Cryptolens Client API for Python

This library contains helper methods to verify license keys in Python.

Python docs can be found here: https://help.cryptolens.io/api/python/

Autodesk Maya: The Python2 version needs to be used, as described here.

Autodesk Revit / Iron Python 2.7.3: The Python2 version needs to be used with HelperMethods.ironpython2730_legacy = True.

Please check out our guide about common errors and how to solve them: https://help.cryptolens.io/faq/index#troubleshooting-api-errors. For Python specific errors, please review this section.

Installation

Python 3

pip install licensing

Python 2

Please copy cryptolens_python2.py file into your project folder. The entire library is contained in that file.

In the examples below, please disregard the imports and use only the following one:

from cryptolens_python2 import *

If you create a plugin for Autodesk Revit or use IronPython 2.7.3 or earlier, please also add the line below right after the import:

HelperMethods.ironpython2730_legacy = True

Example

Key verification

The code below will work exactly as the one explained in the key verification tutorial.

First, we need to add the namespaces:

In Python 3:

from licensing.models import *
from licensing.methods import Key, Helpers

In Python 2:

from cryptolens_python2 import *

Now we can perform the actual key verification:

RSAPubKey = "<RSAKeyValue><Modulus>sGbvxwdlDbqFXOMlVUnAF5ew0t0WpPW7rFpI5jHQOFkht/326dvh7t74RYeMpjy357NljouhpTLA3a6idnn4j6c3jmPWBkjZndGsPL4Bqm+fwE48nKpGPjkj4q/yzT4tHXBTyvaBjA8bVoCTnu+LiC4XEaLZRThGzIn5KQXKCigg6tQRy0GXE13XYFVz/x1mjFbT9/7dS8p85n8BuwlY5JvuBIQkKhuCNFfrUxBWyu87CFnXWjIupCD2VO/GbxaCvzrRjLZjAngLCMtZbYBALksqGPgTUN7ZM24XbPWyLtKPaXF2i4XRR9u6eTj5BfnLbKAU5PIVfjIS+vNYYogteQ==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>"
auth = "WyIyNTU1IiwiRjdZZTB4RmtuTVcrQlNqcSszbmFMMHB3aWFJTlBsWW1Mbm9raVFyRyJd=="

result = Key.activate(token=auth,\
                   rsa_pub_key=RSAPubKey,\
                   product_id=3349, \
                   key="ICVLD-VVSZR-ZTICT-YKGXL",\
                   machine_code=Helpers.GetMachineCode(v=2))

if result[0] == None or not Helpers.IsOnRightMachine(result[0], v=2):
    # an error occurred or the key is invalid or it cannot be activated
    # (eg. the limit of activated devices was achieved)
    print("The license does not work: {0}".format(result[1]))
else:
    # everything went fine if we are here!
    print("The license is valid!")
    license_key = result[0]
    print("Feature 1: " + str(license_key.f1))
    print("License expires: " + str(license_key.expires))

• RSAPubKey - the RSA public key (can be found here, in API Keys section).
• token - the access token (can be found here, in API Keys section).
• product_id - the id of the product can be found on the product page.
• key - the license key to be verified
• machine_code - the unique id of the device.

Note: The code above assumes that node-locking is enabled. By default, license keys are created with Maximum Number of Machines set to zero, which deactivates node-locking. As a result, machines will not be registered and the call to Helpers.IsOnRightMachine(result[0]) will return False. You can read more about this behaviour here.

Offline activation (saving/loading licenses)

Assuming the license key verification was successful, we can save the result in a file so that we can use it instead of contacting Cryptolens.

# res is obtained from the code above
if result[0] != None:
    # saving license file to disk
    with open('licensefile.skm', 'w') as f:
        f.write(result[0].save_as_string())

When loading it back, we can use the code below:

# read license file from file
with open('licensefile.skm', 'r') as f:
    license_key = LicenseKey.load_from_string(pubKey, f.read())
    
    if license_key == None or not Helpers.IsOnRightMachine(license_key, v=2):
        print("NOTE: This license file does not belong to this machine.")
    else:
        print("Feature 1: " + str(license_key.f1))
        print("License expires: " + str(license_key.expires))

If you want to make sure that the license file is not too old, you can specify the maximum number of days as shown below (after 30 days, this method will return NoneType).

