{"id":6816,"library":"pysnmpcrypto","title":"PySNMP Crypto Extensions","description":"pysnmpcrypto provides strong cryptographic support for the PySNMP library, enhancing security for SNMPv3 operations. It integrates seamlessly with PySNMP's security framework by leveraging PyCryptodome. The current version is 0.1.0, with releases typically tied to updates in its core dependencies, PySNMP and PyCryptodome.","status":"active","version":"0.1.0","language":"en","source_language":"en","source_url":"https://github.com/lextudio/pysnmpcrypto","tags":["SNMP","cryptography","pysnmp","security","snmpv3","pycryptodome"],"install":[{"cmd":"pip install pysnmpcrypto","lang":"bash","label":"Install core library"}],"dependencies":[{"reason":"Core SNMP library it extends; required for all functionality. Requires version >= 4.4.0.","package":"pysnmp","optional":false},{"reason":"Underlying cryptographic implementation; provides the strong algorithms.","package":"pycryptodome","optional":false}],"imports":[{"note":"Importing this module registers strong cryptographic algorithms (e.g., SHA512, AES256) with the PySNMP engine, making them available for SNMPv3 operations. There isn't a primary class or function to directly import and instantiate; its effect is through registration.","symbol":"Side-effect import","correct":"import pysnmpcrypto.hl.api"}],"quickstart":{"code":"from pysnmp.hlapi import *\nimport pysnmpcrypto.hl.api # This import enables strong crypto support\n\n# 1. SNMP Engine and User Definition\nsnmp_engine = SnmpEngine()\n\n# Define an SNMPv3 user with strong authentication (SHA512) and privacy (AES256).\n# These protocols are enabled by 'pysnmpcrypto'.\n# In a real scenario, 'authKey' and 'privKey' should be strong, unique values.\nauth_key = b'myAuthPassword123'\npriv_key = b'myPrivPassword456'\n\nuser_data = UsmUserData(\n    userName='testUser',\n    authKey=auth_key,\n    privKey=priv_key,\n    authProtocol=usmHMACSHA512AuthProtocol, # Requires pysnmpcrypto\n    privProtocol=usmAES256PrivProtocol      # Requires pysnmpcrypto\n)\n\n# 2. Target Agent Definition (using a public test server for demonstration)\n# Note: 'testUser' must be configured on the target agent with matching keys/protocols.\ntarget = UdpTransportTarget(('demo.snmplabs.com', 161), timeout=1, retries=0)\n\n# 3. Context Data\ncontext = ContextData()\n\n# 4. Object to query (e.g., sysDescr.0)\noid = ObjectType(ObjectIdentity('SNMPv2-MIB', 'sysDescr', 0))\n\n# 5. Perform the SNMP GET operation\nprint(f\"Attempting to query {oid} using SNMPv3 with SHA512/AES256 (requires pysnmpcrypto)...\")\nerror_indication, error_status, error_index, var_binds = next(\n    getCmd(snmp_engine, user_data, target, context, oid)\n)\n\n# 6. Process the response\nif error_indication:\n    print(f\"Error: {error_indication}\")\nelif error_status:\n    print(f\"Error: {error_status.prettyPrint()} at {error_index and var_binds[int(error_index) - 1][0] or '?'}\")\nelse:\n    for var_bind in var_binds:\n        print(f\"{var_bind.prettyPrint()}\")\n\n# The key takeaway is that usmHMACSHA512AuthProtocol and usmAES256PrivProtocol\n# become available for use after 'import pysnmpcrypto.hl.api'.\n# A successful connection depends on the target agent supporting the user and protocols.","lang":"python","description":"This quickstart demonstrates how to enable and use strong cryptographic protocols (like SHA512 for authentication and AES256 for privacy) for SNMPv3 within PySNMP by simply importing `pysnmpcrypto.hl.api`. It sets up an SNMPv3 user with these protocols and attempts to perform a GET operation against a public test agent. For this to fully succeed, the target agent must be configured with a matching user and supported security levels."},"warnings":[{"fix":"Ensure `pip install pysnmp>=4.4.0` is performed before or alongside `pysnmpcrypto`.","message":"pysnmpcrypto is an extension for PySNMP. It requires `pysnmp` to be installed and specifically requires PySNMP version `4.4.0` or higher to function correctly and provide access to the extended cryptographic algorithms.","severity":"gotcha","affected_versions":"< 0.1.0 (implicitly, based on PySNMP requirement)"},{"fix":"Install the underlying cryptography library: `pip install pycryptodome`.","message":"The library depends on `pycryptodome` for its cryptographic operations. If `pycryptodome` is not installed, pysnmpcrypto will not be able to provide the strong encryption algorithms, potentially leading to errors when attempting to use protocols like SHA512 or AES256.","severity":"gotcha","affected_versions":"All"},{"fix":"Ensure you are configuring your SNMP operations to use SNMPv3 and the appropriate `UsmUserData`.","message":"pysnmpcrypto primarily enhances SNMPv3 security. While PySNMP supports other SNMP versions, the strong authentication and privacy protocols provided by this library are specific to SNMPv3's User-based Security Model (USM).","severity":"gotcha","affected_versions":"All"},{"fix":"Use a Python environment within the `3.8 <= Python < 4.0` range.","message":"Python version compatibility: pysnmpcrypto requires Python `>=3.8` and `<4.0`. Ensure your environment matches this requirement, as PySNMP itself might have broader compatibility, but this extension is more specific.","severity":"gotcha","affected_versions":"All"},{"fix":"Refer to official release notes on the GitHub repository for migration guides when upgrading to new major versions.","message":"As a relatively new library (v0.1.0), future major versions might introduce breaking changes to how it integrates with PySNMP or to its exposed (albeit limited) API. Keep an eye on the GitHub repository for release notes.","severity":"breaking","affected_versions":"Future versions > 0.1.0"}],"env_vars":null,"last_verified":"2026-04-15T00:00:00.000Z","next_check":"2026-07-14T00:00:00.000Z","problems":[]}