ISV key provisioning

[bobc]

I'm trying to provision keys as documented in the "ISV Own Site Acquire License Key", but having no luck. HTTP response 200 w/ empty body. Can you verify the url and fields in the on-line documentation are correct?

I've also looked at the html source behind the online form, and implemented it that way. Same results.

[bobc]

C'mon guys. This is a serious problem.

[licmax]

When an online app store requests the licmax system for a hashed license key for a product, the licmax system applies the algorithm (configured for that product) on a combination of a unique secret key (assigned for the product) and the device ID (of the device intending to run the application) to produce a license key. Now, independently, apply the same algorithm on the same combination of the secret key and the device ID at the device’s platform, the message digest is guaranteed to be the same.
The licmax system performs the following steps to produce a hashed license key.
1. Combines the secret key with the device ID of the buyer of your product. It appends the device ID to the left or right of the secret key according to the configuration of the product instance.
If the segment of the hashed key is configured as LAST or WHOLE, the device ID is appended to the RIGHT of the secret key/message. Otherwise, if segment is START, it is prepended to the LEFT of the secret key/message.
2. Applies the algorithm you chose for your product to produce a message digest.
3. Converts the message digest from binary format to ASCII or HEX format according to the product configuration.
4. If you chose an ASCII key, licmax applies encoding (eg. base64, base32, ...etc.), yielding an ENCODED string.
5. If you configured your key to be a shorter segment of the hashed output, licmax chops a portion of the ENCODED or HEX formatted string and uses it as the license key accordingly:
 If you chose START as the segment of the output, it chops this much from the LEFT of the ENCODED or HEX string and uses the chopped piece as the license key.
 If you chose LAST as the segment of the output, licmax chops the length of the license key from the RIGHT side of the ENCODED or HEX string and uses it as the license key.
 If you chose WHOLE as the segment of the output, licmax ignores the length configuration and uses the entire ENCODED or HEX string as the license key.
The buyer of your product receives this license key in one of the following ways:
 Via email from licmax, the online app store or both.
 In the case of BlackBerry App World, it injects it in a location in the application itself.
When your application starts on the device, it can perform the following simple steps to verify the validity of its license key:
1. Prompt the user to enter the license key. In the case of the BlackBerry App World store, the key is already entered in the application and can be obtained programmatically.
2. Look up the device ID (PIN) using the platform’s own supplied APIs.
3. Combine the device ID with the secret key the same way you asked licmax to do so when configuring your product there.

4. Apply the same one-way hash algorithm you configured your product to use at licmax to produce a message digest.
5. Convert the message digest from binary to ASCII or HEX formatted string same as you configured the product at licmax.
6. Encode the ASCII string accordingly as configured (eg. base64, base32... etc).
7. Chop from the same side of the HEX or ENCODED string (you chose to combine the device ID and the secret key at licmax) the length of the license key you configured at licmax. The chopped piece is supposed to be your license key for this copy of your application.
8. Compare the output of the step above with the license key the application obtained via step 1. If they are the same, this means the license key is valid and legitimate. If not, the license key is invalid. You the designer of the application decide to continue to run or stop the application from running.
The secret key is entered by you when you configure your product at licmax. If you choose not to enter one, licmax will use the product definition key as the secret key. The product definition key is a 25-char long ASCII string. You can view it when you view your product definitions on the licmax site.
The secret key is to be safely guarded. If it ever gets compromised, then license keys can be generated at any time using any platform that offers the algorithm you chose for your product. If you always combine the secret key with the device ID, it becomes very difficult to compromise a license key for your product.
This type is suited for disconnected devices - devices having no internet connection. Licmax provides you with various algorithms such as SHA-1, SHA-2, MD5, etc. Choose one that the platform your application is intended to run on also provides. Almost all platforms support the SHA-1 algorithm.