Add modules to repository

Papers/includes/changelog/Version 1.0

@@ -0,0 +1,2 @@
+January 24, 2016<br /><br />
+- Module released.

Papers/includes/changelog/Version 1.2

@@ -0,0 +1,7 @@
+April 6, 2016<br /><br />
+- Revamped cfgNginx.py to include support for adding, replacing, getting, and removing SSL keys.<br /><br />
+- cfgNginx.py now only selects the SSL keys associated with port 1471 instead of pulling all keys from the configuration file.<br /><br />
+- Removal of SSL keys is also targeted now.  In the previous version the whole /etc/nginx/ssl/ directory would be deleted but now only the keys you've selected for port 1471 will be removed.<br /><br />
+- Upon adding/replacing/removing SSL keys to Nginx the browser will now automatically redirect to the new protocol.<br /><br />
+- Updated the user interface<br /><br />
+- Fixed module.info to reflect current version of module.<br />

Papers/includes/changelog/Version 1.3

@@ -0,0 +1,3 @@
+July 30, 2016<br /><br />
+- Fixed bug where browser would refresh when approving/revoking SSH keys
+	

Papers/includes/changelog/Version 1.4

@@ -0,0 +1,4 @@
+September 12, 2016<br /></br >
+- Added functionality to upload certificate archives</br >
+- Updated UI<br />
+- Added dependency unzip</br >

Papers/includes/help/build.help

@@ -0,0 +1,36 @@
+<h4 style="color:red">WARNING!</h4>
+<strong>Do not encrypt the private key in the set you will use for SSL on the Pineapple!  If you do nginx will require a password upon boot which you will not have the chance to enter thus forcing you to factory reset your Pineapple!</strong>
+<hr />
+
+<strong>Key Type</strong><br />
+Select the type of keys you want to build.
+<br /><br />
+
+<strong>Bit Size</strong><br />
+This is the key length.  The higher the value the harder it is to crack the key.  Higher values will take longer to build and longer to check when used in applications.  2048 is the recommended value for web applications.
+<br /><br />
+
+<strong>Key Pair Name</strong><br />
+This is the name of your keys when they are generated.  Single word names are best.
+<br /><br />
+
+<strong>Days Valid</strong><br />
+This value indicates how long the certificate will be valid.  A default value of 365 days is set for convenience.
+<br /></br >
+
+
+<strong>Signature Algorithm</strong><br />
+SHA-1 is considered to be too weak these days, or it will be soon enough, so SHA-256 is selected by default.
+<br /><br />
+
+
+<strong>Certificate Info (click to expand)</strong><br />
+These fields are self explanatory and provide information that gets embedded in the public key.  This can be left blank but if so the default settings will be used by OpenSSL.
+<br /><br />
+
+<strong>Encrypt Private Key</strong><br />
+Check this box if you want to require a password to view the private key.  You will have to select an algorithm (SHA-256 by default) and enter a password.
+<br /><br />
+
+<strong>Export keys to PKCS#12 container</strong><br />
+Check this box if you want to export both the private and public keys into an encrypted container.  This option will generate three files (.cer, .pem, .pfx).

Papers/includes/help/status.help

@@ -0,0 +1,10 @@
+<strong>SSL Certificate and Private Key</strong><br />
+Displays the keys currently being used by nginx on your Pineapple. These values are pulled directly from /etc/nginx/nginx.conf so they are always current.
+<br /><br />
+
+<strong>Dependencies</strong><br />
+The only dependencies for Papers are zip and unzip which are downloaded via opkg. They are used to pack, and unpack, certificate archives for download/upload.
+<br /><br />
+
+<strong>Remove SSL</strong><br />
+This reverts the Pineapple back to its original web configuration and removes all traces of SSL from the nginx config.  This does not affect the certificate store or any configuration in the Papers module.

