First of all, our product must be available fully offline, which means, I cannot validate the license online (sadly).
I am currently using the RSACryptoServiceProvider to encrypt my data. This works perfectly fine and I can also decrypt the data using my private key.
Now I have stumbled across a problem. When I encrypt my data multiple times, I generate different results because of the padding. The problem I have now is, if I want to validate the license without the private key, how is that possible? My approach was to take the same information I have, generate an identical key with the same data and check if the newly generated key matches the entered license key. This is not possible when the generated key always differs.
E.g.: If I encrypt the string "Test 123" I (for example) get the license key ABC123. On our product I then take the same string ("Test 123") and encrypt it again, using the public key. For now the result is always different and not ABC123, but (for example) B21CA3, AC23B1, 3BAC21, ..., which would always result in the validity check to fail.
Is there something I completely missed or is it even possible to accomplish my target with the current approach? If this is not possible, what are the common approaches to do this exact use-case?