How to specify auth/priv keys instead of pass phrases with PySNMP?

Question

I have the following successful net-snmp command:

snmpget -v3 -l authPriv -3k $auth_key -3K $priv_key -u $user udp6:$ip 1.3.6.1.2.1.1.1.0

I've been trying to replicate this in PySNMP, but it seems that the keys aren't being accepted. I get the sense that the UsmUserData class's authKey and privKey parameters are actually setting the auth and priv pass phrases, akin to net-snmp's -A and -X flags.

I've experimenting with modifying my keys, which are 32-character hex strings, using various functions in the binascii module, but that feels like barking up the wrong tree. My code already works with SNMPv2, but swapping out CommunityData for a UsmUserData is what creates problems.

from pysnmp.hlapi import *

IP = '::1/128'
OID = '1.3.6.1.2.1.1.1.0'
USER = 'my_user'
AUTH, PRIV = '', ''  # 32-character lowercase hex strings

error_indication, error_status, error_index, var_binds = next(
    getCmd(SnmpEngine(),
           UsmUserData(USER, authKey=AUTH, privKey=PRIV),
           Udp6TransportTarget((IP, 161)),
           ContextData(),
           ObjectType(ObjectIdentity(OID)))
)
print(error_indication)
print([x[1].prettyPrint() for x in var_binds])

Output:

Wrong SNMP PDU digest
[]

When I modify the command to do an SNMPv2 call with a CommunityData, I get the same results as with net-snmp. The actual output I'm getting is "Wrong SNMP PDU digest" and an empty var_binds. How can I get PySNMP to emulate the -3k and -3K flags?

Answer 1

The -3k and -3m options are not readily implemented in the contemporary pysnmp API.

However, pysnmp relies on the vanilla MIB objects for everything, including its own configuration. That means that if there is an object in SNMP-USER-BASED-SM-MIB (or any other MIB) holding the keys you need - that object can be easily accessed and modified.

If you want to pursue this idea, may be a GitHub issue would be a good place to deal with it...