[zeromq-dev] curvezmq ZAP zmq_msg_gets fields: is there a complete list & how to get the public key specifically
Pieter Hintjens
ph at imatix.com
Sun Jan 31 15:49:24 CET 2016
There are several independent protocols and APIs at work here.
First, CurveZMQ governs the handshake itself, and ZMTP wraps that in a
transport protocol as the CURVE mechanism. Then, ZAP connects an
external authenticator. There is *no* authenticator in libzmq so by
default, CURVE connections are refused. Then you have the per-message
properties, which the authenticator can set as it wishes. One of these
might be the public key. That would be the only way to access it.
User-Id is an example property, a field you might pull from a
certificate.
The most popular authenticator is czmq/zauth.c, which you can read. I
see a comment in that class:
// TODO: load metadata from certificate and return via ZAP response
So without digging deeper, I assume it's not returning any metadata.
The code predates the zmq_msg_gets () api and needs some love now.
If you really want to understand this flow (and it's not trivial,
sorry) then perhaps this is the place to start: bring zauth up to
scratch so it returns all metadata and the public key from the
certificate.
-Pieter
On Fri, Jan 29, 2016 at 2:23 PM, Jonas Thiem <jonasthiem at googlemail.com> wrote:
> Hi,
>
> I am trying to solve the following: using the standard CURVE mechanism
> for authentication, how can I get either the full public key or the
> fingerprint of the public key the client used to connect, from a
> received message frame from that respective client?
>
> zmq_msg_gets seems to retrieve all sorts of possibly useful fields set
> by the authenticator mechanism ("User-Id", ..). However, this just seems
> to be briefly mentioned at http://api.zeromq.org/4-2:zmq-msg-gets
> without a comprehensive list, and the only guide on Curve ZMQ I could
> find http://curvezmq.org/page:read-the-docs seems to be more of a
> specification of the raw protocol, not the api of the zmq default
> implementation.
>
> In addition, "User-Id" specifically just seems to contain "user" (as an
> actual string) for my test, which doesn't really seem to be useful
> information(?).
>
> Therefore, I wondered whether there is:
>
> 1. a complete list/documentation of all fields set by the curve ZAP
> mechanism as provided in the standard implementation (like "User-Id" and
> others)
>
> 2. a specific field or some other helper function that allows me to
> obtain the respective public key of a message frame
>
> Sorry if I missed some obvious guide that contains all this info, please
> feel free to link if there is one!
>
> Regards,
> Jonas Thiem
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
More information about the zeromq-dev
mailing list