Keyran License Key Link Review

| Control | Description | Rationale | |---------|-------------|-----------| | everywhere | All communications (portal → LKGS, client → KLS) use TLS 1.3 with forward secrecy. | Protects confidentiality and integrity of token exchange. | | Signed JWTs | RSA‑2048 signature validates authenticity. | Prevents tampering or forgery. | | Short‑token lookup | Short token never reveals the JWT content. | Limits exposure if the URL is leaked. | | Rate limiting | 5 activation attempts per minute per IP; CAPTCHA after 10 failures. | Mitigates credential‑stuffing and DoS attacks. | | IP‑allowlist for enterprise | Optional restriction – only approved corporate IP ranges may activate. | Aligns with corporate security policies. | | Audit logging | Immutable logs stored in a WORM (Write‑Once‑Read‑Many) system for 7 years. | Enables forensic analysis and compliance (e.g., ISO 27001). | | Key rotation | Private signing key rotated on a scheduled basis, with a grace period. | Reduces risk of key compromise. | | Secure storage | JWTs at rest are encrypted with a per‑tenant AES‑256 key stored in an HSM. | Prevents data leakage from database compromise. |

If you want, I can also explain how to activate the key within the Keyran app. Keyran - program for creating macros keyran license key link