{"id":37566597,"url":"https://github.com/xecrets/xecrets-licensing","last_synced_at":"2026-01-16T09:17:36.920Z","repository":{"id":260924328,"uuid":"698123354","full_name":"xecrets/xecrets-licensing","owner":"xecrets","description":"Xecrets Licensing - JWT Software License Handling","archived":false,"fork":false,"pushed_at":"2026-01-11T18:47:42.000Z","size":103,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-11T22:13:17.171Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xecrets.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-09-29T07:57:22.000Z","updated_at":"2025-10-29T15:45:46.000Z","dependencies_parsed_at":"2025-06-03T08:09:42.355Z","dependency_job_id":"c2e20a56-b31f-4f74-b51b-a283f0569596","html_url":"https://github.com/xecrets/xecrets-licensing","commit_stats":null,"previous_names":["xecrets/xecrets-licensing"],"tags_count":13,"template":false,"template_full_name":null,"purl":"pkg:github/xecrets/xecrets-licensing","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xecrets%2Fxecrets-licensing","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xecrets%2Fxecrets-licensing/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xecrets%2Fxecrets-licensing/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xecrets%2Fxecrets-licensing/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xecrets","download_url":"https://codeload.github.com/xecrets/xecrets-licensing/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xecrets%2Fxecrets-licensing/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28478049,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T06:30:42.265Z","status":"ssl_error","status_checked_at":"2026-01-16T06:30:16.248Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-16T09:17:36.349Z","updated_at":"2026-01-16T09:17:36.909Z","avatar_url":"https://github.com/xecrets.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# xecrets-licensing\n\nXecrets Licensing - JWT Software License Handling\n\n# Introduction \n\nXecrets Licensing is a software licensing system that uses JSON Web Tokens (JWT) to handle software\nlicensing. It is designed to be simple to use and easy to integrate into your software. By\nleveraging JWTs, Xecrets Licensing is able to provide a secure and flexible licensing within a well\nestablished and widely used standard.\n\nIt can work with any JWTs that are signed with a secret key, but it is specifically designed to work\ntogether with the [Xecrets Cli command line](https://github.com/xecrets/xecrets-cli) tool, which\nprovides command line functions to generate appropriate JWT licenses, as well as key pairs for\nsigning and verifying the JWTs.\n\nXecrets Licensing is built with .NET 8.0 and is available as a NuGet package, and will run on any\nplatform supporting .NET 8.0, including Windows, Linux, and macOS.\n\n# Concepts\n\nXecrets Licensing is built around the following concepts:\n\n- An expiration time, which is the time when the license will expire. Exactly how this is determined\nis determined by the implementation of\n[ILicenseExpiration](docs/Xecrets.Licensing.Abstractions.ILicenseExpiration.md\n'Xecrets.Licensing.Abstraction.ILicenseExpiration') .\n \n- The type of the build, which can be a combination of GPL, Beta and Debug, as well as what should\nbe considered the build time of the assembly. This is determined by the implementation of\n[IBuildUtc](docs/Xecrets.Licensing.Abstractions.IBuildUtc.md\n'Xecrets.Licensing.Abstractions.IBuildUtc') .\n\n- A license status, which can be any of the values of\n[LicenseStatus](docs/Xecrets.Licensing.Abstractions.LicenseStatus.md\n'Xecrets.Licensing.Abstractions.LicenseStatus') which are: GPL, Unlicensed, Expired, Valid or\nInvalid.\n\n- A licensee, which is the entity that the license is issued to. This can be any string determined\nby the implementation, but typically something tied to the user of the license such as an email\naddress. This is encoded as the audience of the JWT.\n\n- A product, which is the product that the license is for. This can be any string determined by the\nimplementation, typically a short code representing the product being licensed. This is encoded as a\nclaim in the JWT.