equal
deleted
inserted
replaced
9 translator = ''.join([(lambda c: '#' if c in '\0\n\r' else c)(chr(i)) for i in xrange(256)]) |
9 translator = ''.join([(lambda c: '#' if c in '\0\n\r' else c)(chr(i)) for i in xrange(256)]) |
10 |
10 |
11 _PSKpath = None |
11 _PSKpath = None |
12 |
12 |
13 def PSKgen(ID, PSKpath): |
13 def PSKgen(ID, PSKpath): |
14 secret = os.urandom(256) # 2048 bits is still safe nowadays |
|
15 |
14 |
16 # following makes 512 length string, rejected by stunnel |
15 # 236 bytes is empirical maximum when using : |
17 # using binascii hexlify loses 50% entropy |
16 # - stunnel 5.36 on server with openssl 1.0.2k |
18 # secretstring = hexlify(secret) |
17 # - python-sslpsk 1.0.0 on client with openssl 1.0.2k |
|
18 secret = os.urandom(236) |
19 |
19 |
20 secretstring = secret.translate(translator) |
20 secretstring = secret.translate(translator) |
21 PSKstring = ID+":"+secretstring |
21 PSKstring = ID+":"+secretstring |
22 with open(PSKpath, 'w') as f: |
22 with open(PSKpath, 'w') as f: |
23 f.write(PSKstring) |
23 f.write(PSKstring) |