Generating OpenVPN static keys in memory?

Question

I know I can generate an OpenVPN static key by 'openvpn --genkey --secret myfile.key'. In python, I am currently using a shell call to generate a key, open the 'myfile.key' and read it back in. It would be much cleaner if I could do it without the shell call.

Does anyone know what type of key is generated with the --genkey command, or a way to generate the key directly in Python?

score 1 · Accepted Answer · answered Dec 06 '10 at 03:30

1

Unfortunately, OpenVPN doesn't currently provide Python APIs. However, one way to (slightly) clean up your script would be to have it generate the key directly to stdout, and then use the stdout returned by Popen.

openvpn --genkey --secret /dev/stdout

I.e.,

from subprocess import Popen, PIPE

proc = Popen("openvpn --genkey --secret /dev/stdout", shell=True, stdout=PIPE)
(stdout, stderr) = proc.communicate()

As far as I know, even though the keys are generated using the TLS PRF function, there's no "other" way to generate the keys.

answered Dec 06 '10 at 03:30

Andrew M.

11,182
2
35
29

*facepalm* Why didn't I think of writing to /dev/stdout? Thanks! – Aaron C. de Bruyn Dec 06 '10 at 04:51
Not a problem; happy to help! – Andrew M. Dec 06 '10 at 13:16

Generating OpenVPN static keys in memory?

1 Answers1