Generates SNMPv3 hashes as described in rfc3414 suitable for use with ESXi and other SNMP daemons
Project description
A script to generate SNMPv3 keys as detailed by rfc3414 (passphrases expanded with a kdf, then hashed with the engine id). All key generation is done using the new cryptographically secure secrets library.
As I wrote this with ESXi in mind, it also emits a string suitable for configuring the SNMP daemon via esxcli/PowerCLI, but the hashes are standard and compatible with other SNMPv3 implementations.
With no arguments, it will generate an authentication and privacy passphrase with associated random engine ID in text form. --json will format the output as json.
The script is fully idempotent; if you take the parameters it generates randomly and re-enter them, you will get the same output a second time.
Dependencies
Runtime: Python 3.6 or greater.
Sample Output
Standard
User: observium Auth: gaYA82XVtNaf3WLwRgoIs544ghP6f80S / f78359764ca382922fa382cf884e588031de575a Priv: H5XEtRpxXVaGzXU5i2rFwPnYGr8SEzTp / 31a001a56a225fdfc1916bd60190405a1aa22ff0 Engine: 7ae1b0ff0aa2f3950566d3de2274d05a ESXi USM String: observium/f78359764ca382922fa382cf884e588031de575a/31a001a56a225fdfc1916bd60190405a1aa22ff0/authpriv
JSON
{
"user": "observium",
"engine": "b2a50167b7c8512ddfc9d5765a3490af",
"phrases": {
"auth": "71rOhjfj6QVSy2mw5tBo7PueZ8KWSv60",
"priv": "xwsvzht8NEcuwAlEpUKzMxKFWeH72sK9"
},
"hashes": {
"auth": "fa0d5249293404502f9953b9514d0636a96c2cbc",
"priv": "cccbdcfa603817df340514ecc22dfae8c4c412e8"
},
"esxi": "observium/fa0d5249293404502f9953b9514d0636a96c2cbc/cccbdcfa603817df340514ecc22dfae8c4c412e8/authpriv"}
If a YAML or TOML library is installed, you also use the --yaml and --toml arguments respectively.
It should go without saying, but DO NOT use the engine id or passphrases in the samples.
Usage
usage: snmpv3-hashgen [-h] [--auth AUTH] [--priv PRIV] [--engine ENGINE] [--user USER] [--mode {auth,priv,none}] [--hash {md5,sha1,sha224,sha256,sha384,sha512}] [--json | --yaml | --toml]
Convert an SNMPv3 auth or priv passphrase to hashes.
optional arguments:
-h, --help show this help message and exit
--auth AUTH Authentication passphrase to be derived as utf8 string
--priv PRIV Privacy passphrase to be derived as utf8 string
--engine ENGINE Engine ID as hex string
--user USER SNMPv3 USM username (default "librenms")
--mode {auth,priv,none}
SNMPv3 mode (default "priv")
--hash {md5,sha1,sha224,sha256,sha384,sha512}
Hash algorithm to use (default "sha1")
--json Emit output as json
--yaml Emit output as yaml
--toml Emit output as toml
RFC 7630 defines no test data for sha[2-9]{3} - these should be considered experimental.
Report bugs at https://github.com/TheMysteriousX/SNMPv3-Hash-Generator/issues
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for SNMPv3 Hash Generator-0.4.1.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 93bdb06f297a26fcfe760ea22826226c2abbbe7c7d1226816a3d7265739fc63e |
|
| MD5 | c10f85d9d6b90f11b0a1a00f657ecea6 |
|
| BLAKE2b-256 | 58944f9f891ba7701cd695712188e4b9c53d415cbd7c7a1697460ea8b7265222 |
Hashes for SNMPv3_Hash_Generator-0.4.1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 7ac6c11afdc93fce87daf73df9f92beb08fd17714dc9fd6740789bc1b92fe6c6 |
|
| MD5 | be7d899dfea5fa5b9de0dd2536213468 |
|
| BLAKE2b-256 | 08cf2732225a5d6b828902294f7a20ffce66923026904df823e8eb04e7b618c7 |
