mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-01-17 06:08:19 +01:00
Code Issues Releases Wiki Activity

[ticket/17173] Add scripts for generating and verifying package signatures

Browse Source 
PHPBB3-17173
This commit is contained in:
Marc Alexander 2023-08-10 20:11:00 +02:00
parent ad3c6ff73c
commit 1ea2cbb678
No known key found for this signature in database
GPG Key ID: 50E0D2423696F995
2 changed files with 107 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
build/generate_signature.php Normal file
View File

@ -0,0 +1,51 @@
#!/usr/bin/env php
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
if ($_SERVER['argc'] != 3)
{
echo "Please specify the secret key and filename for which the signature should be created, e.g. generate_signature.php mySecretSecret path/to/file\n";
exit(1);
}
$secret_key = base64_decode($_SERVER['argv'][1]);
$file_path = $_SERVER['argv'][2];
if (!extension_loaded('sodium'))
{
die('Required sodium extension not loaded');
}
if (!file_exists($file_path))
{
die('File does not exist');
}
$hash = hash_file('sha384', $file_path, true);
try
{
$signature = sodium_crypto_sign_detached($hash, $secret_key);
} catch (SodiumException $e)
{
$keypair = sodium_crypto_sign_keypair();
$secret_key = base64_encode(sodium_crypto_sign_secretkey($keypair));
$public_key = base64_encode(sodium_crypto_sign_publickey($keypair));
echo 'Unable to create the signature: ' . $e->getMessage() . "\n";
echo "Maybe use these keys:\nPublic key: {$public_key}\nSecret key: {$secret_key}\n";
die();
}
$signature = base64_encode($signature);
file_put_contents($file_path . '.sig', $signature);

56
build/verify_signature.php Normal file
View File

@ -0,0 +1,56 @@
#!/usr/bin/env php
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
if ($_SERVER['argc'] != 4)
{
echo "Please specify the public key, filename for which the signature should be check, and the signature file, e.g. verify_signature.php superPublicKey path/to/file path/to/signature\n";
exit(1);
}
$public_key = base64_decode($_SERVER['argv'][1]);
$file_path = $_SERVER['argv'][2];
$signature_path = $_SERVER['argv'][3];
if (!extension_loaded('sodium'))
{
die('Required sodium extension not loaded');
}
if (!file_exists($file_path))
{
die('File does not exist');
}
if (!file_exists($signature_path))
{
die('Signature file does not exist');
}
$hash = hash_file('sha384', $file_path, true);
$signature = base64_decode(file_get_contents($signature_path));
try
{
if (sodium_crypto_sign_verify_detached($signature, $hash, $public_key))
{
echo 'Signature is valid!';
}
else
{
echo 'Signature is not valid!';
}
} catch (SodiumException $e)
{
die('Unable to verify the signature: ' . $e->getMessage() . "\n");
}