You don't have to make keys difficult to type. Just generate an rsa blob of whatever data you want and then pass it through a binary-to-text converter designed to avoid confusing characters, like
https://github.com/kstenerud/safe-encoding/blob/master/safe3...
Then you don't leak information because it's all layered, encoded BEFORE you generate the human inputtable text, and can contain any information you want.
1. RSA nowadays is a poor choice, better Elliptic Curve algorithms.
2. Keeping in code some blocks like "isLicenseValid()" is a faster help for reverse engineering attacks, because the crackers can simply skip that code block and you're done.
3. Security might be improved by obfuscating + applying signature verification (performed online, not offline on client) + avoiding storing any relevant status about license verification/key on the system registry or drive. Do these steps on the fly, always. In conditions of poor networking, check if you've some evidence of previously working sessions (e.g. saved files, last used ones from your app, personal settings). If not, throw an error
Shorter and more secure alternative with elliptic curve zero-knowledge proof - for example with a 160bit curve you could have a 240bit (30 byte) licence key comprised of a 160bit field element and an 80bit hash.
Then you don't leak information because it's all layered, encoded BEFORE you generate the human inputtable text, and can contain any information you want.