[zeromq-dev] ZeroMQ Curve Publish Subscribe

LENFERINK Roy roy.lenferink at nl.thalesgroup.com
Fri Oct 14 11:11:03 CEST 2016

Hi Alex,

Thanks for your answer and explanation. It is now a bit more clear.
I also gave a look on the blogs of Pieter and this private / public key system is for authenticating the subscribers and after you are authenticated some short-term keys are exchanged.
So what I did, I created a .curve directory on my publisher with the public key of the subscriber, and only the subscriber has the private key (and keeps it private).
So now only the subscriber can connect to the socket of the publisher. And then they are securely exchanging the data which will be send between publisher and subscriber.



-----Original Message-----
From: zeromq-dev [mailto:zeromq-dev-bounces at lists.zeromq.org] On Behalf Of alex.
Sent: Thursday, 13 October, 2016 17:00
To: zeromq-dev at lists.zeromq.org
Subject: Re: [zeromq-dev] ZeroMQ Curve Publish Subscribe

Hi Roy,

it seems you are convoluting how ZeroMQ and CurveMQ work. ZMQ simply abstracts how clients talk over a network. Pub-Sub is a fine example of that since you, as a developer can write programs where clients can fan-out messages, i.e. from one node to many others in one direction.
This does not mean, however, that this is what actually happens. In fact, ZMQ opens as many (bidirectional) TCP connections between the publisher and all the subscribers and sends pretty much the same message from the publisher to all the subscribers, each in its own connection.

What this means for encryption is that the high-level message you send is actually encrypted with the public key of each subscriber and then sent individually. In fact, a single subscriber could never decrypt a message that was sent to another subscriber.

TL;DR it just _seems_ as though the publisher is "encrypting" the message once with his private key, but in fact the message is encrypted as many times as there are subscribers.



If you are not the intended recipient of this email, please notify the sender and
delete it.
Any unauthorized copying, disclosure or distribution of this email or its
attachment(s) is forbidden.
Thales Nederland BV will not accept liability for any damage caused by this email or
its attachment(s).
Thales Nederland BV is seated in Hengelo and is registered at the Chamber of
Commerce under number 06061578.

More information about the zeromq-dev mailing list