[zeromq-dev] Using other kinds of certificates with CurveZMQ

Pieter Hintjens ph at imatix.com
Fri Oct 4 00:46:06 CEST 2013


On Fri, Oct 4, 2013 at 12:34 AM, Steve Carney <carney at yahoo-inc.com> wrote:

> I have an infrastructure with existing certificates that is not ready to
> move to CurveCP yet.    Does CurveZMQ have an underlying framework (due
> using SASL) that I could use to implement SSL authentication (with and
> without encryption)?

No, CurveZMQ has its own properties. I've described this superficially
here: http://hintjens.com/blog:48

> I also have simple proprietary certificates that I’d like to support as part
> of establishing a client-server connection.  A simple cleartext key exchange
> would be sufficient.  Could CurveZMQ be leveraged for this as well?

Not directly... The keys that CurveZMQ uses are specific to the
elliptic curve cryptography used.  However you could use your existing
certificates and some (non-ZeroMQ) transport to exchange CurveZMQ
certificates.

-Pieter



More information about the zeromq-dev mailing list