[zeromq-dev] Just a simple quick question about ZeroMQ security.

Goswin von Brederlow goswin-v-b at web.de
Tue Feb 25 09:53:24 CET 2014


On Tue, Feb 25, 2014 at 06:28:41AM +0900, crocket wrote:
> As far as I know, there are 3 security mechanisms.
> 
> 1) public/private key pair
> 2) password
> 3) NULL
> 
> A key pair might be easy for non-technical people to use if we provide
> easy-to-use softwares.
> We generate key pairs and inform people that we have generated key
> pairs for them.
> They'll use public key as their ID on the internet. However, I don't
> know whether it'll work out well.
> 
> A password? I'm not sure how secure it'll be. People often use plain passwords.
> 
> Has anyone found a way to make ZeroMQ security easy for your grandma?

Obviously NULL is pointless. But so is password. A password can be
captured and reused so anyone can simply steal your account. So that
leaves public/private key pair.

The way CURVE works in ZMQ you have to know the public key of the
server before connecting. That garanties that you are talking to the
right peer and nobody else can read what you are saying.

The client can generate its own key pair yourself on the fly and
connect to the server. This tells the server the public key of the
client and it can then do some "create user" dance. E.g. request a
username, email and other infos from the client and then send a random
token to the user email address, the user enters the token in the
client and the client then confirms the "create user" with that token.
Voila, user created. The server then stores the clients public key and
user infos for future reference.

Or you can generate the key pair on the server side, better a
certificate (which is just a nice packaging). Add the servers public
key in the meta information of the certificate and send this to the
user in some safe way, e.g. put it on an USB stick and hand deliver.
:) The client then takes the certificate and extracts the server
public key as well as its own key pair from it. And you are all set.


What remains are the security concerns for the clients private key (or
the certificate as whole). If anyone manages to steal that the account
is compromised. If $HOME is on NFS for example that is trivial.

So I suggest not storing the certificate in plain text. Put it into a
password safe or encrypt it with a password (which you don't store).
This would be completly client side so the pasword is never
transmitted over the internet.

MfG
	Goswin



More information about the zeromq-dev mailing list