[zeromq-dev] Proposal for ZeroMQ certificate format

Pieter Hintjens ph at imatix.com
Thu Oct 17 21:40:01 CEST 2013


On Thu, Oct 17, 2013 at 7:33 PM, Tony Arcieri <bascule at gmail.com> wrote:

> Nice, glad we're clear now ;)

We're not quite finished. There's a confusion (also for me) between
the public key used for encrypting the certificate content, and the
public key provided in the content itself.

These are two separate layers (if you look at my proposal). There's an
opaque content, which may be a public key. Then there's encrypting
that for the recipient, which we'd do using Curve25519 and Box
[content](sender->recipient). It means the sender and recipient may
have Curve25519 public keys explicitly for sending and receiving
certificates. They might use their CurveZMQ keys. Or not.

Thus the CurveZMQ key can be kept secret.

And we can do verification using a 32-byte value, which is still large
but doable.

-Pieter



More information about the zeromq-dev mailing list