License Decryption Process

TechUI's authorization verification system is built on the principles of "Zero Trust" and "Complete Offline" operation. All decryption and verification logic is executed within the WebAssembly (Wasm) sandbox environment, ensuring that the authorization logic is difficult to tamper with or bypass, even on the browser side.

Depending on the component library level, TechUI employs two different decryption strategies.

Heavy License Decryption

Applicable Components: 💎 @techui/prime (Prime version)

The Prime version utilizes a high-intensity Two-Factor Decryption mechanism. It relies on the collaboration between a public Npm keychain package and a private Client Key, functioning much like a bank vault that requires two keys to open.

Core Composition

1. 🔑 Npm Keychain Package
   • Form: Published as an npm dependency package (e.g., @techui/prime-keychain).
   • Content: Contains a large number of obfuscated public key fragments. It is versioned and updated alongside the component library.
2. 🆔 Client Identity Key
   • Form: Encrypted string, issued by TechUI business departments.
   • Content: Contains only basic client identity information (company name, type, expiration date, region, etc.). Does not contain specific permission configurations.
3. ⚙️ Config Key
   • Form: Encrypted string, issued along with the Client Key.
   • Content: Contains detailed permission control parameters (project binding rules, sub-license information, function switches, etc.).

Decryption Steps

During initialization, the Wasm module strictly follows this 7-step closed-loop process:

1. Fingerprint Extraction: Wasm reads the provided Client Key and extracts the Key ID.
2. Public Key Location: Based on the extracted ID, it locates the matching Npm Key within the loaded @techui/prime-keychain memory segment.
3. First-Layer Decryption: The internal Wasm algorithm performs bootstrap decryption on the Npm Key to obtain a "private key seed" for decryption.
4. Identity Unlocking: Uses the "private key seed" to decrypt the user's Client Key and verify signature legitimacy.
5. Basic Information Extraction: Obtains basic license metadata (e.g., company, region, expDate).
6. Second-Layer Decryption (Config Loading): Combines all previous decryption results to perform the final decryption of the Config Key, obtaining detailed control parameters (JSON structure).
7. Ultimate Verification: Based on the full set of decrypted parameters combined with the current operating environment (domain, time, project name), it outputs the final Boolean verification result.

Lite License Decryption

Applicable Components: 🚀 Scifi / 📊 Base / 🎛️ Admin

To pursue ultimate ease of use and distribution efficiency, lightweight components adopt a one-way decryption mechanism.

Core Composition

• Single License String
  • Form: A single long string.
  • Content: Packages "identity information" and "configuration parameters" together through high-intensity compression and encryption.
• In commercial license distribution scenarios, a Sub-License Key String is also included.

Decryption Steps

1. Main License Decryption: Wasm directly uses internal algorithms to decrypt the main string and obtain authorization information for the current entity.
2. Sub-License Decryption (Commercial Licenses Only): If the license is detected as a "Commerce" license and contains a subLicense field, Wasm retrieves and decrypts the sub-license key to verify the final customer's authorization status.
3. Environment Verification: Compares the decrypted parameters (such as domain binding and expiration date) with the current running environment to determine whether to grant access.