[zeromq-dev] Defaulting to tweetnacl?

frank soundart at gmx.net
Mon Mar 7 09:18:30 CET 2016

On 03/02/2016 04:57 PM, frank wrote:
> Hi,
> :)
> I could try/start at least, could you point me to a good place in the wiki?
> This place http://zeromq.org/build:_start looks promising?


I have now done a first attempt.
Hopefully this is not too long and helps.

kind regards

# Overview

The ZeroMQ library uses a slightly modified CURVE protocoll in order
to secure your messages against manipulation and eaves-dropping.

See https://curvecp.org/ and http://hintjens.com/blog:48 for detailed

# Building ZeroMQ with encryption support

The code in ZeroMQ implementing the CURVE protocol utilizes crypto
primitives from the NaCL library, see https://nacl.cr.yp.to/ for
detailed background.

However ZeroMQ does not use NaCL itself currently. The reason for this
is that the build system of NaCL assumes that the machine building the
code will be the machine running the code. NaCL targets for maximal
performance at the cost of portability of the binary code.

Luckily there exist two libraries providing an API compatible to
NaCL(at least for the subset ZeroMQ uses):

- libsodium: see https://libsodium.org/ by Frank Denis(and others)
- tweetnacl: see https://tweetnacl.cr.yp.to/ by the authors of NaCL:
  DJB, Lange, Schwab(and others)

ZeroMQ supports building with each of these two libraries. By
default(*) it will uses tweetnacl, a copy of the required sources is
embedded in the git repo.

(*) this might currently not be true for all build systems, but this
behaviour is the intention.  Please submit PRs and pull requests for
the non-behaving ones.

If you enable libsodium the embedded files will not be used and
instead the resulting library of ZeroMQ will be linked against
the shared libsodium library.

## Choosing between libsodium and tweetnacl

So now you have the choice between two implementation, here is a
recommendation how to choose, based on a single critria:

If you plan to distribute your code in binary form: Use libsodium.

Motivation: It is easier to provide security updates if the security
library is separated from other libraries.

The embedded copy of tweetnacl is provided in order to support for
minimum hassle prototyping and to provide security by default if you
build from source.

## howto enable building with libsodium

### autoconf

- add the --with-libsodium switch to the configure script

### cmake

- add the -DWITH_LIBSODIUM=ON switch to the cmake call.

### builds/msvc/configure.bat

Place libsodium at this location ..\..\..\libsodium and run

### others


More information about the zeromq-dev mailing list