[zeromq-dev] encryption for zyre, presentation at next OpenwrtSummit in Prague

Wes Young wes at barely3am.com
Thu Sep 14 23:19:03 CEST 2017


https://github.com/zeromq/zyre/pull/554

talk about great timing :)

check out the tests- the way i implemented was to leave all the config magic to your app- just pass the keys down the stack and the lower bits do all the right things (i think, in that phase where the more people that bang on it the better).

beacon seems to work OK (in very limited testing), i put forth a “ZYREv3” rfc to start covering how keys could be advertised locally on the network (both in the beacon packet itself- as well as using X-PUBLICKEY headers). not meant to be “great” encryption- but enough to get your feet wet in a sandbox. there may be some issues with gossip (that may or may not have been related to curve) that i need to work out next, so that may or may not work/scale well.

you will need the latest czmq master which has similar changes in to to configure gossip for curve-

it’s a really rough start- but a start. happy for some [smarter people that i] to bat it around a bit.

> On Sep 14, 2017, at 5:00 PM, Benjamin Henrion <zoobab at gmail.com> wrote:
> 
> Now I would like to know if the curve encryption feature could already
> be used in some form, and how to set it up.
> 
> That was basically the last Pieter's project he presented at his last
> conference.
> 
> I have received today a bunch of glar150 routers, and some Allwinner
> H2 Orangepi Zero, which should run armbian but not yet openwrt/lede.

--
wes
wesyoung.me

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20170914/f0c9e8f7/attachment.sig>


More information about the zeromq-dev mailing list