GoGuard is a secure API service written in Go for managing license issuance tied to hardware identifiers (HWID).
The system is designed with security in mind, utilizing RSA for key exchange and signatures, and AES-256-GCM for encrypted communication.
The server supports handling license requests for multiple devices simultaneously.
Clients can request licenses for multiple hardware IDs (HWIDs) within separate sessions or in sequence.
The server validates each HWID independently and returns the corresponding encrypted license if available.
- Secure RSA-based handshake and session management
- Digital signature verification with mutual trust confirmation per session
- Secure AES-256 key delivery per session
- License issuing per unique HWID
- Session expiration and cleanup to prevent misuse
- Simple and clear API structure with meaningful responses
| Method | Path | Purpose |
|---|---|---|
| GET | /ping |
Health check |
| POST | /handshake |
Initialize session and exchange RSA keys |
| POST | /digital-signature |
Verify or create digital signature |
| GET | /get-key |
Retrieve AES encryption key |
| POST | /licence |
Validate HWID and receive license |
👉 GoGuard Wiki - API & Database Documentation
- Go (Golang)
- Gin HTTP Framework
golang.org/x/time/ratefor rate limiting middleware- RSA / AES-256-GCM Cryptography
- SQL Server for device and license storage
Download and install Go from the official website: https://go.dev/dl/
After installation, verify it by running:
go versionGoGuard/
├── crypto/ # RSA / AES encryption utilities
│ ├── aes.go
│ ├── aes_test.go
│ ├── licence.go
│ ├── licence_test.go
│ ├── rsa.go
│ └── rsa_test.go
│
├── db/ # Database queries
│ └── db.go
│
├── models/ # Data models
│ └── types.go
│
├── server/ # Server logic and API route handlers
│ ├── aes_key.go
│ ├── config.go
│ ├── digital_signature.go
│ ├── handshake.go
│ ├── licence.go
│ ├── rate_limiter.go
│ └── server.go
│
├── config.json # API and Database configurations
├── main.go # Application entrypoint
└── README.md # Project documentation
Before running the project, ensure that your SQL Server database is properly configured and that the specified table exists.
If you are not familiar with SQL Server setup or run into issues, refer to the Sql Server Setup.
Refer to the Database Schema for expected schema details.
⚠️ Note: The provided SQL script was generated using SQL Server 2019 (MSSQL15).
If you are using a different version (e.g., SQL Server 2022 / MSSQL16), update any file paths in the script accordingly:
C:\Program Files\Microsoft SQL Server\MSSQL15.SQLEXPRESS\MSSQL\DATA\→
C:\Program Files\Microsoft SQL Server\MSSQL16.SQLEXPRESS\MSSQL\DATA\
You must also provide a valid config.json file at the project root
🔔 Note: If you run the
init-database.sqlscript in SQL Server Management Studio and create the database that way, it is enough to simply configure yourconfig.jsonwith your own server name, username, and password.Make sure to use SQL Server Authentication (not Windows Authentication).
Open Terminal and position yourselft in the GoGuard directory, then run
go run main.goTo run all unit tests in the project, run the following command in the project root directory:
go test ./... -vThis will recursively execute all tests in the project.
A client program wants to verify if the device it is running on is valid and authorized. The flow is as follows:
- The client initiates a secure handshake with the server to exchange RSA keys.
- It performs digital signature verification to mutually confirm the identities.
- The client then requests the AES key, which the server provides encrypted with the client’s RSA public key.
- Using the AES key, the client sends its hardware ID (HWID) encrypted and requests a license.
- If a license exists, it returns the existing license encrypted with AES and if no license exists but the HWID is present in the database, the server generates a new license for that HWID and returns it encrypted with AES.
This process ensures the client device is authenticated and authorized to use the service securely.