[zeromq-dev] Titanic SP with encrypted data transfer

Justin Karneges justin at affinix.com
Fri Dec 14 01:10:08 CET 2012


On Friday, December 14, 2012 12:23:19 AM Pieter Hintjens wrote:
> On Thu, Dec 13, 2012 at 11:42 PM, Jovan Kostovski <chombium at gmail.com> 
wrote:
> > I know that ZeroMQ supports TLS
> > shared keys encryption...
> 
> It doesn't, yet, unfortunately.
> 
> If you need encryption, you will need to either do it at a lower layer
> (VPN), which is usually quite nasty, or else modify the TSP protocol
> to do encryption using something like SASL, which is also nasty.
> 
> You can also encrypt per message, using pre-shared keys, which is the
> least nasty option IMO.

Another idea is to gateway through a secure protocol such as HTTPS or XMPP 
when crossing hostile networks. This isn't really a ZeroMQ solution, but if 
the majority of your sockets aren't at risk and you're just trying to protect 
a couple of them that go over the internet, it's probably the best choice in 
terms of secureness vs nastiness. :) It is, however, quite some extra coding.

Justin



More information about the zeromq-dev mailing list