#!/usr/bin/env python """ Pure Python TSIG key generator, with multiple output formats. """ import os, base64, argparse bind9_template = ''' key "{name}" {{ algorithm = {algorithm}; secret = "{secret}"; }}; ''' nsd_template = ''' key: name: "{name}" algorithm: {algorithm} secret: "{secret}" ''' ap = argparse.ArgumentParser(description = __doc__) ap.add_argument("-f", "--format", choices = ("bind9", "nsd")) ap.add_argument("dnsname") ap.add_argument("output", type = argparse.FileType("w"), nargs = "?", default = "-") args = ap.parse_args() # For the moment this only supports hmac-sha256 params = dict( name = args.dnsname, algorithm = "hmac-sha256", secret = base64.b64encode(os.urandom(256 // 8)).decode("ascii"), ) if args.format is None or args.format == "bind9": args.output.write(bind9_template.format(**params)) if args.format is None or args.format == "nsd": args.output.write(nsd_template.format(**params))