Papers/includes/help/store.help

@@ -0,0 +1,21 @@
+<strong>Encrypted</strong><br />
+Displays if the private key (.pem) is encrypted.  Does not include encryption on .pfx containers.
+<br /><br />
+
+<strong>PineSSL / PineSSH</strong><br />
+For TLS/SSL keys this button configures SSL on the Pineapple or swaps the current SSL keys with those selected.
+<br />
+For SSH key pairs this button has two modes (the state does not change for TLS/SSL keys):
+<br /><br />
+<ul>
+	<li><img src="/modules/Papers/includes/icons/glyphicons-204-lock.png"/>&nbsp&nbsp;Add key to /root/.ssh/authorized_keys to allow connections to users who hold the private key.<br /><br />
+	<li><img src="/modules/Papers/includes/icons/glyphicons-205-unlock.png"/>&nbsp;&nbsp;Revoke key from /root/.ssh/authorized_keys to deny connections from those who use the private key.
+</ul>
+<br />
+
+<strong>Download</strong><br />
+Packages the keys in the selected row into a zip archive and downloads it.
+<br /><br />
+
+<strong>Delete</strong><br />
+Removes the selected keys from the SSL store.  This can't be undone.

Papers/includes/nginx.conf

@@ -0,0 +1,95 @@
+user root root;
+worker_processes  1;
+
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+	include mime.types;
+	index index.php index.html index.htm;
+	default_type text/html;
+
+	sendfile on;
+	keepalive_timeout 65;
+	gzip on;
+
+	gzip_min_length  1k;
+	gzip_buffers     4 16k;
+	gzip_http_version 1.0;
+	gzip_comp_level 2;
+	gzip_types       text/plain application/x-javascript text/css application/xml;
+	gzip_vary on;
+	server {
+		listen	80;		# Port, make sure it is not in conflict with another http daemon.
+		server_name  www;	# Change this, reference -> http://nginx.org/en/docs/http/server_names.html
+		error_page 404 =200 /index.php;
+		error_log /dev/null;
+		access_log /dev/null;
+		fastcgi_connect_timeout 300;
+		fastcgi_send_timeout 300;
+		fastcgi_read_timeout 300;
+		fastcgi_buffer_size 32k;
+		fastcgi_buffers 4 32k;
+		fastcgi_busy_buffers_size 32k;
+		fastcgi_temp_file_write_size 32k;
+		client_body_timeout 10;
+		client_header_timeout 10;
+		send_timeout 60;		# 60 sec should be enough, if experiencing alof of timeouts, increase this.
+		output_buffers 1 32k;
+		postpone_output 1460;
+
+		root   /www/;		# Your document root, where all public material is.
+
+		location ~ \.php$ {
+			fastcgi_index  index.php;
+			include        fastcgi_params;
+			fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+
+			if (-f $request_filename) {
+				# Only throw it at PHP-FPM if the file exists (prevents some PHP exploits)
+				fastcgi_pass    unix:/var/run/php5-fpm.sock;     # The upstream determined above
+			}
+		}
+		error_page 404 =200 /index.php;
+	}
+
+
+	server {
+		listen        1471;
+		server_name  pineapple;	# Change this, reference -> http://nginx.org/en/docs/http/server_names.html
+		error_page 404 =200 /index.php;
+		error_log /dev/null;
+		access_log /dev/null;
+		fastcgi_connect_timeout 300;
+		fastcgi_send_timeout 300;
+		fastcgi_read_timeout 300;
+		fastcgi_buffer_size 32k;
+		fastcgi_buffers 4 32k;
+		fastcgi_busy_buffers_size 32k;
+		fastcgi_temp_file_write_size 32k;
+		client_body_timeout 10;
+		client_header_timeout 10;
+		send_timeout 60;		# 60 sec should be enough, if experiencing alof of timeouts, increase this.
+		output_buffers 1 32k;
+		postpone_output 1460;
+
+		root   /pineapple/;		# Your document root, where all public material is.
+		add_header 'Cache-Control' 'no-cache, no-store, must-revalidate';
+
+		location ~ \.php$ {
+			fastcgi_index  index.php;
+			include        fastcgi_params;
+			fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+
+			if (-f $request_filename) {
+				# Only throw it at PHP-FPM if the file exists (prevents some PHP exploits)
+				fastcgi_pass    unix:/var/run/php5-fpm.sock;     # The upstream determined above
+			}
+		}
+	}
+}
+

