[zeromq-dev] Using CurveZMQ to secure multiple sockets?

Manuel Amador (Rudd-O) rudd-o at rudd-o.com
Wed Oct 5 13:36:43 CEST 2016


On 10/05/2016 08:27 AM, Mark Gillott wrote:
> Suppose we have a server and one or more client applications that
> communicate using a number of 0MQ sockets; a ROUTER-DEALER, a PUB-SUB
> and a REP-REQ.
>
> Is it possible to use CurveZMQ to secure all of these connections? Using
> the various zactor, zcert & zsock_set_curve functions I can secure the
> ROUTER-DEALER connections. But what about the other two?
>
> What I really want is to be able to do is secure the lower layer
> transport such that *any* 0MQ socket between client & server is always
> secure. From the curvezmq.org page:
>
>         To secure a single hop between client and server, which is the
>         CurveCP use case. For this use case we would embed CurveZMQ in
>         the transport layer so that it can work for all patterns
>         (publish-subscribe, pipeline, and so on).

Yes, CurveZMQ will do that work for you.  The protocol is such that
application layer communications may only happen after the handshake has
been successful.

If you prefer to use Go and not depend on ZMQ, there's curvetls at
https://github.com/Rudd-O/curvetls — it implements the CurveZMQ
protocol, but it's strictly point-to-point.


-- 
    Rudd-O
    http://rudd-o.com/


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20161005/7058d478/attachment.sig>


More information about the zeromq-dev mailing list