You are on page 1of 22

Sentinel Hardware Key

Quick Start Guide

Sentinel Hardware Key guards your software against unauthorized use by
providing reliable and easy-to-use protection technology. It is the easiest
way to license/protect your application. The licensed application uses the hardware
key to support the license agreement you have with your customer. It has options to
quickly protect your applications and ways to implement intensive and controlled
protection strategies. Before you get started to license your application, you need to
decide the type of licensing you would use in your application. With Sentinel-
Hardware Key, every user of your application needs to obtain a license before he can
run the application. The license allows the user to start the application and access
the hardware key.

The license limit indicates the maximum number of concurrent users of the
application. Each instance of an application uses a license when it is started.
Licenses can be used in two ways with a stand-alone application or with a network
application. If the application is stand-alone, each user needs his own hardware key,
as only one license can be obtained from each key. If the application is a network
application, only one key located on the network is required, but the single key can
issue multiple licenses, allowing for simultaneous use of your application by several
clients. The type of licensing model to use is up to you. It depends on how you
will be selling your application, and how you expect your users to deploy it within
their organization.

Getting Started with Sentinel Hardware Keys:-

Step 1: How to go about the whole process of using SHK.
Step 2: Understanding Sentinel Keys SDK components
Step 3:- Protect your application using Shelling.
Step 4:- API Protection: The method in which you insert the Business Layer
API functions into your application's source code.
Step 5:- Building the samples that came with the toolkit.
Step 6:- Using API explorer

Step 1:- How to go about the whole process of using SHK.

Install the toolkit

Prepare a conceptual protection

Add API or Shell feature Apply Shell protection for
depending upon your Windows only
requirement. (We will discuss

Build License template. Add
business layer API function in
your code compile and link
your application

Test the protected Application

Step 2:-

Sentinel Hardware Keys SDK basic Components: - We will be discussing few
components to know about each please go through Sentinel Keys Developer guide
Sentinel Keys Toolkit: - The Toolkit is a Java application. It is used for preparing
the application protection strategy and programming hardware keys for your
customers and distributors.

License Manager In the License Manager screen. It also generates the usage code in popular programming languages for a platform Key Status Panel A panel (in the left-side of the Toolkit) that displays the developer. you can protect an executable with popular licensing controls. License Designer In the License Designer screen. Subsequently. you can package the licenses and program hardware keys. and execution count. you can experiment with the Business Layer API prior to adding them into your source code. expiration time. use Shell option in the License Designer. these groups are used for programming Sentinel Keys and distributor keys. . Groups are created to package the license (templates). API Explorer In the API Explorer screen. for advanced licensing. distributor.Generic For Customer For Developers For Distributors Component (For all)  Sentinel  Sentinel Keys  Sentinel Keys  Sentinel Keys System Driver  Sentinel Keys Toolkit License Manager Server  Command-Line (stand-alone Shell Utility application)  Sentinel Keys License Monitor  Developer Key  Distributor Key  Sentinel  Compiler For Remote Updates Protection Installer Interfaces  Secure Update For Remote Updates  Key Programming Utility  Secure Update APIs Utility  Secure Update Wizard (for Windows only) About the Toolkit Screens:- Quick Shell In the Quick Shell screen. you can design and build your application protection strategy—a license template consisting of Shell and API features. Update Manager In the Update Manager screen. It offers basic licensing controls. you can create update actions and generate update codes for remotely updating the hardware keys. You can begin by creating a template using the License Designer wizard. like an expiration date.

You can select the hardware key using the left and right arrow buttons Developer Key: . unless the developer key is plugged-in. It is typically connected to a networked system running the Sentinel Keys Server in the subnet. They will be able to run your protected application only if the correct Sentinel Key is accessed. A stand-alone protected application is licensed to run on a single computer without using a network. Sentinel User Keys:- The Sentinel Keys are meant for your customers.exe. A network key allows multiple network clients to run the protected application concurrently. You will not be able to build (prototype) the protection strategy in the Toolkit. sharing. It must be redistributed with your network applications. It maintains a database of the Sentinel Keys attached to a networked system and handles the availability. Sentinel Keys Server:- The Sentinel Keys Server manages the licenses available with the Sentinel Keys attached to a system. . The key server executable is named sntlkeyssrvr.and Sentinel hardware User keys attached to the system. maintenance.The developer key is meant for you—the software publisher/vendor. It is available for both stand-alone and network environments. who prepares the application protection strategy using the Toolkit. and cancellation of licenses for its clients.exe. The Sentinel Key Server runs as Windows service with it’s executable under C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.

