What is most secure way to store the license information in registry - c#

Question

I making a trail version of my application using win-form C#, for this am storing license information such as install date, last used date, and blacklist user variables in HKEY_CURRENT_USER.

Now am worried that users can easily access this registry information or they can modify its value. If they do so then trail app can be reused after expiry.

Someone, please suggest me the best way to secure this registry information.

1. how to encrypt registry information?
2. how to block modify access to users and at the same time only my application should have rights to modify the registry (as my application modifies last used variable in a registry.
3. Any other alternatives ways to secure this license information and same can be used by my c# application( one similar to registry entries where my application can read and modify its property data values)

a piece of my code

 private void firstTimeAppOpen()
    {
        RegistryKey regkey = Registry.CurrentUser;
        regkey = regkey.CreateSubKey(globalPath); //path

        DateTime dt = DateTime.Now;
        string Date = dt.ToShortDateString(); // get only date not time

        regkey.SetValue("Install", Date); //Value Name,Value Data
        regkey.SetValue("Use", Date); //Value Name,Value Data
    }

    // put next use day in registry
                regkey.SetValue("Use", DateTime.Now); //Value Name,Value Data

below screenshot showcases that all my data like install date, last used date are all visible and can be modified if the user finds it.

Answer 1

I found no help on this question. As every other article or post suggests that it's impossible to secure data on client's machine as they got full access to their own machine. But still, we can confuse them with our data, as in the above screenshot one can see that my registry data is openly visible to all like the date. So am encrypting and decrypting the date. At first, I encrypt the date and store it in the registry and again wherever I needed I retrieve my registry data and decrypt it for Furter use. In case if user tampers the encrypted data then we will get to know while decrypting.

sample code on encrypts and decrypt.

  public string EncryptData(string data)
    {
        if (data == null) 
        throw new ArgumentNullException("data");

        //encrypt data
        var encryptdata = Encoding.Unicode.GetBytes(data);
        byte[] encrypted = ProtectedData.Protect(encryptdata, null, DataProtectionScope.CurrentUser);

        //return as base64 string
        return Convert.ToBase64String(encrypted);
    }

    public string DecryptData(string cipher)
    {
        if (cipher == null) throw new ArgumentNullException("cipher");

        //parse base64 string
        byte[] data = Convert.FromBase64String(cipher);

        //decrypt data
        byte[] decrypted = ProtectedData.Unprotect(data, null, DataProtectionScope.CurrentUser);
        return Encoding.Unicode.GetString(decrypted);
    }


private void firstTimeAppOpen()
{
    RegistryKey regkey = Registry.CurrentUser;
    regkey = regkey.CreateSubKey(globalPath); //path

    DateTime dt = DateTime.Now;
    string Date = dt.ToShortDateString(); // get only date not time

    string getDate = EncryptData(Date);

    regkey.SetValue("Install", getDate); //Value Name,Value Data
    regkey.SetValue("Use", getDate); //Value Name,Value Data
}

registry after encrypted data

Answer 2

To put it simply, this sort of solution will always be vulnerable. You can, however, make it inconvenient.

Consider calculating a hash value from these properties and storing it in the registry. If a user tries to modify the values then the stored hash value will no longer match the expected value, and you'll know that the registry has been tampered with.

Clever users can work around this system, but it will stop casual tampering.

This is an example of how you might calculate the hash:

var installDate = new DateTime(2016, 12, 28); // replace with registry value
var useDate = new DateTime(2017, 01, 31); // replace with registry value
var inputs = installDate.ToString("yyyy-MM-dd") + "," + useDate.ToString("yyyy-MM-dd");
using (var sha = new System.Security.Cryptography.SHA256CryptoServiceProvider())
{
    var hash = sha.ComputeHash(Encoding.ASCII.GetBytes(inputs));
}