<?php
// gen_keys.php — run ONCE, then delete this file.
$privatePath = __DIR__ . '/license_private.key';
$publicPath  = __DIR__ . '/license_public.pem';

$config = ["private_key_bits"=>2048, "private_key_type"=>OPENSSL_KEYTYPE_RSA];
$resource = openssl_pkey_new($config);
if (!$resource) { die("OpenSSL not available on this hosting."); }

$privKey = '';
if (!openssl_pkey_export($resource, $privKey)) { die("Failed to export private key"); }

$details = openssl_pkey_get_details($resource);
if (!$details || empty($details['key'])) { die("Failed to derive public key"); }

file_put_contents($privatePath, $privKey);
file_put_contents($publicPath, $details['key']);

// Try to harden perms (some hosts ignore this and keep 0644)
@chmod($privatePath, 0600);
@chmod($publicPath, 0644);

echo "OK: license_private.key and license_public.pem created.";