You are on page 1of 22

Sentinel Hardware Key

Quick Start Guide
Sentinel Hardware Key guards your software against unauthorized use by
providing reliable and easy-to-use protection technology. It is the easiest
way to license/protect your application. The licensed application uses the hardware
key to support the license agreement you have with your customer. It has options to
quickly protect your applications and ways to implement intensive and controlled
protection strategies. Before you get started to license your application, you need to
decide the type of licensing you would use in your application. With SentinelHardware Key, every user of your application needs to obtain a license before he can
run the application. The license allows the user to start the application and access
the hardware key.
The license limit indicates the maximum number of concurrent users of the
application. Each instance of an application uses a license when it is started.
Licenses can be used in two ways with a stand-alone application or with a network
application. If the application is stand-alone, each user needs his own hardware key,
as only one license can be obtained from each key. If the application is a network
application, only one key located on the network is required, but the single key can
issue multiple licenses, allowing for simultaneous use of your application by several
clients. The type of licensing model to use is up to you. It depends on how you
will be selling your application, and how you expect your users to deploy it within
their organization.

Getting Started with Sentinel Hardware Keys:Step 1: How to go about the whole process of using SHK.
Step 2: Understanding Sentinel Keys SDK components
Step 3:- Protect your application using Shelling.
Step 4:- API Protection: The method in which you insert the Business Layer
API functions into your application's source code.
Step 5:- Building the samples that came with the toolkit.
Step 6:- Using API explorer

Step 1:- How to go about the whole process of using SHK.

Install the toolkit

Prepare a conceptual protection

Add API or Shell feature
depending upon your
requirement. (We will discuss

Apply Shell protection for
Windows only

Build License template. Add
business layer API function in
your code compile and link
your application

Test the protected Application

Step 2:Sentinel Hardware Keys SDK basic Components: - We will be discussing few
components to know about each please go through Sentinel Keys Developer guide
Sentinel Keys Toolkit: - The Toolkit is a Java application. It is used for preparing
the application protection strategy and programming hardware keys for your
customers and distributors.

you can experiment with the Business Layer API prior to adding them into your source code. use Shell option in the License Designer. you can package the licenses and program hardware keys. License Designer In the License Designer screen. You can begin by creating a template using the License Designer wizard. you can protect an executable with popular licensing controls. It also generates the usage code in popular programming languages for a platform Key Status Panel A panel (in the left-side of the Toolkit) that displays the developer. you can design and build your application protection strategy—a license template consisting of Shell and API features. API Explorer In the API Explorer screen. you can create update actions and generate update codes for remotely updating the hardware keys. Update Manager In the Update Manager screen. License Manager In the License Manager screen. . for advanced licensing. It offers basic licensing controls. Groups are created to package the license (templates). these groups are used for programming Sentinel Keys and distributor keys. like an expiration date. Subsequently. and execution count.Generic Component (For all)  Sentinel System Driver For Customer   For Developers Sentinel Keys  Sentinel Keys Server Sentinel Keys Toolkit  Command-Line Shell Utility   Developer Key  Sentinel Keys License Monitor  Sentinel Protection Installer For Remote Updates  Secure Update Utility  Secure Update Wizard (for Windows only)  Compiler Interfaces For Distributors  Sentinel Keys License Manager (stand-alone application)  Distributor Key For Remote Updates  Key Programming APIs Secure Update Utility About the Toolkit Screens:Quick Shell In the Quick Shell screen. expiration time. distributor.

exe.exe. A network key allows multiple network clients to run the protected application concurrently.The developer key is meant for you—the software publisher/vendor. It must be redistributed with your network applications. The Sentinel Key Server runs as Windows service with it’s executable under C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr. It is typically connected to a networked system running the Sentinel Keys Server in the subnet. maintenance. You will not be able to build (prototype) the protection strategy in the Toolkit. unless the developer key is plugged-in. You can select the hardware key using the left and right arrow buttons Developer Key: . . and cancellation of licenses for its clients. A stand-alone protected application is licensed to run on a single computer without using a network.and Sentinel hardware User keys attached to the system. They will be able to run your protected application only if the correct Sentinel Key is accessed. It is available for both stand-alone and network environments. Sentinel User Keys:The Sentinel Keys are meant for your customers. who prepares the application protection strategy using the Toolkit. sharing. Sentinel Keys Server:The Sentinel Keys Server manages the licenses available with the Sentinel Keys attached to a system. The key server executable is named sntlkeyssrvr. It maintains a database of the Sentinel Keys attached to a networked system and handles the availability.

