[zeromq-dev] CZMQ a requirement for curve and ZeroMQ?

Brian Sellden brian_ls2 at comcast.net
Fri Mar 24 14:00:01 CET 2017


Hi Luca,

Thanks very much for your response.  I had read that test, though, and find that it always generates keys on the fly to run the tests and never loads them from disk.  I'll need to read them from disk in the real world, of course.  I just can't find examples of doing that outside of CZMQ.  Perhaps curve was just never intended to be used directly in the ZeroMQ core?

Thanks again -

Brian.

-----Original Message-----
From: zeromq-dev [mailto:zeromq-dev-bounces at lists.zeromq.org] On Behalf Of Luca Boccassi
Sent: Friday, March 24, 2017 7:01 AM
To: ZeroMQ development list
Subject: Re: [zeromq-dev] CZMQ a requirement for curve and ZeroMQ?

On Fri, 2017-03-24 at 05:40 -0500, Brian Sellden wrote:
> Hello,
> 
> I've done some looking around on this and am just confused about what 
> support there is for curve without using czmq.  Some references say 
> that the support for reading/writing certs and such in the C++ ZeroMQ 
> core is not that great so just use CZMQ.
> 
> So perhaps misguided, I attempted to load a secret key from a zcert_t 
> and stuff it into a zmq::socket_t with setsockopt.  Doing so always 
> throws an 'invalid argument' exception so I guess I just need some 
> guidance.  Here's my code:
> 
>  
> 
> zmq::socket_t newSocket(zmq::context_t &context, int socketType,
> 
> const char* endpoint) {
> 
>                 // Create the socket
> 
>                 zmq::socket_t socket(context, socketType);
> 
>  
> 
>                 // Configure as a curve server, Stonehouse.
> 
>                 int server = 1;
> 
>                 socket.setsockopt(ZMQ_CURVE_SERVER, &server, 
> sizeof(server));
> 
>                 std::cout << "Configured socket as curve server" << 
> std::endl;
> 
>  
> 
>                 // Read secret key and set on socket.
> 
>                 zcert_t* cert =
> zcert_load("certs/session_logging_daemon.txt_secret");
> 
>                 std::cout << "Loaded keyfile." << std::endl;
> 
>                 // const byte* secret = zcert_secret_key(cert);
> 
>                 const char* secret = zcert_secret_txt(cert);
> 
>                 std::cout << "Retrieved secret key of length " <<
> sizeof(secret)
> 
>                                                 << std::endl;
> 
>                 socket.setsockopt(ZMQ_CURVE_SECRETKEY, secret, 
> sizeof(secret));
> 
>                 std::cout << "Added secret key to socket" << 
> std::endl;
> 
>                 zcert_destroy(&cert);
> 
>  
> 
> // Bind the socket
> 
>                 socket.bind(endpoint);
> 
>  
> 
>                 return socket;
> 
> }
> 
>  
> 
> And the output is:
> 
> Configured socket as curve server
> 
> Loaded keyfile.
> 
> Retrieved secret key of length 8
> 
> terminate called after throwing an instance of 'zmq::error_t'
> 
>   what():  Invalid argument
> 
>  
> 
> Thanks -
> 
>  
> 
> Brian.

Hi,

Curve can be used with just libzmq, see a working example in the unit
test:

https://github.com/zeromq/libzmq/blob/master/tests/test_security_curve.cpp

CZMQ will make your life easier with a higher level abstraction and classes to manage certificates, see examples:

https://github.com/zeromq/czmq/tree/master/examples/security

Kind regards,
Luca Boccassi




More information about the zeromq-dev mailing list