#!/usr/bin/env php . // usage: generate_account_ownership_keys.php [overwrite] // // This script generates the public and private keys for the proof of // account ownership feature of the website that is described // here: https://boinc.berkeley.edu/trac/wiki/ProofOfOwnership // // If the overwrite option is set, then the existing keys will be deleted and // new keys generated. This will invalidate all existing account ownership // proofs so use with caution. require_once("../inc/boinc_db.inc"); require_once("../inc/user.inc"); require_once("../inc/util.inc"); require_once("../inc/account_ownership.inc"); if ( !function_exists('openssl_pkey_new') ) { echo "WARNING: OpenSSL functions not available. Not generating account ownership keys.\n"; exit(1); } if (php_sapi_name() == "cli") { if (!empty($argv[1])) { if ($argv[1] == "overwrite") { if (file_exists($account_ownership_private_key_file_path)) { // If the private key exists, delete it. unlink($account_ownership_private_key); echo "erased '$account_ownership_private_key_file_name' \n"; } if (file_exists($account_ownership_public_key_file_path)) { // If the public key exists, delete it. unlink($account_ownership_public_key); echo "erased '$account_ownership_public_key_file_name' \n"; } } } if ((!file_exists($account_ownership_private_key_file_path)) && (!file_exists($account_ownership_public_key_file_path))) { try { $generated_pkey = openssl_pkey_new(array( 'digest_alg' => 'sha512', 'private_key_bits' => 4096, 'private_key_type' => OPENSSL_KEYTYPE_RSA )); $pubkey = openssl_pkey_get_details($generated_pkey); // Get the public key from the generated pkey pair file_put_contents($account_ownership_public_key, $pubkey['key']); // Save the public key to disk openssl_pkey_export_to_file($generated_pkey, $account_ownership_private_key); // Save the private key to disk openssl_pkey_free($generated_pkey); // Free key data securely from memory if ((file_exists($account_ownership_private_key_file_path)) && (file_exists($account_ownership_public_key_file_path))) { echo "Successfully generated a new account ownership keypair. \n"; } else { throw new Exception('Failed to generate account ownership keypair.'); } } catch (Exception $e) { echo 'Caught exception during account ownership key generation: ', $e->getMessage(), "\n"; } } else { echo "The private and public keys already exist. Repeat the command with the 'overwrite' parameter to replace the existing ownership keys. \n"; } } else { echo "This script must be run from the CLI \n"; } ?>