 It will not run more than once.Attach both the Developer key and Sentinel Key to USB hub/ports on your system. like expiration date and execution count. 2. Step A: . we will protect Wordpad.Protecting WordPad Using Quick Shell In the example below.Step 3:. You want to get familiar with Sentinel Hardware Kit quickly and easily. Protecting your application with Sentinel shell is the quickest and easiest way to license your application. select Sentinel Key using the or icons. 3. Quick Shell is a gateway to the Toolkit. You want to quickly set up a demo product and don’t need special licensing. Some of the reasons you might consider using Shell are: 1. You don’t have access to the source code for the application you want to protect. so that:  It will not run unless the correct Sentinel Key is attached.exe. . When these are shown in the Key Status panel. You can use it for quickly protecting an executable with basic licensing controls. The Shell features can be added only using the Windows version of the Toolkit.Protecting your Application using Shell. Example .

Choose the access mode as network or standalone depending upon your requirement .Select protect my application with licensing limit I choose from below. Select the Execution Count check box and specify 1. the Application settings options are enabled.Click Prepare Key. When done successfully.exe (available at <OS Drive>\Program Files\Windows NT\Accessories on Windows XP). Step D: . the remaining fields are populated automatically. When done successfully. Step C: .Step B: .Click Browse to select Wordpad.

However. Step F: . The Shell features can be added only using the Windows version of the Toolkit. When done successfully. a message box appears. When done successfully. Click Close.exe.Click Make Key. It should run successfully as long as the Sentinel Key is attached to the system. it will not run more than once because we allowed only one execution. Run wordpad_SHELLED. The following message will appear on further executions: Consider using the Shell option in the License Designer screen to make use of advanced options. The Make Key button is activated.Click the Make Shell button. a message box appears. using any of the following options. Running the Protected WordPad Browse to <OS Drive>\Program Files\Windows NT\Accessories.Step E: . . Click Close.

. I want to add features under the Shell/API tabs  This option is recommended for users who want to create a blank template here and add features in the License Designer screen.i) Using the License Designer Wizard . you can create a new license template by adding Shell and API features into it. Selecting Option in the License Designer Wizard The License Designer wizard shows you the following options: I'm new to creating features and templates  Using this option. 3. you can create a new template by copying a sample template. 1.This option allows you to add a Shell feature to an existing license template Using License Designer Wizard for Windows You can launch the wizard using any of the following ways:  Click the icon in the License Designer screen. Afterward.This option allows you to create a license template by adding a Shell or API feature to it ii) Under the Shell tab of the License Designer screen . Choose any of the two options depending on whether you wish to create a Shell or an API feature. Option 1 . Click Start. you can modify its settings and/or build it. Click Continue.I'm new to creating features and templates Select I'm new to creating features and templates in the License Designer Wizard launching screen. 2.  Click the Create button in the Templates Management dialog box. This option is recommended for new users who want to be guided step-by-step on creating a template I want to copy a sample template  Using this option. We will be choosing Shell Feature here.


exe or dll extension to proceed Specify Destination Path Type or browse for the path of the destination directory in the edit box under the Change the destination path check box. This is the destination path for writing the output files (recommended step).You must add at least one file with a . .

 Limit executions: Select to allow specifying the number of times the protected application will run. Networking and Security Settings Network Settings Choose from the following networking settings:  Access Mode Stand-alone. Stand-alone mode (SP_STANDALONE_MODE) The application looks for a license on the same system without requiring the Sentinel Keys Server. by default.Attributes  Active: Select to provide a perpetual license for using the application. Network (SP_SERVER_MODE) The application obtains a license from a network key.  Lease: Select to allow specifying an expiration date or expiration time for the application. Add instances later It will allow you to add new feature instances later in the License Manager screen. .

.• Specify a template name (necessary). This may take time depending upon the number of files and layers you have added. The template you created just now is listed under the template layout. The user name automatically appears as the default owner. After selecting your choices in the Add Shell Feature dialog box. • Providing comments is optional. These comments will be visible under the template layout (in the License Designer screen) and the group layout (when a group is created using that template in the License Manager screen). You may add more Shell features into it. • Click Finish. you must now perform the following final steps: The Make Shell Button Click the Make Shell button. if required. if any. This will wrap the Shell layer around your executables and DLLs and encrypt the data files.

Subsequently.A 128-bit AES algorithm-based feature that allows you to: i) Encrypt data ii) Decrypt data iii) Use the query-response protection. iv) Specify licensing controls (like. 2) ECC: . expiration time). You will begin by contacting the Sentinel Key for a license (SFNTGetLicense API call).An ECC algorithm-based feature that allows you to: i) Digitally sign content ii) Verify signed content iii) Specify licensing controls (like.API Protection If you want more control or want to use more sophisticated licensing models. you can craft variety of software locks to check the presence of the Sentinel Key You can create the following API features in the Toolkit: 1) AES: . Step 4:. In the initial stage you need to decide which software locks to use for protecting your application. The purpose of a software lock is to verify the presence of the correct Sentinel Key.The Build Button Click the Build button to update your template settings and program the Sentinel Key with it. expiration date. expiration date. expiration time and an execution count). . you should consider using the Sentinel Hardware Key API protection.

