[zeromq-dev] CZMQ a requirement for curve and ZeroMQ?

Fri Mar 24 13:01:13 CET 2017

On Fri, 2017-03-24 at 05:40 -0500, Brian Sellden wrote:
> Hello,
> 
> I've done some looking around on this and am just confused about what
> support there is for curve without using czmq.  Some references say
> that the
> support for reading/writing certs and such in the C++ ZeroMQ core is
> not
> that great so just use CZMQ.
> 
> So perhaps misguided, I attempted to load a secret key from a zcert_t
> and
> stuff it into a zmq::socket_t with setsockopt.  Doing so always
> throws an
> 'invalid argument' exception so I guess I just need some
> guidance.  Here's
> my code:
> 
>  
> 
> zmq::socket_t newSocket(zmq::context_t &context, int socketType,
> 
> const char* endpoint) {
> 
>                 // Create the socket
> 
>                 zmq::socket_t socket(context, socketType);
> 
>  
> 
>                 // Configure as a curve server, Stonehouse.
> 
>                 int server = 1;
> 
>                 socket.setsockopt(ZMQ_CURVE_SERVER, &server,
> sizeof(server));
> 
>                 std::cout << "Configured socket as curve server" <<
> std::endl;
> 
>  
> 
>                 // Read secret key and set on socket.
> 
>                 zcert_t* cert =
> zcert_load("certs/session_logging_daemon.txt_secret");
> 
>                 std::cout << "Loaded keyfile." << std::endl;
> 
>                 // const byte* secret = zcert_secret_key(cert);
> 
>                 const char* secret = zcert_secret_txt(cert);
> 
>                 std::cout << "Retrieved secret key of length " <<
> sizeof(secret)
> 
>                                                 << std::endl;
> 
>                 socket.setsockopt(ZMQ_CURVE_SECRETKEY, secret,
> sizeof(secret));
> 
>                 std::cout << "Added secret key to socket" <<
> std::endl;
> 
>                 zcert_destroy(&cert);
> 
>  
> 
> // Bind the socket
> 
>                 socket.bind(endpoint);
> 
>  
> 
>                 return socket;
> 
> }
> 
>  
> 
> And the output is:
> 
> Configured socket as curve server
> 
> Loaded keyfile.
> 
> Retrieved secret key of length 8
> 
> terminate called after throwing an instance of 'zmq::error_t'
> 
>   what():  Invalid argument
> 
>  
> 
> Thanks -
> 
>  
> 
> Brian.

Hi,

Curve can be used with just libzmq, see a working example in the unit
test:

https://github.com/zeromq/libzmq/blob/master/tests/test_security_curve.cpp

CZMQ will make your life easier with a higher level abstraction and
classes to manage certificates, see examples:

https://github.com/zeromq/czmq/tree/master/examples/security

Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20170324/fc85ab8b/attachment.sig>