|
|
@@ -0,0 +1,41 @@
|
|
|
+#!/usr/bin/env python
|
|
|
+
|
|
|
+"""
|
|
|
+Pure Python TSIG key generator, with multiple output formats.
|
|
|
+"""
|
|
|
+
|
|
|
+import os, base64, argparse
|
|
|
+
|
|
|
+bind9_template = '''
|
|
|
+key "{name}" {{
|
|
|
+ algorithm = {algorithm};
|
|
|
+ secret = "{secret}";
|
|
|
+}};
|
|
|
+'''
|
|
|
+
|
|
|
+nsd_template = '''
|
|
|
+key:
|
|
|
+ name: "{name}"
|
|
|
+ algorithm: {algorithm}
|
|
|
+ secret: "{secret}"
|
|
|
+'''
|
|
|
+
|
|
|
+ap = argparse.ArgumentParser(description = __doc__)
|
|
|
+ap.add_argument("-f", "--format", choices = ("bind9", "nsd"))
|
|
|
+ap.add_argument("dnsname")
|
|
|
+ap.add_argument("output", type = argparse.FileType("w"), nargs = "?", default = "-")
|
|
|
+args = ap.parse_args()
|
|
|
+
|
|
|
+# For the moment this only supports hmac-sha256
|
|
|
+
|
|
|
+params = dict(
|
|
|
+ name = args.dnsname,
|
|
|
+ algorithm = "hmac-sha256",
|
|
|
+ secret = base64.b64encode(os.urandom(256 // 8)).decode("ascii"),
|
|
|
+)
|
|
|
+
|
|
|
+if args.format is None or args.format == "bind9":
|
|
|
+ args.output.write(bind9_template.format(**params))
|
|
|
+
|
|
|
+if args.format is None or args.format == "nsd":
|
|
|
+ args.output.write(nsd_template.format(**params))
|
