alikon · March 31, 2018 11:45
diff --git a/doyoutrustmypk.php b/doyoutrustmypk.php
 <?php
 /**
 * @package    Joomla.Cli
 *
 * @copyright  Copyright (C) 2005 - 2017 Open Source Matters, Inc. All rights reserved.
 * @license    GNU General Public License version 2 or later; see LICENSE.txt
 */

 /**
 * This is a CLI script to check my digital certifyed public key which should be called from the command-line, not the
 * web. For example something like:
 * /usr/bin/php /path/to/site/cli/trustmykey.php
 */

 // Initialize Joomla framework
 const _JEXEC = 1;

 // Load system defines
 if (file_exists(dirname(__DIR__) . '/defines.php'))
 {
 	require_once dirname(__DIR__) . '/defines.php';
 }

 if (!defined('_JDEFINES'))
 {
 	define('JPATH_BASE', dirname(__DIR__));
 	require_once JPATH_BASE . '/includes/defines.php';
 }

 // Get the framework.
 require_once JPATH_LIBRARIES . '/import.legacy.php';

 // Bootstrap the CMS libraries.
 require_once JPATH_LIBRARIES . '/cms.php';

 /**
 * Cli script to check developer public key against Joomla CA.
 *
 * @since  __DEPLOY_VERSION__
 */
 class trustmykey extends JApplicationCli
 {
 	/**
 	 * Entry point for the script
 	 *
 	 * @return  void
 	 *
 	 * @since   __DEPLOY_VERSION__
 	 */
 	public function doExecute()
 	{
 		// The Joomla CA public key
 		$cajoomla_pk = "036c05e30fb67d8b63af027299fca5d37579d16f14cd2670b9045f396e96984e";
 		// The extension devloper public key
 		$dev_pk='6c46e9505ba78f9fb113b34dace5c095f69d1f693d5a087272cf6d470e5e15c9';
 		echo 'CApublicKey:' . $cajoomla_pk, PHP_EOL;
 		echo '---', PHP_EOL;
 		echo 'DevPublicKey:' . $dev_pk, PHP_EOL;
 		// The Digital certificate of developer public key by the Joomla CA
 		$signature ='06cf537b63314038f1a18a928805b40aa5fbe3d01eaf849eb0c5d624be0ef3587909dfb0e1fce12a66ff8c2bbfa769d516f1f1932aae3f515e5fe0f94dc39b00';
 		echo 'Certificate:' . $signature , PHP_EOL;
 		$cajoomla_pk = ParagonIE_Sodium_Compat::hex2bin($cajoomla_pk);
 		// hash the developer public key
 		$digest   = hash("sha384", $dev_pk);
 		$dev_hash_pk = ParagonIE_Sodium_Compat::hex2bin($digest);
 		$signature   = ParagonIE_Sodium_Compat::hex2bin($signature);
 		// verify the signature of the developer public key
 		if (ParagonIE_Sodium_Compat::crypto_sign_verify_detached($signature, $dev_hash_pk, $cajoomla_pk)) 
 		{ 
 		    echo 'OK i trust your pk', PHP_EOL; 
 		}
 		else 
 		{ 
 		   throw new Exception('Invalid signature'); 
 		}  
 	}
 }

 JApplicationCli::getInstance('trustmykey')->execute();
	<?php
	/**
	* @package Joomla.Cli
	*
	* @copyright Copyright (C) 2005 - 2017 Open Source Matters, Inc. All rights reserved.
	* @license GNU General Public License version 2 or later; see LICENSE.txt
	*/

	/**
	* This is a CLI script to check my digital certifyed public key which should be called from the command-line, not the
	* web. For example something like:
	* /usr/bin/php /path/to/site/cli/trustmykey.php
	*/

	// Initialize Joomla framework
	const _JEXEC = 1;

	// Load system defines
	if (file_exists(dirname(__DIR__) . '/defines.php'))
	{
	require_once dirname(__DIR__) . '/defines.php';
	}

	if (!defined('_JDEFINES'))
	{
	define('JPATH_BASE', dirname(__DIR__));
	require_once JPATH_BASE . '/includes/defines.php';
	}

	// Get the framework.
	require_once JPATH_LIBRARIES . '/import.legacy.php';

	// Bootstrap the CMS libraries.
	require_once JPATH_LIBRARIES . '/cms.php';

	/**
	* Cli script to check developer public key against Joomla CA.
	*
	* @since __DEPLOY_VERSION__
	*/
	class trustmykey extends JApplicationCli
	{
	/**
	* Entry point for the script
	*
	* @return void
	*
	* @since __DEPLOY_VERSION__
	*/
	public function doExecute()
	{
	// The Joomla CA public key
	$cajoomla_pk = "036c05e30fb67d8b63af027299fca5d37579d16f14cd2670b9045f396e96984e";
	// The extension devloper public key
	$dev_pk='6c46e9505ba78f9fb113b34dace5c095f69d1f693d5a087272cf6d470e5e15c9';
	echo 'CApublicKey:' . $cajoomla_pk, PHP_EOL;
	echo '---', PHP_EOL;
	echo 'DevPublicKey:' . $dev_pk, PHP_EOL;
	// The Digital certificate of developer public key by the Joomla CA
	$signature ='06cf537b63314038f1a18a928805b40aa5fbe3d01eaf849eb0c5d624be0ef3587909dfb0e1fce12a66ff8c2bbfa769d516f1f1932aae3f515e5fe0f94dc39b00';
	echo 'Certificate:' . $signature , PHP_EOL;
	$cajoomla_pk = ParagonIE_Sodium_Compat::hex2bin($cajoomla_pk);
	// hash the developer public key
	$digest = hash("sha384", $dev_pk);
	$dev_hash_pk = ParagonIE_Sodium_Compat::hex2bin($digest);
	$signature = ParagonIE_Sodium_Compat::hex2bin($signature);
	// verify the signature of the developer public key
	if (ParagonIE_Sodium_Compat::crypto_sign_verify_detached($signature, $dev_hash_pk, $cajoomla_pk))
	{
	echo 'OK i trust your pk', PHP_EOL;
	}
	else
	{
	throw new Exception('Invalid signature');
	}
	}
	}

	JApplicationCli::getInstance('trustmykey')->execute();