[zeromq-dev] Defaulting to tweetnacl?

Pieter Hintjens ph at imatix.com
Mon Mar 7 10:02:43 CET 2016


This looks great. See if you can create a page on the wiki... I'm not
sure whether you get edit rights immediately.

On Mon, Mar 7, 2016 at 10:18 AM, frank <soundart at gmx.net> wrote:
>
>
> On 03/02/2016 04:57 PM, frank wrote:
>> Hi,
>>
>> :)
>>
>> I could try/start at least, could you point me to a good place in the wiki?
>> This place http://zeromq.org/build:_start looks promising?
>>
>
> Hi,
>
> I have now done a first attempt.
> Hopefully this is not too long and helps.
>
> kind regards
>   Frank
>
>
> ---------------------------------------------------------------------------------------
> # Overview
>
> The ZeroMQ library uses a slightly modified CURVE protocoll in order
> to secure your messages against manipulation and eaves-dropping.
>
> See https://curvecp.org/ and http://hintjens.com/blog:48 for detailed
> background.
>
> # Building ZeroMQ with encryption support
>
> The code in ZeroMQ implementing the CURVE protocol utilizes crypto
> primitives from the NaCL library, see https://nacl.cr.yp.to/ for
> detailed background.
>
> However ZeroMQ does not use NaCL itself currently. The reason for this
> is that the build system of NaCL assumes that the machine building the
> code will be the machine running the code. NaCL targets for maximal
> performance at the cost of portability of the binary code.
>
> Luckily there exist two libraries providing an API compatible to
> NaCL(at least for the subset ZeroMQ uses):
>
> - libsodium: see https://libsodium.org/ by Frank Denis(and others)
> - tweetnacl: see https://tweetnacl.cr.yp.to/ by the authors of NaCL:
>   DJB, Lange, Schwab(and others)
>
> ZeroMQ supports building with each of these two libraries. By
> default(*) it will uses tweetnacl, a copy of the required sources is
> embedded in the git repo.
>
> (*) this might currently not be true for all build systems, but this
> behaviour is the intention.  Please submit PRs and pull requests for
> the non-behaving ones.
>
> If you enable libsodium the embedded files will not be used and
> instead the resulting library of ZeroMQ will be linked against
> the shared libsodium library.
>
> ## Choosing between libsodium and tweetnacl
>
> So now you have the choice between two implementation, here is a
> recommendation how to choose, based on a single critria:
>
> If you plan to distribute your code in binary form: Use libsodium.
>
> Motivation: It is easier to provide security updates if the security
> library is separated from other libraries.
>
> The embedded copy of tweetnacl is provided in order to support for
> minimum hassle prototyping and to provide security by default if you
> build from source.
>
> ## howto enable building with libsodium
>
> ### autoconf
>
> - add the --with-libsodium switch to the configure script
>
> ### cmake
>
> - add the -DWITH_LIBSODIUM=ON switch to the cmake call.
>
> ### builds/msvc/configure.bat
>
> Place libsodium at this location ..\..\..\libsodium and run
> configure.bat
>
> ### others
>
> ...
>
>
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev



More information about the zeromq-dev mailing list