Papers/includes/scripts/addSSHKey.sh

@@ -0,0 +1,33 @@
+#!/bin/sh
+
+#  Author: sud0nick
+#  Date:   Feb 2016
+
+help() {
+        echo "Usage: ./addAuthKey.sh <keydir> <opts>";
+        echo '';
+        echo 'Parameters:';
+        echo '';
+        echo -e '\t-k:\tName of key to be used';
+        echo '';
+}
+
+if  [ "$#" -lt 1 ]; then
+        help;
+        exit;
+fi
+
+SSH_STORE='/pineapple/modules/Papers/includes/ssh/';
+KEY='';
+
+while [ "$#" -gt 0 ]
+do
+
+if [[ "$1" == "-k" ]]; then
+	KEY="$2";
+fi
+
+shift
+done
+
+cat $SSH_STORE$KEY.pub >> /root/.ssh/authorized_keys

Papers/includes/scripts/buildCert.sh

@@ -0,0 +1,117 @@
+#!/bin/sh
+
+#  Author: sud0nick
+#  Date:   Jan 2016
+
+help() {
+	echo "Usage: ./buildCert.sh <opts>";
+	echo '';
+	echo 'Required Parameters:';
+	echo -e '\t-k,--keyName:\tName of exported key files';
+	echo '';
+	echo 'Optional Parameters:';
+	echo '';
+	echo -e '\t-b,--bitSize:\tBitsize of keys (Default: 2048)';
+	echo -e '\t-d,--days:\tNumber days keys will be valid (Default: 365)';
+	echo -e '\t-sa,--sigAlgo:\tSignature algorithm (Default: SHA-256)';
+	echo '';
+	echo 'Distinguished Name Options:';
+	echo '';
+	echo -e '\t-c,--country:\t\t\tCountry Code';
+	echo -e '\t-st,--state:\t\t\tState or Province';
+	echo -e '\t-l,--locality:\t\t\tCity or Locality';
+	echo -e '\t-o,--orgnaization:\t\tOrganization';
+	echo -e '\t-ou,--organizationalUnit:\tOrganizational Unit';
+	echo -e '\t-cn,--commonName:\t\tCommon Name';
+	echo -e '\t-email,--emailAddress:\t\tEmail Address';
+	echo '';
+}
+
+if [ "$#" -lt 1 ]; then
+	help;
+        exit;
+fi
+
+# Defaults
+SIGALGO="sha256";
+BITSIZE=2048;
+DAYS=365;
+
+while [ "$#" -gt 0 ]
+do
+
+if [[ "$1" == "-d" || "$1" == "--days" ]]; then
+        DAYS="$2";
+fi
+if [[ "$1" == "-b" || "$1" == "--bitSize" ]]; then
+        BITSIZE="$2";
+fi
+if [[ "$1" == "-k" || "$1" == "--keyName" ]]; then
+        KEYNAME="$2";
+fi
+if [[ "$1" == "-sa" || "$1" == "--sigAlgo" ]]; then
+        SIGALGO="$2";
+fi
+if [[ "$1" == "-c" || "$1" == "--country" ]]; then
+	COUNTRY="$2"
+fi
+if [[ "$1" == "-st" || "$1" == "--state" ]]; then
+        STATE="$2"
+fi
+if [[ "$1" == "-l" || "$1" == "--locality" ]]; then
+        LOCALITY="$2"
+fi
+if [[ "$1" == "-o" || "$1" == "--organization" ]]; then
+        ORGANIZATION="$2"
+fi
+if [[ "$1" == "-ou" || "$1" == "--organizationalUnit" ]]; then
+        OU="$2"
+fi
+if [[ "$1" == "-cn" || "$1" == "--commonName" ]]; then
+        CN="$2"
+fi
+if [[ "$1" == "-email" || "$1" == "--emailAddress" ]]; then
+        EMAIL="$2"
+fi
+
+shift
+done
+
+if [ -z "$DAYS" ] || [ -z "$BITSIZE" ] || [ -z "$KEYNAME" ]; then
+	echo "[-] You must enter at least key name, bitsize, and days valid parameters.";
+	help;
+	exit;
+fi
+
+subj="";
+ssl_store="/pineapple/modules/Papers/includes/ssl/";
+
+if [ -n "$COUNTRY" ]; then
+	subj="$subj/C=$COUNTRY";
+fi
+if [ -n "$STATE" ]; then
+        subj="$subj/ST=$STATE";
+fi
+if [ -n "$LOCALITY" ]; then
+        subj="$subj/L=$LOCALITY";
+fi
+if [ -n "$ORGANIZATION" ]; then
+	subj=$subj"/O=$ORGANIZATION";
+fi
+if [ -n "$OU" ]; then
+        subj="$subj/OU=$OU";
+fi
+if [ -n "$CN" ]; then
+	subj="$subj/CN=$CN";
+fi
+if [ -n "$EMAIL" ]; then
+        subj="$subj/emailAddress=$EMAIL";
+fi
+
+if [ -n "$subj" ]; then
+	openssl req -x509 -nodes -batch -days $DAYS -newkey rsa:$BITSIZE -$SIGALGO -keyout $ssl_store$KEYNAME.pem -out $ssl_store$KEYNAME.cer -subj "$subj";
+else
+	openssl req -x509 -nodes -batch -days $DAYS -newkey rsa:$BITSIZE -$SIGALGO -keyout $ssl_store$KEYNAME.pem -out $ssl_store$KEYNAME.cer;
+fi
+
+echo "Complete";