When done. Selecting the Add instances later check box will allow you to add new feature instances later in the License Manager screen. The Add Features dialog box appears. 6) Boolean: . 10.1\Compiler Interfaces\Help\English\API\Business_Layer_API_Help. To obtain the Add Feature dialog box: 1. The option will be disabled if you have selected the Read-only option. However. Select String. Specify a string containing up to 255 ASCII printable characters for the default instance Specify a write password if you want to write the feature value.This option allows you to create a license template by adding a Shell or API feature .2. 9. . 2) Using the License Designer Wizard . 2. Provide a name for this feature (necessary). you may modify it.htm directory for more details about each feature.A data feature that can contain 256-bytes of any developer-defined data type. 4.We will start from the add feature this time since we have covered creating template earlier.Data feature that can contain any of the following integers: 8-bit. 16 bit or 32 bit. Below is an example of adding string feature. if needed. Click the API tab. 6. The constant name will be automatically generated. 5. 4) Raw Data: . load the template to which the API feature will be added.A data feature that can contain a true or false value.967. specify the maximum size. The API features can be added using any of the following ways: 1) Under the API tab of the License Designer screen .This option allows you to add an API feature to an existing license template.294. click OK. 7. 7) Counter:. If you selected the check box described in step 6. In the License Designer screen. You may optionally provide comments. 5) Integers: .A data feature that can contain a count-down value between 0 to 4. 3. Click the Add button.3) String:-A data feature that can contain up to 256 ASCII printable characters.295 Please refer to API help located in C:\Program Files\SafeNet Sentinel\Sentinel Keys\1. including printable/non-printable characters and hexadecimal numbers. It has to be greater than the existing string length and less than 256 ASCII printable characters. 8.

4.Setting Build Options:1. Select the programming language of your choice. The available options are Windows. and Macintosh. Specify the File generation option to guide on how often the template header file and code sketch should be generated. Note: The toolkit will not be available on non-windows platforms. Select the Operating system for which header files are to be generated. Linux. Generate for every build The Toolkit generates the header file and code sketch every time the Build button is clicked. Click the Build Options tab. It will generate a language/compilerindependent header file. 2. You need to convert the syntax into your chosen development language on your own. select Common header. The header files for Linux and Macintosh should be generated from the Windows Toolkit and moved to the intended platform. . Ask me before building The Toolkit requires your permission every time the header file and code sketch need to be regenerated. You can also select the Generate For All option to generate header files for all supported languages. If the language/compiler you want is not shown. 3. You can select any of the following options: o o o Automatically generate when necessary (default) The Toolkit generates the header file and code sketch whenever necessary.

A dialog box will appear displaying the status of the activity. Click the Build button. When a license template is built. we recommend you to select this check box 6. . ii) Header file is generated. The Sentinel Key must be selected in the Key Status panel. you want the query string to be. You can set the following query-response settings if an AES feature is included in your license template: o o o Number of queries Specify the number of queries you want to make. Include Shell features (for Windows only) If you have added any Shell features to your template. 9.5. in bytes. a dialog box will appear prompting you to copy the libraries and header files (include files) at a path of your choice. click View on the Build Option Tab. As soon as the license template is built. Make sure that both the Developer key and Sentinel Key are attached to the system. To view the code sketch for this license template in the selected language. Query size Select how long. 7. You may click Copy to copy the header file 10. 8. the following tasks are performed: i) Sentinel Key is programmed with the license information. iii) Code sketch is generated.

These are the basic licensing APIs. The function needs to be called before calling SFNTGetLicense. You may optionally call this function to direct the license request to a specific Sentinel Keys Server for obtaining a license. Compile your application after including the Sentinel Keys header files and libraries. The Business Layer API Help provides complete details on each function. /*Calling SFNTReleaseLicense()*/ Releases the license and cleans up the memory allocated to the client library resources. The code snippet below illustrates the most-basic API functions used for implementing licensing. /*Calling SFNTGetLicense ()*/ Obtains a license from the Sentinel Key (having required developer ID and license ID) attached to a system. /*Calling SFNTReadString()*/ Reads the String feature value in the Sentinel Key. } You could embed these APIs within your application’s source code depending on where the application should request the license. int main (). The Business Layer API Help provides complete details on each function .Call this function before calling any other Business Layer API function in order to obtain a license. { /*Calling SFNTSetContactServer( ) */ Sets the Sentinel Keys Server to be contacted for obtaining a license. You can call this function anytime after successfully calling SFNTGetLicense.Add the Business Layer API functions into your application’s source code.

