Release

macOS v2 licensing

Online activation, offline license blobs, support workflow, and revocation trade-offs for HASP.app.

HASP.app is the paid macOS GUI wrapper. The CLI and daemon remain available without a GUI license, and license checks must not gate the local broker, Unix socket, HTTP API, or command dispatcher.

Online Activation

Online purchases issue an email plus license key. HASP.app sends the email, key, and hardware ID to licenses.gethasp.com/v1/activate, stores the returned Ed25519-signed license blob in Keychain, and revalidates on the normal paid-license schedule. The online verifier public key is embedded in the app bundle at build time as HASPLicensePublicKey.

If revalidation cannot reach the licensing service, the GUI enters the grace state and shows License re-check pending. The CLI remains usable.

Offline Licenses

Air-gapped customers can request an offline license through support. Support verifies purchase status and signs a license blob on an offline machine with a separate offline signing key that is never deployed to the online license Worker:

cd tools/license-signer
go run . issue \
  --key-file /Volumes/offline/hasp-license-key.json \
  --passphrase-file /Volumes/offline/passphrase.txt \
  --email [email protected] \
  --plan enterprise \
  --hardware-id mac:customer-fingerprint \
  --expires-at never

The blob contains offline:true. HASP.app verifies the Ed25519 signature locally, stores the blob, and never calls the revalidation endpoint for that license. If hardware_id is present, activation fails on any other Mac. The hardware ID shown by HASP.app uses the mac:<sha256-of-serial> format; if macOS does not expose a stable serial-derived identifier, the app shows Unavailable and hardware-bound offline issuance should not proceed for that machine.

Support Workflow

  1. Customer emails support with proof of purchase and, when hardware binding is required, the Mac hardware ID shown in the HASP.app license sheet.
  2. Support uses the offline signing machine and tools/license-signer to issue a blob.
  3. Support sends the blob to the customer.
  4. Customer pastes the blob into the license sheet with the matching email.

Trade-Offs

Offline blobs are bearer artifacts and cannot be revoked remotely. If an offline license has no expiry, access ends only when the customer stops using that blob or receives a replacement. Prefer hardware binding and finite expiries for offline licenses. Keep the signing key offline, encrypted, and backed up separately; treat it as high-sensitivity signing material and rotate it only for compromise or planned migration.