Papers/includes/scripts/cfgHelper.py

@@ -0,0 +1,121 @@
+#  Author: sud0nick
+#  Date:   Apr 2016
+
+from subprocess import call
+import os
+
+class ConfigHelper:
+
+	def __init__(self, sslDir = "/etc/nginx/ssl/"):
+		self.nginxConf = "/etc/nginx/nginx.conf"
+		self.lines = [f for f in open(self.nginxConf)]
+		self.ssl_dir = sslDir
+		self.serverBlockIndex = self.getServerBlockIndex()
+		self.currentSSLCerts = self.getCurrentSSLCerts()
+		
+
+	def checkSSLCertsExist(self):
+		flags = [".pem", ".cer"]
+		if os.path.isdir(self.ssl_dir):
+			for file in os.listdir(self.ssl_dir):
+				for flag in flags:
+					if flag in file:
+						flags.remove(flag)
+		if flags:
+			return False
+		else:
+			return True
+			
+	def getCurrentSSLCerts(self):
+		certs = []
+		index = self.serverBlockIndex
+		for line in self.lines[index:]:
+			if "ssl_certificate" in line:
+				i = line.rfind("/")
+				certs.append(line[i+1:].strip(";\n"))
+
+		return certs
+		
+		
+	def getServerBlockIndex(self):
+		index = 0
+		for line in self.lines:
+			if ("listen" in line) and not ("80" in line or "443" in line):
+					return index
+			index = index + 1
+
+		return False
+
+	
+	def checkSSLConfigStatus(self):
+		index = self.serverBlockIndex
+		for line in self.lines[index:]:
+			if "1471 ssl;" in line:
+				return True
+
+		return False
+		
+		
+	def addSSLConfig(self, keyName):
+
+		# Check if SSL has already been configured for port 1471
+		if self.checkSSLConfigStatus():
+			return True
+
+		index = 0
+		cert = keyName + ".cer"
+		key = keyName + ".pem"
+
+		with open(self.nginxConf, "w") as out:
+			for line in self.lines:
+				if index == self.serverBlockIndex:
+					line = "\t\tlisten\t1471 ssl;\n"
+				
+				if index > self.serverBlockIndex:
+					if "root   /pineapple/;" in line:
+						self.lines.insert(index + 1, "\t\tssl_certificate /etc/nginx/ssl/" + cert + ";\n"
+													"\t\tssl_certificate_key /etc/nginx/ssl/" + key + ";\n"
+													"\t\tssl_protocols TLSv1 TLSv1.1 TLSv1.2;\n")
+				index = index + 1
+				out.write(line)
+		call(["/etc/init.d/nginx", "reload"])
+		
+		return True
+	
+	def replaceSSLConfig(self, newKey):
+		cert = newKey + ".cer"
+		key = newKey + ".pem"
+		currentKey = self.currentSSLCerts[0].rsplit(".")[0]
+		index = 0
+
+		with open(self.nginxConf, "w") as out:
+			for line in self.lines:
+				if index > self.serverBlockIndex:
+					if (currentKey + ".cer") in line:
+						line = "\t\tssl_certificate /etc/nginx/ssl/" + cert + ";\n"
+					
+					if (currentKey + ".pem") in line:
+						line = "\t\tssl_certificate_key /etc/nginx/ssl/" + key + ";\n"
+					
+				index = index + 1
+				out.write(line)
+				
+		call(["/etc/init.d/nginx", "reload"])
+	
+	
+	def removeSSLConfig(self):
+		index = 0
+		with open(self.nginxConf, "w") as out:
+			for line in self.lines:
+				if index == self.serverBlockIndex:
+					line = "\t\tlisten\t1471;\n"
+				
+				if index > self.serverBlockIndex:
+					if "ssl_certificate" in line or "ssl_protocols" in line:
+						continue
+				
+				index = index + 1
+				out.write(line)
+				
+		call(["/etc/init.d/nginx", "reload"])
+		

