Security & Compliance
Enterprise-grade security with open source transparency. No black boxes in your critical infrastructure.
Open source verification library
Our client library is MIT-licensed and open source. Security teams can audit every line of code that runs in your air-gapped environment.
- Full source code access
Inspect every line of the verification logic
- No obfuscation
Clear, readable Rust code with full documentation
- Build from source
Compile your own binary for maximum trust
┌─────────────────────────────────────┐
│ Your Application │
├─────────────────────────────────────┤
│ Licenz Client (Open Source) │
│ ┌───────────────────────────┐ │
│ │ • Signature Verification │ │
│ │ • Hardware Fingerprint │ │
│ │ • Time Validation │ │
│ │ • Feature Extraction │ │
│ └───────────────────────────┘ │
├─────────────────────────────────────┤
│ License File │
│ ┌───────────────────────────┐ │
│ │ • Signed Claims (JWT-like)│ │
│ │ • Hardware Binding │ │
│ │ • Expiration Date │ │
│ │ • Feature Flags │ │
│ └───────────────────────────┘ │
└─────────────────────────────────────┘
↑ Your public key validates
│ No network requiredModern cryptographic standards
Industry-standard algorithms with pluggable architecture for future-proofing
RSA-SHA256
2048/3072/4096-bit keys for license signatures. Industry standard for asymmetric encryption.
Ed25519
Modern elliptic curve signatures. Faster verification, smaller keys, same security level.
AES-256-GCM
Authenticated encryption for state storage. Protects clock state and local data.
Argon2id
Memory-hard key derivation for hardware-bound encryption keys. Resistant to GPU attacks.
Pluggable Architecture
Strategy pattern allows swapping algorithms. Ready for post-quantum (Dilithium, Kyber) when needed.
No Phone Home
Zero network calls during validation. Your public key is all that's needed to verify licenses.
Hardware fingerprinting
Bind licenses to specific machines using multiple hardware identifiers with weighted scoring and drift tolerance.
Collected Identifiers
- • MAC addresses (with weight scoring)
- • Disk serial numbers
- • Hostname
- • Machine ID (OS-specific)
- • Container/VM detection
Fuzzy Matching
Minor hardware changes (RAM upgrade, new network card) don't invalidate licenses. Configurable threshold for matching tolerance.
Environment Detection
Time-tampering protection
Prevent clock rollback attacks on time-limited licenses
Monotonic Clock Tracking
Records high-water mark of observed time. Detects if system clock is rolled back.
Encrypted State Storage
Clock state encrypted with hardware-derived key. Can't be copied between machines.
Multi-Location Storage
State stored in multiple locations. Harder to tamper with all copies simultaneously.
Compliance readiness
Built with enterprise compliance requirements in mind
Data Sovereignty
- Self-hosted deployment option for enterprise
- No data leaves air-gapped networks
- Full audit logging available
SOC 2 Path
- Security controls documented
- Access controls and RBAC
- Enterprise SSO/SAML support
GDPR Compliance
- Data export capabilities
- Data deletion on request
- EU data residency options
Industry Standards
- HIPAA-compatible for healthcare
- FedRAMP path for government
- ISO 27001 alignment
Responsible disclosure
We take security seriously. If you discover a vulnerability, please report it responsibly.
Email security issues to security@licenz.dev
We aim to respond within 24 hours and will work with you to understand and address the issue. We do not pursue legal action against researchers acting in good faith.
Ready to secure your software?
Enterprise-grade security with open source transparency.