[zeromq-dev] libcurve ws libzmq CURVE

Pieter Hintjens ph at imatix.com
Fri Sep 13 13:30:15 CEST 2013


Libzmq and libcurve were being written at the same time, so duplicate
all the code used to implement CurveZMQ. One is C++, one is C.

Libzmq assumes tcp:// as the transport and ties its CURVE security
into connection negotiation as required by the ZMTP protocol.

Libcurve's curve_codec class does not assume any specific transport
and could work over anything that provides an addressable transport
(so not PUB-SUB or PUSH-PULL, but ROUTER-DEALER, HTTP, even email.)

Libcurve's curve_client and curve_server classes are pseudo-sockets
that actually do full I/O over ZMQ. The use case for these is
end-to-end privacy across untrusted servers. I'll show this later with
examples but it's far beyond what anyone needs today.

So in conclusion:

* if you want CURVE security in normal ZMQ apps, use libzmq master
(and soon, 4.0)
* If you want to make CurveZMQ work across arbitrary other transports,
you may enjoy libcurve

And finally, there is scope for extracting the CURVE encoding/decoding
from libzmq and making a pure C codec that is used both in libzmq and
libcurve. If anyone feels like it...

-Pieter



On Fri, Sep 13, 2013 at 1:03 PM, Laurent Alebarde <l.alebarde at free.fr> wrote:
> Great article. Thank you Pieter.
>
> Could you please elaborate a little more onto libcurve and libzmq/CURVE
> "works at a different level" ? How do they compare exactly ?
>
> Cheers,
>
>
> Laurent.
>
>
> Le 13/09/2013 11:58, Pieter Hintjens a écrit :
>
> On Fri, Sep 13, 2013 at 11:02 AM, Laurent Alebarde <l.alebarde at free.fr>
> wrote:
>
> Shall I understand that CURVE in libzmq implements the same functionalities
> as libcurve, but in C++ and fully integrated to libzmq ? Do we inherit
> directly of all the available transports (DEALER/ROUTER, STREAM, REQ/REP,
> etc) ? And multi-clients management ?
>
> Yes, that's right. I'm writing this up, here's the latest article:
> http://hintjens.com/blog:48
>
> In multi-client, the server uses the same long term key-pair for all
> clients, and a dedicated short term key-pair for each socket initialisation
> ? In my understanding, but I have not yet reviewed the libzmq code, there is
> one codec per client, them one short term key-pair per client ?
>
> Yes, indeed.
>
> -Pieter
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>
>
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
>



More information about the zeromq-dev mailing list