Papers/includes/scripts/cfgNginx.py

@@ -0,0 +1,47 @@
+#!/usr/bin/python
+
+#  Author: sud0nick
+#  Date:   Jan 2016
+
+import sys
+import argparse
+from cfgHelper import ConfigHelper
+
+parser = argparse.ArgumentParser(description='Nginx Configuration Tool')
+parser.add_argument('-k', action='store', dest='keyName', help='Name of the keys to use for SSL configuration')
+group = parser.add_mutually_exclusive_group(required=True)
+group.add_argument('--add', action='store_true', dest='addSSL', help='Configure Nginx to use SSL.  Requires -k to be set.')
+group.add_argument('--replace', action='store_true', dest='replaceSSL', help='Replace current SSL certificates.  Requires -k to be set.')
+group.add_argument('--remove', action='store_true', dest='removeSSL', help='Remove SSL configuration from Nginx.')
+group.add_argument('--getSSLCerts', action='store_true', dest='getSSLCerts', help="Get the current certs being used for SSL in Nginx.")
+args = parser.parse_args()
+
+if (args.addSSL and not args.keyName) or (args.replaceSSL and not args.keyName):
+	parser.error("The option selected requires the -k option be provided as well.")
+
+# Create a new instance of ConfigHelper that points to the
+# nginx SSL store (default is /etc/nginx/ssl/)
+helper = ConfigHelper()
+
+# Add the configuration to the nginx config file
+if args.addSSL:
+	if not helper.checkSSLCertsExist():
+		print "SSL certs must first be generated"
+		quit()
+		
+	if not helper.addSSLConfig(args.keyName):
+		print "An error has occurred while attempting to configure SSL"
+	else:
+		print "Complete"
+		
+elif args.replaceSSL:
+	helper.replaceSSLConfig(args.keyName)
+	print "Complete"
+	
+elif args.removeSSL:
+	helper.removeSSLConfig()
+	print "Complete"
+	
+elif args.getSSLCerts:
+	if len(helper.currentSSLCerts) > 0:
+		print "\n".join(helper.currentSSLCerts)

Papers/includes/scripts/checkDepends.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+testZip=$(opkg list-installed | grep -w 'zip')
+testUnzip=$(opkg list-installed | grep -w 'unzip')
+
+if [ -z "$testZip" ]; then
+	echo "Not Installed";
+else
+	if [ -z "$testUnzip" ]; then
+		echo "Not Installed";
+	else
+		echo "Installed";
+	fi
+fi

Papers/includes/scripts/checkSSHKey.sh

@@ -0,0 +1,42 @@
+#!/bin/sh
+
+#  Author: sud0nick
+#  Date:   Feb 2016
+
+help() {
+        echo "Usage: ./checkSSHKey.sh <keydir> <opts>";
+        echo '';
+        echo 'Parameters:';
+        echo '';
+        echo -e '\t-k:\tName of key to be checked';
+        echo '';
+}
+
+if  [ "$#" -lt 1 ]; then
+        help;
+        exit;
+fi
+
+SSH_STORE='/pineapple/modules/Papers/includes/ssh/';
+KEY='';
+
+while [ "$#" -gt 0 ]
+do
+
+if [[ "$1" == "-k" ]]; then
+	if [ -e "$SSH_STORE$2.pub" ]; then
+	        KEY=$(cat "$SSH_STORE$2.pub");
+	else
+		exit;
+	fi
+fi
+
+shift
+done
+
+RES=$(cat /root/.ssh/authorized_keys | grep "$KEY")
+if [[ -z "$RES" ]]; then
+	echo "FALSE";
+else
+	echo "TRUE";
+fi

