From 176b5c9b46c15d5d15e1de6a9d58d49609c51c8a Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Wed, 25 Dec 2019 17:19:17 -0500 Subject: Archive development backups --- tsig-keygen.py | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) (limited to 'tsig-keygen.py') diff --git a/tsig-keygen.py b/tsig-keygen.py index cfa653f..311141a 100644 --- a/tsig-keygen.py +++ b/tsig-keygen.py @@ -6,10 +6,12 @@ Pure Python TSIG key generator, with multiple output formats. import os, base64, argparse +algorithm_bits = dict(("hmac-sha{}".format(bits), bits // 8) for bits in (256, 384, 512)) + bind9_template = ''' -key "{name}" {{ - algorithm = {algorithm}; - secret = "{secret}"; +key {name} {{ + algorithm {algorithm}; + secret "{secret}"; }}; ''' @@ -21,17 +23,23 @@ key: ''' ap = argparse.ArgumentParser(description = __doc__) -ap.add_argument("-f", "--format", choices = ("bind9", "nsd")) -ap.add_argument("dnsname") -ap.add_argument("output", type = argparse.FileType("w"), nargs = "?", default = "-") +ap.add_argument("-a", "--algorithm", + choices = tuple(sorted(algorithm_bits)), + default = sorted(algorithm_bits)[0]) +ap.add_argument("-f", "--format", + choices = ("bind9", "nsd")) +ap.add_argument("-n", "--name", + default = "tsig.example.org") +ap.add_argument("-o", "--output", + default = "-", type = argparse.FileType("w")) +ap.add_argument("-s", "--servers", nargs = "+") +ap.add_argument("-z", "--zones", nargs = "+") args = ap.parse_args() -# For the moment this only supports hmac-sha256 - params = dict( - name = args.dnsname, - algorithm = "hmac-sha256", - secret = base64.b64encode(os.urandom(256 // 8)).decode("ascii"), + name = args.name, + algorithm = args.algorithm, + secret = base64.b64encode(os.urandom(algorithm_bits[args.algorithm])).decode("ascii"), ) if args.format is None or args.format == "bind9": -- cgit v1.2.3