\n\n# Dependency injection\n\nXecrets Licensing is designed to be used with dependency injection, but it is agnostic to the actual\nimplementation. Therefore there is an\n[INewLocator](docs/Xecrets.Licensing.Abstractions.INewLocator.md\n'Xecrets.Licensing.Abstractions.INewLocator') interface that must be implemented to enable the\nlibrary to create instances as determined by the consuming implementation. There is no default\nimplementation, it must be provided by the consumer.\n\n# Quick start\n\nTo get started with Xecrets Licensing, you need to add the NuGet package to your project.\n\nYou also need a JWT key pair to sign and verify the JWTs. You can generate a key pair using [Xecrets Cli](https://github.com/xecrets/xecrets-cli):\n\n```cmd\nXecretsCli --jwt-create-key-pair {private-pem} {public-pem}\n```\n\nYou can specify a file path, or '-' for standard input, and '+' for standard output. A key pair\nintended for use with JWT algorithm ES256 is generated.\n\nOnce you have the key pair, you need to keep the private key secret and private. The public\nkey can for example be published with your software. It is not secret.\n\nYou can use any method you chose to sign a JWT license, including Xecrets Cli, Node.js and C#. This\nis not included in Xecrets Licensing, as it's intended for use in the licensed application\nprimarily.\n\nHere's how Xecrets Cli does it C#:\n\n```csharp\nvar now = New\u003cINow\u003e().Utc;\nvar handler = new JsonWebTokenHandler();\n\nvar key = ECDsa.Create();\nkey.ImportFromPem(parameters.JwtPrivateKeyPem.Replace(\"\\\\n\", Environment.NewLine));\nstring token = handler.CreateToken(new SecurityTokenDescriptor\n{\n    Issuer = parameters.JwtIssuer,\n    Audience = parameters.JwtAudience,\n    NotBefore = now,\n    Expires = now.AddDays(parameters.JwtDaysUntilExpiration),\n    IssuedAt = now,\n    Claims = parameters.JwtClaims,\n    SigningCredentials = new SigningCredentials(new ECDsaSecurityKey(key), SecurityAlgorithms.EcdsaSha256)\n});\n```\n\nOf course you can use Xecrets Cli to do it from a script or the command line:\n    \n```cmd\nXecretsCli.exe --overwrite --jwt-audience licensee@example.com --jwt-claims 365 \"{\"\"myclaim.example.com\"\":\"\"myapp\"\"}\" --jwt-issuer me@example.com --jwt-private-key private.pem --jwt-sign license.txt\n```\n\nThis will use the provided private.pem key and create or overwrite a file named license.txt with a\nsigned JWT license that expires in 365 days, with the audience licensee@example.com, the issuer\nme@example.com and the claim myclaim.example.com=myapp. Beware quoting rules for your command line,\nthe above is for Windows cmd.\n\nGiven the above JWT license, you can verify it in C# with Xecrets Licensing something like this,\nsomewhat abbreviated:\n\n```csharp\nprivate static ServiceProvider _serviceProvider;\n...\ninternal class NewLocator : INewLocator\n{\n    public T New\u003cT\u003e() where T : class\n    {\n        return (T)(_serviceProvider.GetService(typeof(T))!;\n    }\n}\n...\n    .AddSingleton\u003cILicense\u003e((_) =\u003e new License(new NewLocator(), issuer: \"me@example.com\", claim: \"myclaim.example.com\", [LicensePublicKey], [\"myapp\"]))\n...\npublic class MyLicenseChecker(ILicense license)\n{\n    public async Task\u003cbool\u003e IsLicensed(string licenseCandidate)\n    {\n        await license.LoadFromAsync([licenseCandidate])\n        return license.Status() == LicenseStatus.Valid;\n    }\n}\n```\n\nThe license validation will ensure that the license is signed with the correct private key, and that\nthe claim is correct and that it is not expired, assuming you are using the Xecrets Licensing\ndefault implementation of ILicense.\n\n# API documentation\n\nThe full API documentation is available in the [docs](docs/index.md 'docs') folder. The full source\nis available on https://github.com/xecrets/xecrets-licensing and example use can be seen in\nhttps://github.com/xecrets/xecrets-cli .","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxecrets%2Fxecrets-licensing","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxecrets%2Fxecrets-licensing","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxecrets%2Fxecrets-licensing/lists"}