Papers/includes/scripts/copyKeys.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+#  Author: sud0nick
+#  Date:   Jan 2016
+
+if ! cp $1.pem /etc/nginx/ssl/; then
+	echo "Failed to copy $1.pem to /etc/nginx/ssl/";
+fi
+
+if ! cp $1.cer /etc/nginx/ssl/; then
+	echo "Failed to copy $1.cer to /etc/nginx/ssl/";
+fi

Papers/includes/scripts/encryptKeys.sh

@@ -0,0 +1,110 @@
+#!/bin/sh
+
+#  Author: sud0nick
+#  Date:   Jan 2016
+
+# Location of SSL keys
+ssl_store="/pineapple/modules/Papers/includes/ssl/";
+
+help() {
+	echo "Encryption/Export script for OpenSSL certificates";
+	echo "Usage: ./encryptKeys.sh <opts>";
+	echo "Use './encryptKeys.sh --examples' to see example commands";
+	echo '';
+	echo 'NOTE:';
+	echo "Current SSL store is at $ssl_store";
+	echo '';
+	echo 'Parameters:';
+	echo '';
+	echo -e '\t-k:\tName of key to be encrypted';
+	echo '';
+	echo 'Encryption Options:';
+	echo '';
+	echo -e '\t--encrypt:\tMust be supplied to encrypt keys';
+	echo -e '\t-a:\t\tAlgorithm to use for key encryption (aes256, 3des, camellia256, etc)';
+	echo -e '\t-p:\t\tPassword to use for encryption';
+	echo '';
+	echo 'Container Options:';
+	echo '';
+	echo -e '\t-c:\tContainer type (pkcs12, pkcs8)';
+	echo -e '\t-calgo:\tEncyrption algorithm for container. (Default is the value supplied for -a)';
+	echo -e '\t-cpass:\tPassword for container. (Default is the password supplied for -p)';
+	echo '';
+}
+
+examples() {
+	echo '';
+        echo 'Examples:';
+        echo 'Encrypt private key:';
+        echo './encryptKeys.sh -k keyName --encrypt -a aes256 -p password';
+        echo '';
+        echo 'Export keys to PKCS#12 container:';
+        echo './encryptKeys.sh -k keyName -c pkcs12 -calgo aes256 -cpass password';
+        echo '';
+        echo 'Encrypt private key and export to PKCS#12 container using same algo and pass:';
+        echo './encryptKeys.sh -k keyName --encrypt -a aes256 -p password -c pkcs12';
+        echo '';
+        echo 'Encrypt private key and export to PKCS#12 container using different algo and pass:';
+        echo './encryptKeys.sh -k keyName --encrypt -a aes256 -p password -c pkcs12 -calgo camellia256 -cpass diffpass';
+	echo '';
+}
+
+if [ "$#" -lt 1 ]; then
+        help;
+        exit;
+fi
+
+ENCRYPT_KEYS=false;
+
+while [ "$#" -gt 0 ]
+do
+
+if [[ "$1" == "--examples" ]]; then
+	examples;
+	exit;
+fi
+if [[ "$1" == "--encrypt" ]]; then
+	ENCRYPT_KEYS=true;
+fi
+if [[ "$1" == "-a" ]]; then
+        ALGO="$2";
+fi
+if [[ "$1" == "-k" ]]; then
+	KEY="$2";
+fi
+if [[ "$1" == "-p" ]]; then
+	PASS="$2";
+fi
+if [[ "$1" == "-c" ]]; then
+	CONTAINER="$2";
+fi
+if [[ "$1" == "-calgo" ]]; then
+	CALGO="$2";
+fi
+if [[ "$1" == "-cpass" ]]; then
+	CPASS="$2";
+fi
+
+shift
+done;
+
+# Generate a password on the private key
+if [ $ENCRYPT_KEYS = true ]; then
+	openssl rsa -$ALGO -in $ssl_store$KEY.pem -out $ssl_store$KEY.pem -passout pass:"$PASS";
+fi
+
+# If a container type is present but not an algo or pass then use
+# the same algo and pass from the private key
+if [ -n "$CONTAINER" ]; then
+	if [ -z "$CALGO" ]; then
+		CALGO="$ALGO";
+	fi
+	if [ -z "$CPASS" ]; then
+		CPASS="$PASS";
+	fi
+
+	# Generate a container for the public and private keys
+	openssl $CONTAINER -$CALGO -export -nodes -out $ssl_store$KEY.pfx -inkey $ssl_store$KEY.pem -in $ssl_store$KEY.cer -passin pass:"$PASS" -passout pass:"$CPASS";
+fi
+
+echo "Complete"

