Verifying License Activation

I am trying to understand when LexActivator does or does not contact the activation server.

The documentation states:
“Each time, your app starts, you need to verify whether your license is already activated or not. This verification should occur locally by verifying the signature of the JWT activation token using the RSA public key.”

Where do I find the JWT activation token, and how do I verify its signature?

Some other licensing systems store a cryptographically signed file on the local machine once a license has been activated which contains the relevant license information so subsequent activation checks do not need to contact the server. Does CryptLex work on the same principle? If so, please elaborate on where this information is stored, as I can’t find anything in the documentation.

Thanks in advance.


The JWT encryption and verification are already handled by LexActivator.

The local activation data is stored on Windows registry and on other platforms in a file. So every time your app starts the local activation data is decrypted, and its signature validated. If all goes well IsLIcenseGenuine() function returns LA_OK and starts a background thread to check if internet is available and if yes does a server sync. Even if sync doesn’t happen local data is guaranteed to be valid.

1 Like