# read license file from file
with open('licensefile.skm', 'r') as f:
    license_key = LicenseKey.load_from_string(pubKey, f.read(), 30)
    
    if license_key == None or not Helpers.IsOnRightMachine(license_key, v=2):
        print("NOTE: This license file does not belong to this machine.")
    else:
        print("Feature 1: " + str(license_key.f1))
        print("License expires: " + str(license_key.expires))

Floating licenses

Floating licenses can be enabled by setting the floatingTimeInterval. Optionally, you can also allow customers to exceed the bound by specifying the maxOverdraft.

The code below has a floatingTimeInterval of 300 seconds and maxOverdraft set to 1. To support floating licenses with overdraft, the call to Helpers.IsOnRightMachine(license, true, true) needs two boolean flags to be set to true.

from licensing.models import *
from licensing.methods import Key, Helpers

RSAPubKey = "<RSAKeyValue><Modulus>sGbvxwdlDbqFXOMlVUnAF5ew0t0WpPW7rFpI5jHQOFkht/326dvh7t74RYeMpjy357NljouhpTLA3a6idnn4j6c3jmPWBkjZndGsPL4Bqm+fwE48nKpGPjkj4q/yzT4tHXBTyvaBjA8bVoCTnu+LiC4XEaLZRThGzIn5KQXKCigg6tQRy0GXE13XYFVz/x1mjFbT9/7dS8p85n8BuwlY5JvuBIQkKhuCNFfrUxBWyu87CFnXWjIupCD2VO/GbxaCvzrRjLZjAngLCMtZbYBALksqGPgTUN7ZM24XbPWyLtKPaXF2i4XRR9u6eTj5BfnLbKAU5PIVfjIS+vNYYogteQ==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>"
auth = "WyIyNTU1IiwiRjdZZTB4RmtuTVcrQlNqcSszbmFMMHB3aWFJTlBsWW1Mbm9raVFyRyJd=="

result = Key.activate(token=auth,\
                   rsa_pub_key=RSAPubKey,\
                   product_id=3349, \
                   key="ICVLD-VVSZR-ZTICT-YKGXL",\
                   machine_code=Helpers.GetMachineCode(v=2),\
                   floating_time_interval=300,\
                   max_overdraft=1)

if result[0] == None or not Helpers.IsOnRightMachine(result[0], is_floating_license=True, allow_overdraft=True, v=2):
    print("An error occurred: {0}".format(result[1]))
else:
    print("Success")
    
    license_key = result[0]
    print("Feature 1: " + str(license_key.f1))
    print("License expires: " + str(license_key.expires))

Create Trial Key (verified trial)

Idea

A trial key allows your users to evaluate some or all parts of your software for a limited period of time. The goal of trial keys is to set it up in such a way that you don’t need to manually create them, while still keeping everything secure.

In Cryptolens, all trial keys are bound to the device that requested them, which helps to prevent users from using the trial after reinstalling their device.

You can define which features should count as trial by editing feature definitions on the product page.

Implementation

The code below shows how to create trial key. If the trial key is successful, trial_key[0] will contain the license key string. We then need to call Key.Activate (as shown in the earlier examples) with the obtained license key to verify the license.

from licensing.models import *
from licensing.methods import Key, Helpers

trial_key = Key.create_trial_key("WyIzODQ0IiwiempTRWs4SnBKTTArYUh3WkwyZ0VwQkVyeTlUVkRWK2ZTOS8wcTBmaCJd", 3941, Helpers.GetMachineCode(v=2))

if trial_key[0] == None:
    print("An error occurred: {0}".format(trial_key[1]))


