Ioncube with license key (not license file)

Question

It is possible to encrypt code with ioncube and somehow require license key to use that PHP code?

I already using ioncube, but for now I use it with license file. During encrypting process I add parameter

--passphrase

but, honestly I do not know what I should do with this passphrase.

Any hint is welcome here :)

P.S.

I have a plan to use ioncube, but if it not possible with ioncube please tell me.

Answer 1

External Keys may be what you are looking for.

First, the passphrase you refer to is part of an encryption key used for license files, along with other components to the key that prevent someone else producing a working license file for your code even if they used the same passphrase. It is unrelated to code protection. Different passphrases are useful if you have different products, such as a lite version and a full version. By using a different passphrase for each product, it prevents someone with a license for the lite version using that license with the full version that they got from someone else.

You can also protect the compiled code in ionCube files using an External encryption Key (which can be a file, php.ini setting or other possibilities), and that is closer to what you are thinking of. Keep in mind, however, that anyone having the key can run the code, meaning that a user with the key could run the files on more than one server or give the files plus key to anyone else, which is probably not what you would want. External Keys are most useful where someone wants to encrypt files on their own server and they can use permissions so that someone with non-root access (e.g. a developer) won't be able to access the key.

License files tend to be the most useful, with their ability to encapsulate IP, domain and other restrictions plus arbitrary key/value properties that you can access via an API call and test in your own code, which could be used for adding your own licensing concepts.

You should also consider the level of protection that you use for your code as 100% code protection is impossible, and any protection scheme has the potential to be reverse engineered. Currently the best approach is to use Dynamic Keys, which is a unique mechanism that encrypts the compiled code but does not store the decryption key anywhere, therefore greatly increasing the effort required over other approaches if trying to break the protection.

Disclosure: I am associated with ionCube.