[zeromq-dev] Using CurveZMQ to secure multiple sockets?

Mark Gillott mgillott at Brocade.com
Wed Oct 5 17:15:29 CEST 2016


On Wed, 2016-10-05 at 14:56 +0100, Luca Boccassi wrote:
> zauth and zcert can work with any socket and are the correct choice.
> Curvezmq was a proof of concept (and made to bring auth for the legacy
> libraries) and should not be used with libzmq/czmq as there's built in
> support.
> 

OK so authentication/encryption needs to be (separately) applied to
every socket. And if some other part of the system springs up a socket
between client & server for its own use, it has to remember to build in
the zauth/zcert calls.

Mark

> On 5 October 2016 at 09:27, Mark Gillott <mgillott at brocade.com> wrote:
> > Suppose we have a server and one or more client applications that
> > communicate using a number of 0MQ sockets; a ROUTER-DEALER, a PUB-SUB
> > and a REP-REQ.
> >
> > Is it possible to use CurveZMQ to secure all of these connections? Using
> > the various zactor, zcert & zsock_set_curve functions I can secure the
> > ROUTER-DEALER connections. But what about the other two?
> >
> > What I really want is to be able to do is secure the lower layer
> > transport such that *any* 0MQ socket between client & server is always
> > secure. From the curvezmq.org page:
> >
> >         To secure a single hop between client and server, which is the
> >         CurveCP use case. For this use case we would embed CurveZMQ in
> >         the transport layer so that it can work for all patterns
> >         (publish-subscribe, pipeline, and so on).
> >
> > Yet I can't find any example. The examples I've seen secure a single
> > socket. Have I misunderstood? Can I build a CurveZMQ-based "pipe" over
> > which other 0MQ sockets can operate?
> >
> > Thanks,
> >
> > Mark
> > _______________________________________________
> > zeromq-dev mailing list
> > zeromq-dev at lists.zeromq.org
> > https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.zeromq.org_mailman_listinfo_zeromq-2Ddev&d=DQIGaQ&c=IL_XqQWOjubgfqINi2jTzg&r=jvQi-CKjLvh8eMz9WSgpXPemqlgP9vG7H0zwS3acfHk&m=gOqAiEHvYlTrTLGnWRWdFSR9dHwNTwB_wmYvb_WDKxM&s=oBgMsrha1azZ7qDvJEl-ki-0QCyO_C1hOC4Q-tDf5Q0&e= 
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.zeromq.org_mailman_listinfo_zeromq-2Ddev&d=DQIGaQ&c=IL_XqQWOjubgfqINi2jTzg&r=jvQi-CKjLvh8eMz9WSgpXPemqlgP9vG7H0zwS3acfHk&m=gOqAiEHvYlTrTLGnWRWdFSR9dHwNTwB_wmYvb_WDKxM&s=oBgMsrha1azZ7qDvJEl-ki-0QCyO_C1hOC4Q-tDf5Q0&e= 



More information about the zeromq-dev mailing list