[zeromq-dev] EncryptedSocket added to pyzmq in branch
Brian Granger
ellisonbg at gmail.com
Tue Nov 2 05:16:59 CET 2010
Hi,
There has been a lot of discussion about adding security features like
encryption to 0MQ. We have been talking/thinking about this some in
the Python bindings (pyzmq) because we are at the point where we are
deploying applications using 0MQ at the internet scale.
Just tonight, Min posted this branch:
http://github.com/minrk/pyzmq/commit/485b7d5f16d3344471fa0ce5479f634c8d7ac992
That adds an EncryptedSocket subclass to pyzmq. Here is the idea:
The EncryptedSocket subclass accepts a cipher argument to its
constructor. The cipher can be any Python object having an encrypt
and decypt method. This is the interface supported by PyCrypto
(http://www.dlitz.net/software/pycrypto/), but it is easy to wrap any
cipher in this interface.
The low level, send/recv methods of EncryptedSocket now simply call
cipher.encrypt(msg) and cipher.decrypt(msg) upon a send and receive.
This behavior can be disabled on a per message basis using keyword
arguments.
By using PyCrypto, you can easily select an appropriate cipher to use
in this manner. The result is that all messages are encrypted. It is
important to note that this is not in any way built in to 0MQ itself.
We are simply doing this on top of 0MQ. The means that many of the
things provided by SSL/TSL are not covered. But, we feel this is a
good start that also has the benefit that in a multi-hop 0MQ system,
you don't have to decrypt/reencrypt at each node. The performance
tests that Min has run show a performance penalty of 3-10x over the
unencrypted case.
We are not security experts and would love feedback on this design.
It is quite simple, but for many of us, security is the show stopper
with 0MQ. This at least gets us moving in the right direction.
Cheers,
Brian
--
Brian E. Granger, Ph.D.
Assistant Professor of Physics
Cal Poly State University, San Luis Obispo
bgranger at calpoly.edu
ellisonbg at gmail.com
More information about the zeromq-dev
mailing list