Resources | Resources |



Licensing vs. Code Authorization

As a rule, licensing and code authorization through digital signing are distinct systems because business drivers, stakeholders, and implementers of a licensing solution are most often different from those of code authorization. Licensing manages the question of whether the user is permitted to run the code (e.g. have they paid for the right), while code authorization indicates whether the code is trusted to run on the device. This separation is a best practice we recommend but there is overlap between a licensing and code authorization though digital signing implementation detailed below.

Signing the License System Designation

Licensing and signing overlap in that digital signatures may be used to authenticate the license system designation for a given piece of code. While the implementation and enforcement of the license is outside of the signature verification mechanism, the signature prevents the unauthorized association of the code with an alternative (perhaps more permissive or less secure) licensing solution.

Signing code with no license

Not all code requires a license, so Brew MP allows you to designate code as not requiring a license using mif attributes. To execute the code, a mif need only be appropriately signed under a root certificate configured on the device.