Papers/includes/scripts/genSSHKeys.sh

@@ -0,0 +1,59 @@
+#!/bin/sh
+
+#  Author: sud0nick
+#  Date:   Jan 2016
+
+help() {
+        echo "Usage: ./genSSHKeys.sh <opts>";
+        echo '';
+        echo 'Required Parameters:';
+        echo -e '\t-k,--keyName:\tName of exported key files';
+        echo '';
+        echo 'Optional Parameters:';
+        echo '';
+        echo -e '\t-b,--bitSize:\tBitsize of keys (Default: 2048)';
+	echo -e '\t-p,--pass:\tPassword for private key';
+	echo -e '\t-c,--comment:\tInclude a comment in the public key (Default: root@Pineapple)';
+	echo '';
+}
+
+if [ "$#" -lt 1 ]; then
+        help;
+        exit;
+fi
+
+# Defaults
+BITSIZE=2048;
+PASSWORD='';
+SSH_STORE="/pineapple/modules/Papers/includes/ssh/";
+COMMENT='root@Pineapple';
+
+while [ "$#" -gt 0 ]
+do
+
+if [[ "$1" == "-k" || "$1" == "--keyName" ]]; then
+        KEYNAME="$2";
+fi
+
+if [[ "$1" == "-b" || "$1" == "--bitSize" ]]; then
+        BITSIZE="$2";
+fi
+
+if [[ "$1" == "-p" || "$1" == "--pass" ]]; then
+        PASSWORD="$2";
+fi
+
+if [[ "$1" == "-c" || "$1" == "--comment" ]]; then
+	COMMENT="$2"
+fi
+
+shift
+done
+
+if [[ -z $KEYNAME ]]; then
+        help;
+        exit;
+fi
+
+ssh-keygen -q -b $BITSIZE -t rsa -N "$PASSWORD" -f $SSH_STORE$KEYNAME.pem -C $COMMENT
+mv $SSH_STORE$KEYNAME.pem.pub $SSH_STORE$KEYNAME.pub

Papers/includes/scripts/installDepends.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+#  Author: sud0nick
+#  Date:   Jan 2016
+
+opkg update > /dev/null;
+opkg install zip unzip > /dev/null;
+echo "Complete"

Papers/includes/scripts/packKeys.sh

@@ -0,0 +1,49 @@
+#!/bin/sh
+
+#  Author: sud0nick
+#  Date:   Jan 2016
+
+help() {
+	echo "Usage: ./packKeys.sh <keydir> <opts>";
+	echo '';
+	echo 'Parameters:';
+	echo '';
+	echo -e '\tkeydir:\tDirectory where the key resides';
+	echo -e '\t-f:\tFile names as string value';
+	echo -e '\t-o:\tName of output file';
+	echo '';
+}
+
+if  [ "$#" -lt 1 ]; then
+	help;
+	exit;
+fi
+
+# Define and clear out the download directory
+DL_DIR="/pineapple/modules/Papers/includes/download/";
+rm -rf $DL_DIR*
+
+# Get the key directory and shift it out of the argument vectors
+KEY_DIR="$1";
+shift;
+
+FILES='';
+OUTPUT='';
+export IFS=" ";
+
+while [ "$#" -gt 0 ]
+do
+
+if [[ "$1" == "-f" ]]; then
+	for word in $2; do
+		FILES="$FILES $KEY_DIR$word";
+	done
+fi
+if [[ "$1" == "-o" ]]; then
+	OUTPUT="$2";
+fi
+
+shift
+done;
+
+zip -j $DL_DIR$OUTPUT $FILES > /dev/null;

Papers/includes/scripts/readKeys.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+# Author: sud0nick
+#   Date: April 6, 2016
+
+IN_SERVER_BLOCK=false;
+
+while read p; do
+	if [[ $IN_SERVER_BLOCK == false ]]; then
+		if [[ $p == *"listen"* && $p == *"1471"* ]]; then
+			IN_SERVER_BLOCK=true;
+		fi
+	else
+		if [[ $p == *".cer;" || $p == *".pem;" ]]; then
+			echo $p | cut -d '/' -f 5 | tr -d ';';
+		fi
+	fi
+done < /etc/nginx/nginx.conf

