[zeromq-dev] EncryptedSocket added to pyzmq in branch
Burak Arslan
burak.arslan at arskom.com.tr
Tue Nov 2 21:57:52 CET 2010
On 11/02/10 21:27, MinRK wrote:
> Is there a better model for hiding message data using an unmodified
> current release version of zeromq, which means that zmq_send and
> zmq_recv are black boxes, and are assumed to be operating on an
> untrusted network?
first, two warnings:
1) the zeromq-2.0.10 release is still remotely crashable, so you need a
trusted network. encryption does not make sense in a trusted network.
2) i have no idea about your environment, requirements and resources.
what i say may sound funny, may be too python-centric, or just the wrong
thing to do in your case.
if you consider key distribution solved, just use hmac + aes to
signcrypt the messages. pycrypto supports both.
if you also need to do key distribution, i'd try to work with a pgp
implementation first. gpgme and thus pyme is slow and difficult to
deploy, but you'd be safe.
also see the m2crypto page. it claims to have pgp support.
http://chandlerproject.org/Projects/MeTooCrypto. the library list there
is also interesting.
here's a relevant topic:
http://stackoverflow.com/questions/1020320/how-to-do-pgp-in-python-generate-keys-encrypt-decrypt
if those solutions are not efficient enough, you have many options.
simplest is poor man's pki:
generate a secret, hardcode it in your application and use it for
signcrypted key-exchange. you can do this with public key cryptography
if you know how it works. you can make it so everybody agrees on a
different key on first contact.
but try very hard to get pgp working before you try your own methods.
hth
burak
More information about the zeromq-dev
mailing list