[zeromq-dev] zeromq and crypto?

Martin Sustrik sustrik at 250bpm.com
Sat Aug 21 07:59:10 CEST 2010


Benjamin,

> Is there a recommended way to secure the underlying zeromq
> communication with crypto?
>
> Given a N:M publishers and subscribers,
>
> 1. Should apps establish connections point to point between each N and
> M using something like stunnel, which zeromq can then use the tcp
> transport over?

In most cases it's better to add a central node to the topology. So that 
subscribers don't have to know about publishers or vice versa.

> 2. Is vpn a better idea? (I guess this only really works if a customer
> is able to do this).

Secure tunnel as well as VPN are OK as far as I can tell.

> 3. Should apps, instead, use crypto libraries to secure the zeromq message body?

Yes. End-to-end encryption allows for untrusted middle nodes.

It would also make sense to create an ecryption wrapper library on top 
of 0MQ.

> 4. Is there a zeromq transport in the works, ie tcps, for secure connections?
> s.connect("tcps://example.com:5555")

No. It isn't.

> Has anyone tried any of the above? I'd love to hear your experiences,
> and any issues with stability and/or performance.

Martin



More information about the zeromq-dev mailing list