we will protect Wordpad.  It will not run more than once. You want to get familiar with Sentinel Hardware Kit quickly and easily. You can use it for quickly protecting an executable with basic licensing controls. You want to quickly set up a demo product and don’t need special licensing. so that:  It will not run unless the correct Sentinel Key is attached.Attach both the Developer key and Sentinel Key to USB hub/ports on your system. select Sentinel Key using the or icons. You don’t have access to the source code for the application you want to protect.Protecting WordPad Using Quick Shell In the example below.Protecting your Application using Shell. Some of the reasons you might consider using Shell are: 1. . 2. like expiration date and execution count.Step 3:. Step A: . Protecting your application with Sentinel shell is the quickest and easiest way to license your application. When these are shown in the Key Status panel. 3. The Shell features can be added only using the Windows version of the Toolkit. Quick Shell is a gateway to the Toolkit. Example .exe.

the remaining fields are populated automatically.exe (available at <OS Drive>\Program Files\Windows NT\Accessories on Windows XP). Choose the access mode as network or standalone depending upon your requirement .Step B: .Select protect my application with licensing limit I choose from below.Click Prepare Key. Step C: . Select the Execution Count check box and specify 1. When done successfully. When done successfully. the Application settings options are enabled.Click Browse to select Wordpad. Step D: .

Click Make Key. a message box appears. Click Close. Running the Protected WordPad Browse to <OS Drive>\Program Files\Windows NT\Accessories. However. When done successfully. When done successfully. Run wordpad_SHELLED. . Step F: .Step E: . The Shell features can be added only using the Windows version of the Toolkit. It should run successfully as long as the Sentinel Key is attached to the system. Click Close. using any of the following options.Click the Make Shell button.exe. a message box appears. it will not run more than once because we allowed only one execution. The following message will appear on further executions: Consider using the Shell option in the License Designer screen to make use of advanced options. The Make Key button is activated.

This option is recommended for new users who want to be guided step-by-step on creating a template  I want to copy a sample template Using this option.  I want to add features under the Shell/API tabs This option is recommended for users who want to create a blank template here and add features in the License Designer screen. Afterward. 1. you can modify its settings and/or build it. 2.This option allows you to add a Shell feature to an existing license template Using License Designer Wizard for Windows You can launch the wizard using any of the following ways:  Click the icon in the License Designer screen.i) Using the License Designer Wizard . We will be choosing Shell Feature here.I'm new to creating features and templates Select I'm new to creating features and templates in the License Designer Wizard launching screen.  Click the Create button in the Templates Management dialog box. you can create a new template by copying a sample template. Selecting Option in the License Designer Wizard The License Designer wizard shows you the following options:  I'm new to creating features and templates Using this option. Click Start. Option 1 .This option allows you to create a license template by adding a Shell or API feature to it ii) Under the Shell tab of the License Designer screen . 3. Click Continue. you can create a new license template by adding Shell and API features into it. Choose any of the two options depending on whether you wish to create a Shell or an API feature. .

. .

.exe or dll extension to proceed Specify Destination Path Type or browse for the path of the destination directory in the edit box under the Change the destination path check box. This is the destination path for writing the output files (recommended step).You must add at least one file with a .

Attributes  Active: Select to provide a perpetual license for using the application. Network (SP_SERVER_MODE) The application obtains a license from a network key.  Limit executions: Select to allow specifying the number of times the protected application will run. Networking and Security Settings Network Settings Choose from the following networking settings:  Access Mode Stand-alone. by default. Add instances later It will allow you to add new feature instances later in the License Manager screen. . Stand-alone mode (SP_STANDALONE_MODE) The application looks for a license on the same system without requiring the Sentinel Keys Server.  Lease: Select to allow specifying an expiration date or expiration time for the application.

You may add more Shell features into it. This will wrap the Shell layer around your executables and DLLs and encrypt the data files. The user name automatically appears as the default owner. you must now perform the following final steps: The Make Shell Button Click the Make Shell button. The template you created just now is listed under the template layout. After selecting your choices in the Add Shell Feature dialog box. if any. This may take time depending upon the number of files and layers you have added. . • Providing comments is optional.• Specify a template name (necessary). • Click Finish. if required. These comments will be visible under the template layout (in the License Designer screen) and the group layout (when a group is created using that template in the License Manager screen).

In the initial stage you need to decide which software locks to use for protecting your application. . Subsequently. 2) ECC: . Step 4:.An ECC algorithm-based feature that allows you to: i) Digitally sign content ii) Verify signed content iii) Specify licensing controls (like.A 128-bit AES algorithm-based feature that allows you to: i) Encrypt data ii) Decrypt data iii) Use the query-response protection. You will begin by contacting the Sentinel Key for a license (SFNTGetLicense API call). you should consider using the Sentinel Hardware Key API protection. The purpose of a software lock is to verify the presence of the correct Sentinel Key. iv) Specify licensing controls (like. expiration time). expiration date.The Build Button Click the Build button to update your template settings and program the Sentinel Key with it.API Protection If you want more control or want to use more sophisticated licensing models. you can craft variety of software locks to check the presence of the Sentinel Key You can create the following API features in the Toolkit: 1) AES: . expiration time and an execution count). expiration date.

