LicenPro
DocumentationRSA keys

RSA keys, signing & API credentials

LicenPro uses two different kinds of keys: RSA signing keys (per product, for license.bin) and account API keys (for your automation scripts with scoped REST access). Customer apps and the SDK need the product public key and optionally the product X-API-KEY—never your RSA private key or operator password.

RSA private key

Server-only; signs every license file.

RSA public key

Embed in apps; SDK verifies signatures.

Account API keys

JWT-backed REST automation with scopes.

Part 1 — RSA signing keys (per product)

Each product has its own RSA key pair. When you issue or download a license, LicenPro signs the payload with the private key stored on the server. Your application embeds only the matching public key so LicenseClient can prove the file was issued for that product and was not tampered with.

Dashboard: generate and download

  1. Open the product → Settings (/dashboard/products/.../settings).
  2. Scroll to License signing keys (RSA).
  3. Click Generate keys if none exist, or Regenerate when rotating (see warning below).
  4. Click Download public key (PEM) for operators or copy Base64 material for SDK config.
Click image to open full-resolution preview.
Never ship the private key

The private key never leaves LicenPro. Do not paste it into apps, config files, or customer deliverables.

How signing fits validation

LicenseClient.ValidateAsync loads your public key (via LicenseClientOptions.PublicKey) and verifies the RSA signature on license.bin. Wrong product file, edited bytes, or stale key after rotation yields LicenseValidationStatus.SignatureMismatch.

using LicenPro.SDK;

await using var client = new LicenseClient(new LicenseClientOptions {
    LicenseFilePath = "license.bin",
    PublicKey = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A...",
    LicenseKey = "LP-...."
});

REST API (operator JWT)

Authorized product access required:

  • POST /api/Products/{id}/keys/generate — create or regenerate pair.
  • GET /api/Products/{id}/keys/status — whether keys exist and metadata.
  • GET /api/Products/{id}/keys/public — JSON public key for integrations.
  • GET /api/Products/{id}/keys/public/download — PEM file download.

Key rotation

Rotation impact

Regenerating RSA keys invalidates every license.bin signed with the old private key. Plan: publish app builds with the new public key, re-issue licenses, and stagger customer upgrades.

Related: derive-key endpoint

POST /api/security/derive-key (anonymous) derives material from licenseKey and salt for protected license file flows. The SDK coordinates this with LicenseFileProtector patterns where the customer key participates in decryption.

Part 2 — Account API keys (REST automation)

Separate from RSA and separate from the per-product X-API-KEY used on anonymous validation routes. Account API keys authenticate automation (CI, billing jobs, internal tools) to management APIs using scoped permissions. Manage them under SettingsAPI keys (/dashboard/settings, Developer & account section).

Click image to open full-resolution preview.

Generate API Key modal

Click Generate API Key and complete the form:

Click image to open full-resolution preview.
  • Name (required) — e.g. CI/CD Pipeline.
  • Description (optional) — rich text explaining purpose.
  • Expiration date (optional) — leave empty for no expiration.
  • Scopes — least privilege; typical pairs:
    • Read / Write Licenses
    • Read / Write Activations
    • Read / Write Products
    • Read / Write Releases
One-time display

After Generate Key, the secret is shown once. Copy it to a vault immediately; revoked keys cannot be recovered.

Credentials cheat sheet

  • Operator JWT — browser session after dashboard login; management routes.
  • Account API key — scoped automation from Settings → API keys.
  • Product X-API-KEY — per-product header for anonymous product routes (e.g. validate).
  • RSA public key — verify license.bin in the SDK.
  • RSA private key — never distributed; signs on server only.

See also Credentials at a glance on the system overview.

Continue learning