Papers/includes/scripts/removeDepends.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+#  Author: sud0nick
+#  Date:   Jan 2016
+
+opkg remove zip unzip > /dev/null;

Papers/includes/scripts/removeKeys.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+#  Author: sud0nick
+#  Date:   Jan 2016
+
+SSL_DIR="/etc/nginx/ssl/";
+
+while [[ $# -gt 0 ]]; do
+	rm -rf $SSL_DIR$1;
+	shift;
+done

Papers/includes/scripts/revokeSSHKey.sh

@@ -0,0 +1,34 @@
+#!/bin/sh
+
+#  Author: sud0nick
+#  Date:   Feb 2016
+
+help() {
+        echo "Usage: ./revokeSSHKey.sh <keydir> <opts>";
+        echo '';
+        echo 'Parameters:';
+        echo '';
+        echo -e '\t-k:\tName of key to be revoked';
+        echo '';
+}
+
+if  [ "$#" -lt 1 ]; then
+        help;
+        exit;
+fi
+
+SSH_STORE='/pineapple/modules/Papers/includes/ssh/';
+KEY='';
+
+while [ "$#" -gt 0 ]
+do
+
+if [[ "$1" == "-k" ]]; then
+	KEY=$(cat "$SSH_STORE$2.pub");
+fi
+
+shift
+done
+
+# Revoke the key from /root/.ssh/authorized_keys
+grep -v "$KEY" /root/.ssh/authorized_keys > /root/.ssh/authorized_keys.new; mv /root/.ssh/authorized_keys.new /root/.ssh/authorized_keys

Papers/includes/scripts/testEncrypt.sh

@@ -0,0 +1,35 @@
+#!/bin/sh
+
+
+help() {
+        echo "Usage: ./testEncrypt.sh <opts>";
+        echo '';
+        echo 'Parameters:';
+        echo '';
+	echo -e '\t-d:\tDirectory where key resides';
+        echo -e '\t-k:\tName of key to test';
+        echo '';
+}
+
+if  [ "$#" -lt 2 ]; then
+        help;
+        exit;
+fi
+
+KEY=''
+KEYDIR=''
+
+while [ "$#" -gt 0 ]
+do
+
+if [[ "$1" == "-k" ]]; then
+	KEY="$2.pem"
+fi
+if [[ "$1" == "-d" ]]; then
+        KEYDIR="$2"
+fi
+
+shift
+done;
+
+openssl rsa -in $KEYDIR$KEY -passin pass: | awk 'NR==0;'

Papers/includes/scripts/unpackKeyArchive.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+
+#  Author: sud0nick
+#  Date:   Sept 2016
+
+help() {
+	echo "Usage: ./unpackKeyArchive.sh -f <fileName>";
+	echo '';
+	echo 'Parameters:';
+	echo '';
+	echo -e '\t-f:\tFile name without extension';
+	echo '';
+}
+
+if  [ "$#" -lt 2 ]; then
+	help;
+	exit;
+fi
+
+# Define and clear out the download directory
+DL_DIR="/pineapple/modules/Papers/includes/upload/";
+
+FILE='';
+export IFS=" ";
+
+while [ "$#" -gt 0 ]
+do
+
+if [[ "$1" == "-f" ]]; then
+	FILE="$DL_DIR$2"
+fi
+
+shift
+done;
+
+output=$(unzip $FILE.zip -d $DL_DIR);
+
+# If the archive contained a .pub these
+# keys are destined for the SSH directory
+if [[ $output == *".pub"* ]]; then
+	mv $FILE.pub /pineapple/modules/Papers/includes/ssh/
+	mv $FILE.pem /pineapple/modules/Papers/includes/ssh/
+fi
+
+# If the archive contained a .cer these
+# keys are destined for the SSL directory
+if [[ $output == *".cer"* ]]; then
+	mv $FILE.cer /pineapple/modules/Papers/includes/ssl/
+	mv $FILE.pem /pineapple/modules/Papers/includes/ssl/
+fi
+
+# Clear the download directory
+rm -rf $DL_DIR*