7. If you selected the check box described in step 6. if needed.967. The constant name will be automatically generated.We will start from the add feature this time since we have covered creating template earlier.294. 5. However.This option allows you to create a license template by adding a Shell or API feature . Below is an example of adding string feature.A data feature that can contain 256-bytes of any developer-defined data type. 6) Boolean: . To obtain the Add Feature dialog box: 1. 6. 16 bit or 32 bit. You may optionally provide comments.Data feature that can contain any of the following integers: 8-bit. When done. specify the maximum size.2. The API features can be added using any of the following ways: 1) Under the API tab of the License Designer screen . 4) Raw Data: .295 Please refer to API help located in C:\Program Files\SafeNet Sentinel\Sentinel Keys\1.This option allows you to add an API feature to an existing license template.htm directory for more details about each feature. Selecting the Add instances later check box will allow you to add new feature instances later in the License Manager screen.1\Compiler Interfaces\Help\English\API\Business_Layer_API_Help.A data feature that can contain a count-down value between 0 to 4.3) String:-A data feature that can contain up to 256 ASCII printable characters.A data feature that can contain a true or false value. 4. you may modify it. 7) Counter:. 10. In the License Designer screen. The option will be disabled if you have selected the Read-only option. load the template to which the API feature will be added. 5) Integers: . click OK. 2. Click the Add button. 2) Using the License Designer Wizard . 8. Click the API tab. including printable/non-printable characters and hexadecimal numbers. The Add Features dialog box appears. It has to be greater than the existing string length and less than 256 ASCII printable characters. Provide a name for this feature (necessary). Specify a string containing up to 255 ASCII printable characters for the default instance Specify a write password if you want to write the feature value. Select String. 3. 9. .

o Generate for every build The Toolkit generates the header file and code sketch every time the Build button is clicked. Linux. It will generate a language/compiler- independent header file. Select the programming language of your choice. 4. Select the Operating system for which header files are to be generated. and Macintosh. If the language/compiler you want is not shown. You can also select the Generate For All option to generate header files for all supported languages. . The header files for Linux and Macintosh should be generated from the Windows Toolkit and moved to the intended platform. o Ask me before building The Toolkit requires your permission every time the header file and code sketch need to be regenerated. Specify the File generation option to guide on how often the template header file and code sketch should be generated. Click the Build Options tab. You can select any of the following options: o Automatically generate when necessary (default) The Toolkit generates the header file and code sketch whenever necessary. 3. select Common header. The available options are Windows.Setting Build Options:- 1. 2. Note: The toolkit will not be available on non-windows platforms. You need to convert the syntax into your chosen development language on your own.

You can set the following query-response settings if an AES feature is included in your license template: o Number of queries Specify the number of queries you want to make. 8. in bytes. .5. ii) Header file is generated. When a license template is built. You may click Copy to copy the header file 10. a dialog box will appear prompting you to copy the libraries and header files (include files) at a path of your choice. o Include Shell features (for Windows only) If you have added any Shell features to your template. o Query size Select how long. Click the Build button. you want the query string to be. the following tasks are performed: i) Sentinel Key is programmed with the license information. A dialog box will appear displaying the status of the activity. 9. iii) Code sketch is generated. click View on the Build Option Tab. As soon as the license template is built. 7. To view the code sketch for this license template in the selected language. The Sentinel Key must be selected in the Key Status panel. Make sure that both the Developer key and Sentinel Key are attached to the system. we recommend you to select this check box 6.

The Business Layer API Help provides complete details on each function. } You could embed these APIs within your application’s source code depending on where the application should request the license. These are the basic licensing APIs. You may optionally call this function to direct the license request to a specific Sentinel Keys Server for obtaining a license. Compile your application after including the Sentinel Keys header files and libraries. int main (). The function needs to be called before calling SFNTGetLicense. /*Calling SFNTReadString()*/ Reads the String feature value in the Sentinel Key. You can call this function anytime after successfully calling SFNTGetLicense. The Business Layer API Help provides complete details on each function .Add the Business Layer API functions into your application’s source code. { /*Calling SFNTSetContactServer( ) */ Sets the Sentinel Keys Server to be contacted for obtaining a license. The code snippet below illustrates the most-basic API functions used for implementing licensing.Call this function before calling any other Business Layer API function in order to obtain a license. /*Calling SFNTGetLicense ()*/ Obtains a license from the Sentinel Key (having required developer ID and license ID) attached to a system. /*Calling SFNTReleaseLicense()*/ Releases the license and cleans up the memory allocated to the client library resources.

