+sub enable_encryption {
+
+ eval "use FS::Conf";
+ die $@ if $@;
+
+ my $conf = new FS::Conf;
+
+ die "encryption key(s) already in place"
+ if $conf->exists('encryptionpublickey')
+ || $conf->exists('encryptionprivatekey');
+
+ my $length = 2048;
+ my $rsa = Crypt::OpenSSL::RSA->generate_key($length);
+
+ $conf->set('encryption', 1);
+ $conf->set('encryptionmodule', 'Crypt::OpenSSL::RSA');
+ $conf->set('encryptionpublickey', $rsa->get_public_key_string );
+ $conf->set('encryptionprivatekey', $rsa->get_private_key_string );
+
+ # reload Record globals, false laziness with FS::Record
+ $FS::Record::conf_encryption = $conf->exists('encryption');
+ $FS::Record::conf_encryptionmodule = $conf->config('encryptionmodule');
+ $FS::Record::conf_encryptionpublickey = join("\n",$conf->config('encryptionpublickey'));
+ $FS::Record::conf_encryptionprivatekey = join("\n",$conf->config('encryptionprivatekey'));
+
+}
+
+sub enable_banned_pay_pad {
+
+ eval "use FS::Conf";
+ die $@ if $@;
+
+ my $conf = new FS::Conf;
+
+ die "banned_pay-pad already in place"
+ if length( $conf->config('banned_pay-pad') );
+
+ #arbitrary but good enough... all we need is *some* per-site random padding
+ my @pw_set = ( 'a'..'z', 'A'..'Z', '0'..'9', '(', ')', '#', '.', ',' );
+
+ $conf->set('banned_pay-pad',
+ join('', map($pw_set[ int(rand($#pw_set)) ], (0..15) ) )
+ );
+
+}
+