[zeromq-dev] encryption for zyre, presentation at next OpenwrtSummit in Prague

Justin Azoff justin.azoff at gmail.com
Wed Oct 25 19:22:07 CEST 2017


On Wed, Oct 25, 2017 at 12:10 PM, Benjamin Henrion <zoobab at gmail.com> wrote:
> On Wed, Oct 25, 2017 at 3:04 PM, Luca Boccassi <luca.boccassi at gmail.com> wrote:
>> On Wed, 2017-10-25 at 14:24 +0200, Benjamin Henrion wrote:
>>> I tried to compile the head of zyre today, did not worked out...
>>>
>>> I will try to paste my error once my laptop is charged...
>>
>> Just tried, builds fine on Debian 9 amd64, also seems to work fine on a
>> number of distros/architectures:
>>
>> https://build.opensuse.org/package/show/network:messaging:zeromq:git-stable/zyre
>>
>> What's the issue you are seeing?
>
> Yeah tried in a docker debian:9, zyre and glard builds fine now.
>
> Any quick how to setup the encryption keys?
>

There's a few steps...

First you need to start up a global zauth actor and configure it using
something like:

        zactor_t *auth = zactor_new (zauth,NULL);
        zstr_send(auth,"VERBOSE");
        zsock_wait(auth);
        zstr_sendx (auth, "CURVE", public_key_dir_path, NULL);
        zsock_wait(auth);

Then you need to load your key and configure zyre to use it before
calling zyre_start

        cert = zcert_load(private_key_path);
        assert(cert);
        zyre_set_zcert(zyre_actor, cert);

Then you just need to drop the public key from each node into the
public_key_dir_path.

To generate the keys you can use the curve_keygen or zmakecert tools..
I embedded it into my application so it can generate the keys
automatically on first run:

https://github.com/JustinAzoff/simpledisco/blob/master/keygen_cmd.c

It's just zcert_new + zcert_save, but you need some extra logic to
make it idempotent.



-- 
- Justin



More information about the zeromq-dev mailing list