TechQA.

pysnmp: For SNMP V3 trap decryption, getting error: "Ciphering services not available or ciphertext is broken"

171 views Asked by At

Trap messages are received and decoded properly, when collected using tcpdump and viewed in wireshark.

But with pysnmp lib, getting the below error:

2023-04-11 11:55:54,792 pysnmp: processIncomingMsg: scopedPDU decoder failed <class 'pyasn1.error.SubstrateUnderrunError'> 2023-04-11 11:55:54,792 pysnmp: StatusInformation: {'errorIndication': DecryptionError('Ciphering services not available or ciphertext is broken'), 'msgUserName': <OctetString value object, tagSet <TagSet object, tags 0:0:4>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 0, 32>>, encoding iso-8859-1, payload [user1]>} 2023-04-11 11:55:54,792 pysnmp: prepareDataElements: SM failed, statusInformation {'errorIndication': DecryptionError('Ciphering services not available or ciphertext is broken'), 'msgUserName': <OctetString value object, tagSet <TagSet object, tags 0:0:4>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 0, 32>>, encoding iso-8859-1, payload [user1]>}

Package Version

bcrypt 3.2.0 certifi 2022.12.7 cffi 1.14.4 cryptography 38.0.1 netmiko 3.2.0 paramiko 2.7.2 pip 23.0.1 ply 3.11 pyasn1 0.4.8 pycparser 2.20 pycrypto 2.6.1 pycryptodomex 3.15.0 pylzma 0.5.0 PyNaCl 1.4.0 pyOpenSSL 22.1.0 pyserial 3.5 pysmi 0.3.4 pysnmp 4.4.12 PySocks 1.7.1 python-dateutil 2.8.1 pytz 2020.4 pyvmomi 8.0.0.1.2 PyYAML 5.3.1

I tried the solution provided in all the below links, still the issue is not resulved:

  1. "Ciphering services not available" error with SNMP V3 usage of pysnmp in python v3 virtual environment

  2. https://github.com/etingof/pysnmp/issues/285 (python -c 'from Cryptodome.Cipher import AES')

  3. https://sourceforge.net/p/pysnmp/discussion/46667/thread/623edabb/ (pycrypto was not there I installed and tried)

python encryption snmp pysnmp snmp-trap
Original Q&A
1

There are 1 answers

0
Lex Li On

SNMP v3 TRAP is a rather lengthy ceremony that

  • You need to set the proper engine ID when sending it out, like this
        snmpEngine = SnmpEngine(OctetString(hexValue="8000000001020304"))
        errorIndication, errorStatus, errorIndex, varBinds = await sendNotification(
            snmpEngine,
            UsmUserData("usr-md5-des", "authkey1", "privkey1"),
            UdpTransportTarget(("localhost", MANAGER_PORT)),
            ContextData(),
            "trap",
            NotificationType(ObjectIdentity("IF-MIB", "linkDown")),
        )

        snmpEngine.transportDispatcher.closeDispatcher()
  • You also need to register the same engine ID with the user, like this
    # user: usr-md5-des, auth: MD5, priv DES, securityEngineId: 8000000001020304
    # this USM entry is used for TRAP receiving purposes
    config.addV3User(
        snmpEngine,
        "usr-md5-des",
        config.usmHMACMD5AuthProtocol,
        "authkey1",
        config.usmDESPrivProtocol,
        "privkey1",
        securityEngineId=v2c.OctetString(hexValue="8000000001020304"),
    )

It simply won't work if you miss either.

Related Questions in PYTHON

Related Questions in ENCRYPTION

Related Questions in SNMP

Related Questions in PYSNMP

Related Questions in SNMP-TRAP

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions