Issuing Licenses
The licensing server is responsible for issuing a license and corresponding license key. The process interacts with other systems to verify the user, authorize the issuance of a license (i.e. payment), and produce artificats applications can use.
License Issuance Process
- Clients create a license request using the private key issued to them by the user management system. This key signs the request before sending it to the license management server.
- Once the request is received, the license management server requests the user's public key from the user management system. This is used to confirm the signature, authenticating the user's license request. The public key is temporarily stored for future use in the issuance process.
- After the user identify is authenticated, the license reuest is verified using one or more verification processes. This step usually verifies payment, but may include additional/alternative steps/services. Approval authorizes the creation of a license.
- Upon authoization, a license and key are generated (details below).
- The license and license key are delivered to the client.
License/Key Creation Process
The license and key creation process begins once the user is verified. The server generates an ECDSA keypair, consisting of a public/private key. Next, it generates a JSON Web Token (JWT). The JWT is signed with the private key, making the JWT ready to be used as a license. The JWT (license) can be verified using the public key. However; this does not link the license to a license holder (owner/client).
To link the license holder to the license, the license public key is encrypted using the client public key (from step 2 above). The resulting encrypted content is considered the complete "license key". It can only be decrypted by the client private key.
After the license private key is used to to sign the JWT, it is discarded.