public void SetClientPassword(string password)
{
if (_rsaKeyPair == null)
{
throw new FileNotFoundException("You must have a client publication key, see the command 'createkeys'", _keyfile);
}
_rsaKeyPair.SetClientPassword(System.Text.Encoding.UTF8.GetBytes(password));
}
public void ClientKeyPassword(
[Argument("site", "s", Description = "The root http address of the website copy.")]
string site,
[Argument("password", "p", Description = "The password to be used.")]
string passwordText)
{
string keyfile = Path.Combine(StoragePath(site), "client-publishing.key");
using (RSAKeyPair clientKey = new RSAKeyPair(keyfile, true))
clientKey.SetClientPassword(Encoding.UTF8.GetBytes(passwordText));
}
public void CreateKeys(
[Argument("site", "s", Description = "The root http address of the website copy.")]
string url,
[Argument("key-size", "k", DefaultValue = 4096, Description = "The size, in bits, of the RSA cryptographic keys to produce.")]
int keySize,
[Argument("password", "p", DefaultValue = null, Description = "The client password used for access to the RSA publishing key (Empty for prompt).")]
string clientKeyPassword,
[Argument("NoServerPassword", DefaultValue = false, Description = "Do not generate or require a password for the server's RSA publishing key.")]
bool noServerPassword)
{
ConfirmPrompt prompt = new ConfirmPrompt();
string path = StoragePath(url);
string serverFile = Path.Combine(path, "server-publishing.key");
if (File.Exists(serverFile) && !prompt.Continue("Overwrite existing file " + serverFile))
{
return;
}
string clientFile = Path.Combine(path, "client-publishing.key");
if (File.Exists(clientFile) && !prompt.Continue("Overwrite existing file " + clientFile))
{
return;
}
if (clientKeyPassword == "")
{
GetPassword("Enter password: "******"Confirm password: "******"The passwords do not match."));
}
byte[] serverPassBytes = new byte[48];
new System.Security.Cryptography.RNGCryptoServiceProvider().GetBytes(serverPassBytes);
using (RSAPrivateKey skey = new RSAPrivateKey(keySize))
using (RSAPrivateKey ckey = new RSAPrivateKey(keySize))
using (RSAKeyPair server = new RSAKeyPair(skey, ckey.PublicKey))
using (RSAKeyPair client = new RSAKeyPair(skey.PublicKey, ckey))
{
server.WriteTo(serverFile, noServerPassword ? null : (byte[])serverPassBytes.Clone());
client.WriteTo(clientFile, clientKeyPassword == null ? null : Encoding.UTF8.GetBytes(clientKeyPassword));
}
using (RSAKeyPair server = new RSAKeyPair(serverFile, true))
using (RSAKeyPair client = new RSAKeyPair(clientFile, true))
{ /* we can read both */
Check.NotNull(server.ClientPublicKey);
Check.NotNull(server.ServerPublicKey);
Check.NotNull(client.ClientPublicKey);
Check.NotNull(client.ServerPublicKey);
if (clientKeyPassword != null)
{
client.SetClientPassword(Encoding.UTF8.GetBytes(clientKeyPassword));
}
}
serverFile = FileUtils.MakeRelativePath(Environment.CurrentDirectory.TrimEnd('\\') + '\\', serverFile);
clientFile = FileUtils.MakeRelativePath(Environment.CurrentDirectory.TrimEnd('\\') + '\\', clientFile);
Console.WriteLine("IMPORTANT: Do not loose or share these files for security reasons.");
Console.WriteLine();
Console.WriteLine("The client key file is: " + clientFile);
Console.WriteLine("The server key file is: " + serverFile);
Console.WriteLine(@"
NEXT STEPS:
1. You must manually place the server key file in the web server's bin directory.
2. You should set the file ACL so that only the web server's account can read this file.
");
if (!noServerPassword)
{
Console.WriteLine(@"
3. After that you will need to run the following command to allow the server account to
access the private key:
> HttpClone.exe ServerKeyPassword " + url + @" " + Convert.ToBase64String(serverPassBytes) + @"
4. Don't screw it up since you only get one change then you must restart the server.
");
}
}
