lmcrypt and have the ability to create licenses (illegally) forever.

How do others deal with this, I'm sure we're not the first to run into this dilemma.
0 Kudos
5 Replies
Flexera Aparashar
Flexera

Re: lmcrypt security

Hi KevinL33,

A lmcrypt executable, vendor daemon executable and lmgrd executable are the 3 most sensitive part of any publisher (/customer) who generates licensing.

So it becomes a publishers responsibility to insure their safety. And yes if lmcrypt is in the air, its a security issue and i am afraid that it can't be tracked down. (for example, create an uncounted license and use it forever)

Regards,
Abhay
jefflaing
Flexera beginner

Re: lmcrypt security

Why is lmgrd.exe sensitive? Until very recently (as I recall), anyone could download the latest version, there should be nothing specific in that binary to your private key.
0 Kudos
PhilipMJones
Pilgrim

Re: lmcrypt security

I totally agree the reply with regard to lmgrd is confusing. 

The security within FLEXera depends upon your secret keys and those are obviously compiled into lmcrypt, your vendor daemon and your application.

Any "off the shelf" executables such as lmgrd and lmutil have no relationship to your secret keys at all. 

0 Kudos
umair1
Flexera beginner

Re: lmcrypt security

A lmcrypt executable, merchant daemon executable and lmgrd executable are the 3 most touchy piece of any distributer (/client) who produces permitting.

So it turns into a distributers duty to protect their wellbeing. Also, yes if lmcrypt is noticeable all around, its a security issue and I am anxious about the possibility that that it can't be found. (for instance, make an uncounted permit and use it until the end of time), air blue


@PhilipMJones wrote:

I totally agree the reply with regard to lmgrd is confusing. 

The security within FLEXera depends upon your secret keys and those are obviously compiled into lmcrypt, your vendor daemon and your application.

Any "off the shelf" executables such as lmgrd and lmutil have no relationship to your secret keys at all. 


 

0 Kudos
Flexera aparashar1
Flexera

Re: lmcrypt security

It was a figure of speech, when i mentioned that vendor daemon, lmcrypt and lmgrd are 3 most important part of the licensing setup. Yes, lmgrd is an off the shelf executable and can be downloaded externally. As a rule of thumb, any executable being built at run time, (through makefile/makefile.act)becomes vendor specific and must be protected. lmutil and lmgrd are not built during toolkit built and hence are non daemon specific.