Tatsumi Crew - File Manager

Type	Name	Operations
	images Open
	php53 Open
	php56 Open
	php71 Open
	php81 Open
	php82 Open
	.env	Edit Get
	.htaccess	Edit Get
	changelog.txt	Edit Get
	clone.php	Edit Get
	edit.php	Edit Get
	edit.xml	Edit Get
	extend.php	Edit Get
	fileindex.php	Edit Get
	import.php	Edit Get
	info.xml	Edit Get
	install.js	Edit Get
	install.php	Edit Get
	install.xml	Edit Get
	md5	Edit Get
	notes.txt	Edit Get
	oauth-private.key	Edit Get
	oauth-public.key	Edit Get
	update_keys.php	Edit Get
	update_pass.php	Edit Get
	upgrade.php	Edit Get
	upgrade.xml	Edit Get

File Editor: `update_keys.php`

<?php

global $key, $error;

$key = base64_decode('[[APP_KEY]]');

//Required to autoload the namespaces
require_once '../vendor/autoload.php';

use Ramsey\Uuid\Uuid;
use phpseclib3\Crypt\RSA;

$uuid5 = (string)Uuid::uuid5(Uuid::NAMESPACE_URL, 'firefly-iii.org');

//This is to generate public and private key pairs(of 4096 bits) using phpseclib's RSA class's createKey() function and store the keys in database

$keys = array();

$keys = RSA::createKey(4096);

$public_key = (string)$keys->getPublicKey();

$private_key = (string)$keys;

echo '<private_key>'.$private_key.'</private_key>';
echo '<public_key>'.$public_key.'</public_key>';

//Encrypting the keys
$uuid5_enc =  json_encode($uuid5);
$private_key_enc =  json_encode(__encrypt($private_key));
$public_key_enc =  json_encode(__encrypt($public_key));

echo '<installation_id>'.$uuid5_enc.'</installation_id>';
echo '<private_key_enc>'.$private_key_enc.'</private_key_enc>';
echo '<public_key_enc>'.$public_key_enc.'</public_key_enc>';

function __encrypt($value, $serialize = true)
{
	global $key, $error;
	$cipher = 'AES-256-CBC';
	//$this->cipher
	$iv = random_bytes(openssl_cipher_iv_length($cipher));

	// First we will encrypt the value using OpenSSL. After this is encrypted we
	// will proceed to calculating a MAC for the encrypted value so that this
	// value can be verified later as not having been changed by the users.
	$value = openssl_encrypt(
		$serialize ? serialize($value) : $value,
		$cipher, $key, 0, $iv
	);

	if ($value === false) {
		$error[] = 'Could not encrypt the data.';
	}

	// Once we get the encrypted value we'll go ahead and base64_encode the input
	// vector and create the MAC for the encrypted value so we can then verify
	// its authenticity. Then, we'll JSON the data into the "payload" array.
	$mac = __hash($iv = base64_encode($iv), $value);

	$json = json_encode(compact('iv', 'value', 'mac'));

	if (json_last_error() !== JSON_ERROR_NONE) {
		$error[] = 'Could not encrypt the data.';
	}

	return base64_encode($json);
}

function __hash($iv, $value)
{
	global $key;
	return hash_hmac('sha256', $iv.$value, $key);
}

@unlink('update_keys.php');

?>

Current Directory

File Transfer

File Editor: update_keys.php

File Editor: `update_keys.php`