such as specify the development language you want the sample for. such as lease and demos. You are directed to the language-specific directory for the sample wherein you can compile the sample application and understand the API functions used. 4) Click the Take me there link (the dialog box differs across platforms).Building the samples that came with the SDK.:. 2) Provide your build options under the Build Options tab.LeaseDemo) in the Toolkit. 3) Build it by clicking Build button.2\Compiler Interfaces\Help\English\API\Business_Layer_API_Help. In License Designer select load License Template Types select samples choose a sample license template provided (e. The SHK Visual C++ samples are located in the C:\Program Files\SafeNet Sentinel\Sentinel Keys\1. Follow the steps given below.Step 5:. Sample applications are provided that demonstrate various licensing models. . Working with the Sample (VC++):- The SHK API help is located in the C:\Program Files\SafeNet Sentinel\Sentinel Keys\ 1.g. The following dialog box will appear (the dialog box differs across platforms) on completion of the build process for windows sample.1\Sentinel Keys Toolkit\Samples\Microsoft\Visual C++ sub-directories.htm directory.2. suitable for that licensing scheme. These samples make use of Business Layer API functions. 1.

dsw->click open • Build > Rebuild All • Build > Start Debug > Go Enter your Dev ID . • Insert the Developer Key and a User Key.0. then select your build directory and the project file LeaseDemo.0. and then select your build directory. LeaseDemo. • Start Microsoft Visual Studio 6.1\Sentinel Keys Toolkit\Samples\Microsoft\Visual C++\LeaseDemo directory.2. select the User Key (Sentinel Key). • File > Open Workspace…. • Now you have a new header file called SentinelKeysLicense.cpp is the Visual C++ source code file. then OK • Click the Copy button. SentinelKeysLicense. • Select License Designer • Select License Template (Click the load button) • Under License Templates Types: Select Samples • Select LeaseDemo and click Load • Select the Build Options tab Change Generate options: to Generate for every build Change Programming language: to ANSI C • Click the Build button. SentinelKeys. • Start the SHK Toolkit • Under Key Status. . This SHK sample code is located in C:\ Program Files\SafeNet Sentinel\Sentinel Keys\1. Microsoft C++ 6.h in your build directory.h is a project specific header file created by the SHK Toolkit.lib is the SHK static link library.We will be building LeaseDemo sample. not the Developer Key.

Corresponding to each function. . or a sample template.Screen Display while demo is running Final screen Step 6:. it also generates the usage code for various languages.  Sentinel Key Attach the Sentinel Key (the license template was built with) to your system.Using API Explorer In the API Explorer screen. or a template imported from any other Toolkit installation. Getting Ready to Use API Explorer Before you can use the API Explorer. you must be ready with the following:  License Template (built using the Build option) You can use a template created in the Toolkit. you can experiment with the Business Layer API prior to adding them into your source code.

You will begin by contacting the Sentinel Key for a license (SFNTGetLicense API call).When you open the template the Developer ID is entered for you. The real clock keeps track of time independent of the system clock—providing the best solution against time tampering attacks. These do not require an on-board battery to detect time tampering and allow you to tolerate the number of time tampering attempts specified in the cheat counter. . the number of users allowed is equivalent to the hard limit Cheat counter is a count-down value that allows tolerating the time tampering attacks ranging between 1 second to 30 days (excluding the daylight savings) till it reaches zero. Non-RTC tokens with Sentinel V-Clock allows reliable and secure distribution of time-limited applications. The Developer ID of your Sentinel Key is shown in the Key Status Panel. User limit:-A soft limit that restricts the number of users allowed by the hard limit. Some of the commonly used terms:- RTC Tokens: . For other attributes please refer to Sentinel Keys Developer's Guide.It contains a tamper resistant internal real-time clock that indicates the exact date and time to track the usage of the leased applications. Test your template you have built . Otherwise. Hard Limit: The hard limit specifies the number of tokens (instances) a license can have or number of instances of licensed application that can be run simultaneously.

com United States Telephone (800) 545-6608 Fax (949) 450-7450Europe France Telephone 0825 341000 Fax +44 (0) 1276 608080 Germany Telephone 01803 7246269 Fax +44 (0) 1276 608080 United Kingdom Telephone +44 (0) 1276 608000 Fax +44 (0) 1276 608080 . please contact Technical Support: http://www.safenet-inc. refer to the Sentinel Keys Developer's Guide.Where Can I Find Out More? Please note that this is a quick start reference guide that talks about conceptual knowledge and quick steps you need to learn to protect your application. go to http://www. For the latest information on Sentinel Hardware Key. If you have questions. Contacting Technical Support We are committed to supporting Sentinel Hardware need additional assistance. That guide also discusses how to deploy your protected application to your customers. or encounter a problem.asp E-mail: support@safenet-inc.safenet-inc. and what information you should send your customers on setting up and using For more information on how to create and implement your licensing strategy.