Machine-Bound Licensing & Token-Signing Service

Overview

The licensing core behind the desktop scripting product, a small Node/Python toolkit that issues cryptographically signed, machine-bound license tokens and verifies them on the client, using RSA key pairs and hardware fingerprinting.

Why It Exists

A commercial desktop product needs license keys that can’t be trivially copied between machines. This service generates signed tokens tied to a specific device fingerprint, so activation is provably issued and bound to one machine.

What We Built

Utilities to generate RSA key pairs (generate-keys.py, with private_key.pem / public_key.pem), encrypt/sign license tokens (encrypt.py, encryptToken.js), and derive a stable hardware fingerprint via node-machine-id (machine-id.js). License tokens are issued and verified as JWTs with jsonwebtoken, with electron-log for diagnostics, the same primitives the Electron launcher consumes for activation.

Technologies & Approach

Asymmetric RSA cryptography for sign/verify so only the issuer can mint licenses while clients verify with the public key; node-machine-id for hardware binding; JWT as the license token format; a mix of Python (key/token generation tooling) and Node (runtime verification). Deliberately compact and focused on the trust primitives.

Outcome / Impact

Provided the cryptographic backbone for the product’s licensing, enabling tamper-evident, machine-locked activation that pairs directly with the desktop launcher.

Capabilities Demonstrated

• Cryptographic license issuance and verification (RSA + JWT)
• Hardware fingerprinting for machine-bound activation
• Asymmetric sign/verify trust models for desktop software