[zeromq-dev] CZMQ a requirement for curve and ZeroMQ?
Luca Boccassi
luca.boccassi at gmail.com
Fri Mar 24 15:56:19 CET 2017
Hi Brian,
Curve can be used and indeed it is used with just libzmq, for users who
have their own file management in their application. This is a valid
use case, and only a keygen utility is provided (which is also
optional). This is out of scope of the libzmq curve unit tests.
If you wish to make use of higher level abstraction that's what CZMQ is
there for, with the zcert* classes.
On Fri, 2017-03-24 at 08:00 -0500, Brian Sellden wrote:
> Hi Luca,
>
> Thanks very much for your response. I had read that test, though,
> and find that it always generates keys on the fly to run the tests
> and never loads them from disk. I'll need to read them from disk in
> the real world, of course. I just can't find examples of doing that
> outside of CZMQ. Perhaps curve was just never intended to be used
> directly in the ZeroMQ core?
>
> Thanks again -
>
> Brian.
>
> -----Original Message-----
> From: zeromq-dev [mailto:zeromq-dev-bounces at lists.zeromq.org] On
> Behalf Of Luca Boccassi
> Sent: Friday, March 24, 2017 7:01 AM
> To: ZeroMQ development list
> Subject: Re: [zeromq-dev] CZMQ a requirement for curve and ZeroMQ?
>
> On Fri, 2017-03-24 at 05:40 -0500, Brian Sellden wrote:
> > Hello,
> >
> > I've done some looking around on this and am just confused about
> > what
> > support there is for curve without using czmq. Some references
> > say
> > that the support for reading/writing certs and such in the C++
> > ZeroMQ
> > core is not that great so just use CZMQ.
> >
> > So perhaps misguided, I attempted to load a secret key from a
> > zcert_t
> > and stuff it into a zmq::socket_t with setsockopt. Doing so
> > always
> > throws an 'invalid argument' exception so I guess I just need some
> > guidance. Here's my code:
> >
> >
> >
> > zmq::socket_t newSocket(zmq::context_t &context, int socketType,
> >
> > const char* endpoint) {
> >
> > // Create the socket
> >
> > zmq::socket_t socket(context, socketType);
> >
> >
> >
> > // Configure as a curve server, Stonehouse.
> >
> > int server = 1;
> >
> > socket.setsockopt(ZMQ_CURVE_SERVER, &server,
> > sizeof(server));
> >
> > std::cout << "Configured socket as curve server"
> > <<
> > std::endl;
> >
> >
> >
> > // Read secret key and set on socket.
> >
> > zcert_t* cert =
> > zcert_load("certs/session_logging_daemon.txt_secret");
> >
> > std::cout << "Loaded keyfile." << std::endl;
> >
> > // const byte* secret = zcert_secret_key(cert);
> >
> > const char* secret = zcert_secret_txt(cert);
> >
> > std::cout << "Retrieved secret key of length " <<
> > sizeof(secret)
> >
> > << std::endl;
> >
> > socket.setsockopt(ZMQ_CURVE_SECRETKEY, secret,
> > sizeof(secret));
> >
> > std::cout << "Added secret key to socket" <<
> > std::endl;
> >
> > zcert_destroy(&cert);
> >
> >
> >
> > // Bind the socket
> >
> > socket.bind(endpoint);
> >
> >
> >
> > return socket;
> >
> > }
> >
> >
> >
> > And the output is:
> >
> > Configured socket as curve server
> >
> > Loaded keyfile.
> >
> > Retrieved secret key of length 8
> >
> > terminate called after throwing an instance of 'zmq::error_t'
> >
> > what(): Invalid argument
> >
> >
> >
> > Thanks -
> >
> >
> >
> > Brian.
>
> Hi,
>
> Curve can be used with just libzmq, see a working example in the unit
> test:
>
> https://github.com/zeromq/libzmq/blob/master/tests/test_security_curv
> e.cpp
>
> CZMQ will make your life easier with a higher level abstraction and
> classes to manage certificates, see examples:
>
> https://github.com/zeromq/czmq/tree/master/examples/security
>
> Kind regards,
> Luca Boccassi
>
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> https://lists.zeromq.org/mailman/listinfo/zeromq-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20170324/3b9058b7/attachment.sig>
More information about the zeromq-dev
mailing list