[zeromq-dev] Any way to get key used for router connection

Charles West crwest at ncsu.edu
Mon Aug 17 05:43:55 CEST 2015


I'm building the second version of a open source differential GPS sharing
software (pylongps.com).  I've run into a bit of a snag though.

Does anyone know of a good way to get the key associated with a CURVE
router connection?  ZAP authentication can check if a key is on the
whitelist, but it doesn't appear to provide more than a go/no go.  I need
to be able to check the key associated with a specific ROUTER connection so
that I can limit what the owner of a particular connection key can do
(people with one key can't pretend to be someone else).

My original idea was to use the ZMQ_IDENTITY field to set the connection ID
to a superset of the connection key, then just have the ZAP handler verify
the connection ID contained the key at the beginning.  Further ID
processing would then be done via the connection ID at the router socket.
However, the ZMQ_IDENTITY set does not show up in the ZAP messages, so this
isn't possible.  Further reading of the mailing list indicates that the
ZMQ_IDENTITY isn't suppose to propagate like that anyway.

The brute force solution would be to force a authentication exchange using
a signing key and a nonce at the router (router sends nonce, client signs
or encrypts it and sends it back).  Thats basically doing a whole handshake
on top of the ZMQ_CURVE protocol, which seems rather overkill.

Does anyone know of a better approach?

Charlie West
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20150816/8926b130/attachment.htm>

More information about the zeromq-dev mailing list