An example implementation of cryptographically verifying license key authenticity using ECC and RSA cryptography, for use in offline licensing models.
This is an example of cryptographically validating license keys, and
extracting embedded tamper-proof data within the key for offline use, all
with your Keygen account’s public key. You can find your public key within
your account’s settings page.
Cryptographically validating encrypted and signed licenses can be used
to implement offline licensing, as well as adding additional security to
your licensing model. All that is needed to cryptographically validate
a license is your account’s public key.
The license’s policy must implement one of the following schemes:
ED25519_SIGNRSA_2048_PKCS1_SIGN_V2RSA_2048_PKCS1_PSS_SIGN_V2RSA_2048_PKCS1_ENCRYPTRSA_2048_JWT_RS256First up, add an environment variable containing your public key:
# Your Keygen account's Ed25519 or RSA public keyexport KEYGEN_PUBLIC_KEY="YOUR_PUBLIC_KEY_HERE"
You can either run each line above within your terminal session before
starting the app, or you can add the above contents to your ~/.bashrc
file and then run source ~/.bashrc after saving the file.
Next, install dependencies with yarn:
yarn
Then run the script, passing in the key as well as the scheme:
yarn start --scheme ED25519_SIGN --key SOME_SIGNED_LICENSE_KEY_HERE# or...yarn start -s RSA_2048_PKCS1_PSS_SIGN_V2 -k SOME_LICENSE_KEY_HERE
How a given license key is validated will depend on the scheme. Please
review the code for a more thorough overview of how each scheme is
validated. Be sure to copy your public key correctly - your keys will
fail validation if it is copied incorrectly. You can find your public
key in your account’s settings.
Reach out at support@keygen.sh if you have any
questions or concerns!