Xecrets.Licensing 2.3.886

Prefix Reserved
There is a newer version of this package available.
See the version list below for details.
dotnet add package Xecrets.Licensing --version 2.3.886                
NuGet\Install-Package Xecrets.Licensing -Version 2.3.886                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Xecrets.Licensing" Version="2.3.886" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Xecrets.Licensing --version 2.3.886                
#r "nuget: Xecrets.Licensing, 2.3.886"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install Xecrets.Licensing as a Cake Addin
#addin nuget:?package=Xecrets.Licensing&version=2.3.886

// Install Xecrets.Licensing as a Cake Tool
#tool nuget:?package=Xecrets.Licensing&version=2.3.886                

xecrets-licensing

Xecrets Licensing - JWT Software License Handling

Introduction

Xecrets Licensing is a software licensing system that uses JSON Web Tokens (JWT) to handle software licensing. It is designed to be simple to use and easy to integrate into your software. By leveraging JWTs, Xecrets Licensing is able to provide a secure and flexible licensing within a well established and widely used standard.

It can work with any JWTs that are signed with a secret key, but it is specifically designed to work together with the Xecrets Cli command line tool, which provides command line functions to generate appropriate JWT licenses, as well as key pairs for signing and verifying the JWTs.

Xecrets Licensing is built with .NET 8.0 and is available as a NuGet package, and will run on any platform supporting .NET 8.0, including Windows, Linux, and macOS.

Concepts

Xecrets Licensing is built around the following concepts:

  • An expiration time, which is the time when the license will expire. Exactly how this is determined is determined by the implementation of ILicenseExpiration .

  • The type of the build, which can be a combination of GPL, Beta and Debug, as well as what should be considered the build time of the assembly. This is determined by the implementation of IBuildUtc .

  • A license status, which can be any of the values of LicenseStatus which are: GPL, Unlicensed, Expired, Valid or Invalid.

  • A licensee, which is the entity that the license is issued to. This can be any string determined by the implementation, but typically something tied to the user of the license such as an email address. This is encoded as the audience of the JWT.

  • A product, which is the product that the license is for. This can be any string determined by the implementation, typically a short code representing the product being licensed. This is encoded as a claim in the JWT.

Dependency injection

Xecrets Licensing is designed to be used with dependency injection, but it is agnostic to the actual implementation. Therefore there is an INewLocator interface that must be implemented to enable the library to create instances as determined by the consuming implementation. There is no default implementation, it must be provided by the consumer.

Quick start

To get started with Xecrets Licensing, you need to add the NuGet package to your project.

You also need a JWT key pair to sign and verify the JWTs. You can generate a key pair using Xecrets Cli:

XecretsCli --jwt-create-key-pair {private-pem} {public-pem}

You can specify a file path, or '-' for standard input, and '+' for standard output. A key pair intended for use with JWT algorithm ES256 is generated.

Once you have the key pair, you need to keep the private key secret and private. The public key can for example be published with your software. It is not secret.

You can use any method you chose to sign a JWT license, including Xecrets Cli, Node.js and C#. This is not included in Xecrets Licensing, as it's intended for use in the licensed application primarily.

Here's how Xecrets Cli does it C#:

var now = New<INow>().Utc;
var handler = new JsonWebTokenHandler();

var key = ECDsa.Create();
key.ImportFromPem(parameters.JwtPrivateKeyPem.Replace("\\n", Environment.NewLine));
string token = handler.CreateToken(new SecurityTokenDescriptor
{
    Issuer = parameters.JwtIssuer,
    Audience = parameters.JwtAudience,
    NotBefore = now,
    Expires = now.AddDays(parameters.JwtDaysUntilExpiration),
    IssuedAt = now,
    Claims = parameters.JwtClaims,
    SigningCredentials = new SigningCredentials(new ECDsaSecurityKey(key), SecurityAlgorithms.EcdsaSha256)
});

Of course you can use Xecrets Cli to do it from a script or the command line:

XecretsCli.exe --overwrite --jwt-audience licensee@example.com --jwt-claims 365 "{""myclaim.example.com"":""myapp""}" --jwt-issuer me@example.com --jwt-private-key private.pem --jwt-sign license.txt

This will use the provided private.pem key and create or overwrite a file named license.txt with a signed JWT license that expires in 365 days, with the audience licensee@example.com, the issuer me@example.com and the claim myclaim.example.com=myapp. Beware quoting rules for your command line, the above is for Windows cmd.

Given the above JWT license, you can verify it in C# with Xecrets Licensing something like this, somewhat abbreviated:

private static ServiceProvider _serviceProvider;
...
internal class NewLocator : INewLocator
{
    public T New<T>() where T : class
    {
        return (T)(_serviceProvider.GetService(typeof(T))!;
    }
}
...
    .AddSingleton<ILicense>((_) => new License(new NewLocator(), issuer: "me@example.com", claim: "myclaim.example.com", [LicensePublicKey], ["myapp"]))
...
public class MyLicenseChecker(ILicense license)
{
    public async Task<bool> IsLicensed(string licenseCandidate)
    {
        await license.LoadFromAsync([licenseCandidate])
        return license.Status() == LicenseStatus.Valid;
    }
}

The license validation will ensure that the license is signed with the correct private key, and that the claim is correct and that it is not expired, assuming you are using the Xecrets Licensing default implementation of ILicense.

API documentation

The full API documentation is available in the docs folder. The full source is available on https://github.com/xecrets/xecrets-licensing and example use can be seen in https://github.com/xecrets/xecrets-cli .

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
2.3.904 41 12/19/2024
2.3.886 83 11/26/2024
2.3.856 100 11/3/2024
2.3.776 90 10/10/2024
2.3.723 107 9/12/2024
2.3.638 142 8/14/2024
2.3.638-beta 108 8/13/2024
2.3.636 123 8/12/2024
1.0.35 98 7/22/2024
1.0.34 105 6/25/2024
1.0.33 98 6/25/2024
1.0.30 127 5/25/2024
1.0.29 103 5/13/2024
1.0.27 94 5/9/2024
1.0.26 75 5/2/2024
1.0.25 90 5/1/2024
1.0.22 116 4/24/2024
1.0.21 122 4/24/2024
1.0.17 152 11/29/2023
1.0.16 123 11/26/2023
1.0.14 140 11/21/2023
1.0.13 121 11/20/2023
1.0.10 158 10/20/2023
1.0.7 114 10/18/2023
1.0.6 142 10/16/2023
1.0.5 114 10/12/2023
1.0.4 116 9/29/2023