Skip to content

aariste/ISVLicenseGenerator

Repository files navigation

ISVLicenseGenerator

Build

This tool has been created to generate ISV licenses for Microsoft Dynamics 365 Finance and Operations Apps using a USB CSP eToken. I'm using a modified version of the AXUtilLib assembly found in a MSDyn365FO VM packages bin folder to allow the usage of the USB token. This assembly is owned by Microsoft and I've only modified it with learning purposes.

The standard ISV licensing only supports software PFX (PKCS #12) format certificates. In case you buy a certificate and you get a CSP token you won't be able to export the private key needed to sign the license.

The latest version has been migrated to .NET 7.0.

Transition to SHA265

The SHA1 hashing algorithm will be deprecated in early 2021. The SHA256 functionality is working and the SHA1 option has been removed in version 0.6. ISVLicenseGenerator will only create SHA256 signed licenses like the standard AXUtil is doing since PU35.

Support for Azure Key Vault as HSM

A hardware security module (HSM) is a physical computing device that safeguards and manages secrets (most importantly digital keys), performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server. A hardware security module contains one or more secure cryptoprocessor chips.

Azure Key Vault requires that you deploy the Premium tier to work as an HSM.

Usage

USB token

You need to install the drivers and management software of your USB token first. Execute the program and fill in the mandatory fields:

  • Path: the path where you want to save your license file.
  • License code: the name of your license code (from Microsoft Visual Studio).
  • Customer tenant: the customer's tenant name (from this screenshot).
  • Serial number: the customer's tenant ID (labeled "Serial number" in the screenshot linked in the previous line).

Azure Key Vault HSM

To use the Azure Key Vault HSM functionality you will need to create:

  • An Azure Key Vault: Premium tier.
  • App registration and secret
  • Add the App registration as a service principal with the needed rights on the Key Vault

The new fields on the UI used for the Key Vault funtionality are the ones on top of the old ones:

image

  • Key Vault DNS: the DNS found on Azure for the Key Vault.
  • Key name: the name of the certificate in the Key Vault.
  • Entra ID Tenant Id: your tenant Id, found in Azure under Entra Id or in the overview tab of an app registration. It's not the name, but the string of numbers and letters.
  • AppId: the App Id used as a service principal in the Key Vault.
  • Secret: the secret used to authenticate.

You can find a bit more information on this blog post about v0.1 and this one about v0.2, and the latest one about version 0.6 with full support for SHA-256 on https://ariste.info

THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.