RSAPubKey = "<RSAKeyValue><Modulus>sGbvxwdlDbqFXOMlVUnAF5ew0t0WpPW7rFpI5jHQOFkht/326dvh7t74RYeMpjy357NljouhpTLA3a6idnn4j6c3jmPWBkjZndGsPL4Bqm+fwE48nKpGPjkj4q/yzT4tHXBTyvaBjA8bVoCTnu+LiC4XEaLZRThGzIn5KQXKCigg6tQRy0GXE13XYFVz/x1mjFbT9/7dS8p85n8BuwlY5JvuBIQkKhuCNFfrUxBWyu87CFnXWjIupCD2VO/GbxaCvzrRjLZjAngLCMtZbYBALksqGPgTUN7ZM24XbPWyLtKPaXF2i4XRR9u6eTj5BfnLbKAU5PIVfjIS+vNYYogteQ==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>"
auth = "WyIyNTU1IiwiRjdZZTB4RmtuTVcrQlNqcSszbmFMMHB3aWFJTlBsWW1Mbm9raVFyRyJd=="

result = Key.activate(token=auth,\
                   rsa_pub_key=RSAPubKey,\
                   product_id=3349, \
                   key=trial_key[0],\
                   machine_code=Helpers.GetMachineCode(v=2))


if result[0] == None or not Helpers.IsOnRightMachine(result[0], v=2):
    print("An error occurred: {0}".format(result[1]))
else:
    print("Success")
    
    license_key = result[0]
    print("Feature 1: " + str(license_key.f1))
    print("License expires: " + str(license_key.expires))

License server or custom endpoint

To forward requests to a local license server or a different API, you can set it using the server_address in HelperMethods, i.e.,

HelperMethods.server_address = "http://localhost:8080/api/";

It is important to include one / in the end of the address as well as to attach the "api" suffix.

Other settings

Proxy

If you have customers who want to use a proxy server, we recommend enabling the following setting before calling any other API method, such as Key.Activate.

HelperMethods.proxy_experimental = True

This will ensure that the underlying HTTP library (urllib) used by Cryptolens Python SDK will use the proxy configured on the OS level. The goal is to make this default behaviour in future versions of the library, once enough feedback is collected.

SSL verification

SSL verification can temporarily be disabled by adding the line below before any call to Key.Activate.

HelperMethods.verify_SSL = False

The Cryptolens Python SDK will verify that the license information has not changed since it left the server using your RSA Public Key. However, we recommend to keep this value unchanged.

Possible errors

The expiration date cannot be converted to a datetime object. Please try setting the period to a lower value.

This error occurs when the timestamp for the expiration date received from the server exceeds the limit in Python. This typically occurs when the Period is set to a excessively large value, often to prevent the license from expiring.

While Cryptolens requires a period (defaulted to 30) during the creation of a new license, this does not mark the license as time-limited. You can learn more about it here. In essence, a license is treated as time-limited by either enforcing this in the Python code (e.g. if F1=true, the license is time-limited and so we check the expiration date against the current date, to see that it is still valid) or on the server side. On the server side, you can, for example, set up a feature that will automatically block expired licenses. You can read more about it here.

In sum, to solve this issue, you can either follow one of the methods described above or set the period to a smaller value.

Could not contact the server. Error message: <urlopen error [SSL: CERTIFICATE_VERIFY _FAILED] certificate verify failed: unable to get local issuer certificate (ssl.c:1125)>

This error is thrown when the urllib library (a built in library in Python that we use to send HTTP requests) is unable to locate the CA files on the client machine. From our experience, this error occurs exclusively on Macs where the Python environment is incorrectly installed.

To solve this temporarily for testing purposes, you could temporary disable SSL verifications as described in here, however, we do not recommend this in a production scenario. Instead, a better solution is to fix the underlying issue preventing the Python environment from finding the CA files.

This can be accomplished in at least two ways:

Using certifi

Before calling any of the API methods (e.g. Key.activate), you can add the following code:

import certifi
os.environ['SSL_CERT_FILE'] = certifi.where()

Please note that this requires certifi package to be installed.

Running a script in the Python environment

An alternative is to run script in their environment that should fix the issue. You can read more about it in this thread: https://github.com/Cryptolens/cryptolens-python/issues/65

Summary

The key takeaway is that it is better to address the issue with missing CA on the user side, since this issue will typically be user-specific. If that is not possible, you can use the code above to manually set the path to CA files. Although we have mentioned turning off SSL verification temporarily, it should not be used in production. Key.activate takes care of signature verification internally, but some other methods do not.