Skip to main content
Free tool

License key generator

Generate cryptographically random license keys in bulk — 32-char hex, UUID v4, or human-friendly segmented formats. Copy them or download a CSV; everything runs in your browser.

 
10 Keys generated
128 bits Entropy per key
No Collisions realistically possible?

Keys are generated with the browser's cryptographic random source and never leave your device.

A license key is a random credential, not a code

There's nothing encoded in a good license key. No customer ID, no expiry date, no product tier hidden in the characters. It's a random string, and everything that makes it "valid" lives in the server's database: which order it belongs to, whether it's active, how many sites have activated it. That means the format is a UX decision, not a security one — pick whatever your customers will handle most comfortably.

What does matter is entropy. A 32-character hex key carries 4 bits per character:

32 hex chars × 4 bits = 128 bits of entropy

At 128 bits, even if you issued a billion keys, the chance of any two colliding — or of an attacker guessing one — is so small it's not worth a second thought. UUID v4 gives 122 bits (6 bits are fixed by the version and variant fields), which is just as comfortably out of reach.

Why segmented formats exist

The XXXXX-XXXXX style isn't more secure — it's more readable. It exists for the customer spelling a key to support over the phone, or typing it from a printed card. The alphabet here is A–Z and 2–9 with I, O, 0, and 1 removed, so nobody has to guess whether that character is a letter O or a zero. That leaves 32 symbols — 5 bits each — so 20 characters across four groups is 100 bits: less than hex, still unguessable in practice.

Why this is on a forms site

Core Forms includes a licensing server for WordPress: when a checkout form fulfills, it issues a 32-character hex key automatically, records the order against it, and validates activations from your customers' sites. This generator produces the same style of key by hand — useful for seeding an import, migrating keys from another system, or testing a validation endpoint before real orders arrive.

FAQ

License key questions

Are these license keys cryptographically secure?

Yes. Every key is built from crypto.getRandomValues, the browser’s cryptographic random source — the same API used for generating encryption keys. Math.random is never used. The segmented format maps random bytes onto its alphabet without modulo bias, so every character position is uniformly distributed.

Do the keys leave my browser?

No. Generation, copying, and the CSV download all happen locally in your browser with client-side JavaScript. There is no server call, no analytics event carrying key material, and no storage. Close the tab and the keys exist only where you pasted or saved them.

What format should I use for my product?

If customers never type the key, use 32-char hex or UUID — maximum entropy, zero ceremony. If a human might read the key aloud or type it from paper, use the segmented format: the grouped, lookalike-free alphabet is far easier to transcribe correctly. A prefix helps support staff identify your product.

How are license keys actually validated?

By a database lookup, not by the key’s shape. The licensing server stores each issued key with its order, status, and activation records; validation checks whether that exact string exists and is active. The format carries no meaning — a “valid-looking” key that isn’t in the database is just a string.

Can I generate keys for Core Forms with this tool?

Not for activating Core Forms itself — the plugin’s licensing server issues its own keys automatically when a purchase completes, and only those validate. This tool is for seeding key imports, migrating from another system, or issuing keys for your own products.