LeaseDemo) in the Toolkit.2\Compiler Interfaces\Help\English\API\Business_Layer_API_Help. The SHK Visual C++ samples are located in the C:\Program Files\SafeNet Sentinel\Sentinel Keys\1. In License Designer select load License Template Types select samples choose a sample license template provided (e.g.2.Building the samples that came with the SDK. 4) Click the Take me there link (the dialog box differs across platforms). The following dialog box will appear (the dialog box differs across platforms) on completion of the build process for windows sample. 3) Build it by clicking Build button. such as lease and demos. These samples make use of Business Layer API functions.htm directory. .Step 5:. Follow the steps given below.1\Sentinel Keys Toolkit\Samples\Microsoft\Visual C++ sub-directories. 1. 2) Provide your build options under the Build Options tab.:. suitable for that licensing scheme. Sample applications are provided that demonstrate various licensing models. You are directed to the language-specific directory for the sample wherein you can compile the sample application and understand the API functions used. such as specify the development language you want the sample for. Working with the Sample (VC++):The SHK API help is located in the C:\Program Files\SafeNet Sentinel\Sentinel Keys\ 1.

Microsoft C++ 6. • Start Microsoft Visual Studio 6. SentinelKeys.We will be building LeaseDemo sample. • Insert the Developer Key and a User Key.lib is the SHK static link library.cpp is the Visual C++ source code file. This SHK sample code is located in C:\ Program Files\SafeNet Sentinel\Sentinel Keys\1. .h is a project specific header file created by the SHK Toolkit. • Start the SHK Toolkit • Under Key Status.0. • File > Open Workspace…. then OK • Click the Copy button.dsw->click open • Build > Rebuild All • Build > Start Debug > Go Enter your Dev ID .1\Sentinel Keys Toolkit\Samples\Microsoft\Visual C++\LeaseDemo directory.0.h in your build directory. then select your build directory and the project file LeaseDemo. and then select your build directory.2. select the User Key (Sentinel Key). • Now you have a new header file called SentinelKeysLicense. • Select License Designer • Select License Template (Click the load button) • Under License Templates Types: Select Samples • Select LeaseDemo and click Load • Select the Build Options tab Change Generate options: to Generate for every build Change Programming language: to ANSI C • Click the Build button. SentinelKeysLicense. LeaseDemo. not the Developer Key.

it also generates the usage code for various languages.Screen Display while demo is running Final screen Step 6:.Using API Explorer In the API Explorer screen. . Corresponding to each function. you can experiment with the Business Layer API prior to adding them into your source code. Getting Ready to Use API Explorer Before you can use the API Explorer. you must be ready with the following:  License Template (built using the Build option) You can use a template created in the Toolkit. or a sample template.  Sentinel Key Attach the Sentinel Key (the license template was built with) to your system. or a template imported from any other Toolkit installation.

Some of the commonly used terms:RTC Tokens: . Otherwise. Test your template you have built . For other attributes please refer to Sentinel Keys Developer's Guide.It contains a tamper resistant internal real-time clock that indicates the exact date and time to track the usage of the leased applications. User limit:-A soft limit that restricts the number of users allowed by the hard limit. the number of users allowed is equivalent to the hard limit Cheat counter is a count-down value that allows tolerating the time tampering attacks ranging between 1 second to 30 days (excluding the daylight savings) till it reaches zero.The Developer ID of your Sentinel Key is shown in the Key Status Panel. . The real clock keeps track of time independent of the system clock—providing the best solution against time tampering attacks. Hard Limit: The hard limit specifies the number of tokens (instances) a license can have or number of instances of licensed application that can be run simultaneously.You will begin by contacting the Sentinel Key for a license (SFNTGetLicense API call). These do not require an on-board battery to detect time tampering and allow you to tolerate the number of time tampering attempts specified in the cheat counter.When you open the template the Developer ID is entered for you. Non-RTC tokens with Sentinel V-Clock allows reliable and secure distribution of time-limited applications.

For more information on how to create and implement your licensing strategy.Where Can I Find Out More? Please note that this is a quick start reference guide that talks about conceptual knowledge and quick steps you need to learn to protect your application. and what information you should send your customers on setting up and using licensing. If you have need additional assistance. For the latest information on Sentinel Hardware Key.safenet-inc. refer to the Sentinel Keys Developer's go to http://www. or encounter a problem.safenet-inc. please contact Technical Support: http://www.asp E-mail: United States Telephone (800) 545-6608 Fax (949) 450-7450Europe France Telephone 0825 341000 Fax +44 (0) 1276 608080 Germany Telephone 01803 7246269 Fax +44 (0) 1276 608080 United Kingdom Telephone +44 (0) 1276 608000 Fax +44 (0) 1276 608080 . That guide also discusses how to deploy your protected application to your customers. Contacting Technical Support We are committed to supporting Sentinel Hardware Key.