这完全取决于你想要的安全性......

This depends entirely on how secure you want to make it...

Java的问题在于您可以反向编译它。因此，如果有人想要，他们可以下载您的软件，反向编译它，然后删除您已经安装的任何安全性（然后根据需要重新分发它）。

The problem with Java is that you can reverse compile it. So if someone wanted to, they could download your software, reverse compile it, and then remove whatever security you have put in place (and then redistribute it if they wanted).

如果您计划进入大众市场并出售它并且盗版实际上会成为一个问题，这只是一个问题。

This is only a problem if you plan on going mass market and selling it and piracy would actually be a problem though.

如果你不关心这个，那么你可以去网上或离线检查。

If you're not concerned about this, then you can either go for online, or offline checking.

我合作的公司使用在线方法;有几个步骤：

The company I work with uses the online method; there are a few steps:

编辑：我已经改变了它的工作方式，因为旧的方式是维护噩梦。

I've since changed how this works, as the old way was a maintenance nightmare.

1. 许可证文件
   
   
   
   
   • （这可以包含你想要的任何东西，它必须是唯一的每个用户。大多数人通常使用普通服装;
   
   
   • 姓名
   
   
   • 公司
   
   
   • 电子邮件
   
   
   • 然后a key 。即 JDU8-AJS9-88DF-SASF-ASF9 你经常看到的东西。
   
   

1. A license file
   • (this can contain whatever you want in reality, it just has to be unique per user. Most people normally go with general garb;
   • name
   • company
   • email
   • and then a key. i.e. the JDU8-AJS9-88DF-SASF-ASF9 kind of thing you often see.

1. 把所有的许可证文件中的数据到字符串


2. 将字符串传递给散列函数这个页面可以告诉你如何。

1. put all the data from the license file into a string
2. pass the string to a hashing function this page can show you how.

让程序在线检查（在你的服务器上）。数据在HTML请求中编码（post / get / json /无论你想要什么）并提交到你的许可证验证页面，然后验证数据。数据中包含随机生成的字符串，验证页面使用该字符串生成另一个密码。然后将其返回给程序，该程序还使用随机字符串生成自己的密码。如果两者匹配，则程序启动。

要生成密钥，只需使用相同的散列函数，然后上传散列到你的服务器。

To generate the keys, just use the same hashing function, and then upload the hash to your server.

如果你想让它离线，你可以在我猜的代码中加入哈希值并在那里检查它们。

If you want it to be offline, you could include the hashes in the code I guess and check against them there.

但是，我应该指出，我不是一个安全专家，我只是为一家公司开发博士学位。这就是我的表现。

I should point out, however, that I'm not a security expert by any means, I just develop for a company as a portion of a Ph.D. and this is just how I did it.

编辑：这张图片可能会有所帮助：

this image might be helpful:

第二次编辑：

我现在已经在此过程中加入了离线验证。这不是真正的离线验证，它只是将用户用作代理 - 他们需要以另一种方式访问​​互联网。

I have now included "offline verification" in the process. It's not really offline verification, it just uses the user as a proxy - they need to access the internet another way.

它的工作原理如下：

1. 未找到互联网连接：向用户提供4位数代码


2. 用户进入离线验证页面（针对移动设备进行了优化）也可以使用）


3. 用户从下拉列表中选择他们使用的软件


4. 用户输入用户名（此字段记住条目）


5. 用户输入程序提供给他们的代码并提交


6. 网页提供4位数代码，然后输入程序，然后启动。


7. 程序在许可文件中添加了一些特殊数据，这意味着下一周/月/无论多长时间都不需要重复此过程。

1. no internet connection found: supply the user with a 4 digit code
2. user goes to offline verification page (optimized for mobile use too)
3. user selects which software they use from the dropdown list
4. user enters their username (this field remembers entries)
5. user enters the code the program gave them and submits
6. webpage provides a 4 digit code, which they then enter into the program, and it starts.
7. program adds some special data to the license file meaning that this process won't need to be repeated for the next week/month/however long.

每次程序成功在线验证时，它还会在许可文件中添加一个离线访问密码，这意味着它对临时性很强互联网停机时间，只有在互联网停机超过一周/月/无论多长时间设置工作时才会停止工作。

every time the program successfully verifies online, it also adds an offline access password to the license file, which means it's robust against temporary internet downtime, and will only stop working if the internet is down for more than a week/month/however long it's set up to work for.