2013-05-15 17:54:03 +02:00
|
|
|
zmq_curve(7)
|
|
|
|
|
============
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
NAME
|
|
|
|
|
----
|
2013-06-20 18:09:12 +02:00
|
|
|
zmq_curve - secure authentication and confidentiality
|
2013-05-15 17:54:03 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
SYNOPSIS
|
|
|
|
|
--------
|
|
|
|
|
The CURVE mechanism defines a mechanism for secure authentication and
|
|
|
|
|
confidentiality for communications between a client and a server. CURVE
|
|
|
|
|
is intended for use on public networks. The CURVE mechanism is defined
|
|
|
|
|
by this document: <http://rfc.zeromq.org/spec:25>.
|
|
|
|
|
|
|
|
|
|
|
2013-06-20 18:09:12 +02:00
|
|
|
CLIENT AND SERVER ROLES
|
2013-05-15 17:54:03 +02:00
|
|
|
-----------------------
|
2013-06-20 18:30:30 +02:00
|
|
|
A socket using CURVE can be either client or server, at any moment, but
|
|
|
|
|
not both. The role is independent of bind/connect direction.
|
|
|
|
|
|
|
|
|
|
A socket can change roles at any point by setting new options. The role
|
|
|
|
|
affects all zmq_connect and zmq_bind calls that follow it.
|
2013-05-15 17:54:03 +02:00
|
|
|
|
2013-06-20 18:09:12 +02:00
|
|
|
To become a CURVE server, the application sets the ZMQ_CURVE_SERVER option
|
|
|
|
|
on the socket, and then sets the ZMQ_CURVE_SECRETKEY option to provide the
|
|
|
|
|
socket with its long-term secret key. The application does not provide the
|
|
|
|
|
socket with its long-term public key, which is used only by clients.
|
2013-05-15 17:54:03 +02:00
|
|
|
|
2013-06-20 18:09:12 +02:00
|
|
|
To become a CURVE client, the application sets the ZMQ_CURVE_SERVERKEY
|
|
|
|
|
option with the long-term public key of the server it intends to connect
|
2013-06-20 18:30:30 +02:00
|
|
|
to, or accept connections from, next. The application then sets the
|
|
|
|
|
ZMQ_CURVE_PUBLICKEY and ZMQ_CURVE_SECRETKEY options with its client
|
|
|
|
|
long-term key pair.
|
2013-06-20 18:09:12 +02:00
|
|
|
|
|
|
|
|
If the server does authentication it will be based on the client's long
|
|
|
|
|
term public key.
|
|
|
|
|
|
Added Z85 support
The use of binary for CURVE keys is painful; you cannot easily copy
these in e.g. email, or use them directly in source code. There are
various encoding possibilities. Base16 and Base64 are not optimal.
Ascii85 is not safe for source (it generates quotes and escapes).
So, I've designed a new Base85 encoding, Z85, which is safe to use
in code and elsewhere, and I've modified libzmq to use this where
it also uses binary keys (in get/setsockopt).
Very simply, if you use a 32-byte value, it's Base256 (binary),
and if you use a 40-byte value, it's Base85 (Z85).
I've put the Z85 codec into z85_codec.hpp, it's not elegant C++
but it is minimal and it works. Feel free to rewrap as a real class
if this annoys you.
2013-06-28 22:10:22 +02:00
|
|
|
KEY ENCODING
|
|
|
|
|
------------
|
|
|
|
|
The standard representation for keys in source code is either 32 bytes of
|
|
|
|
|
base 256 (binary) data, or 40 characters of base 85 data encoded using the
|
|
|
|
|
Z85 algorithm defined by http://rfc.zeromq.org/spec:32.
|
|
|
|
|
|
|
|
|
|
The Z85 algorithm is designed to produce printable key strings for use in
|
|
|
|
|
configuration files, the command line, and code. There is a reference
|
|
|
|
|
implementation in C at https://github.com/zeromq/rfc/tree/master/src.
|
|
|
|
|
|
|
|
|
|
|
2013-06-20 18:09:12 +02:00
|
|
|
TEST KEY VALUES
|
|
|
|
|
---------------
|
Added Z85 support
The use of binary for CURVE keys is painful; you cannot easily copy
these in e.g. email, or use them directly in source code. There are
various encoding possibilities. Base16 and Base64 are not optimal.
Ascii85 is not safe for source (it generates quotes and escapes).
So, I've designed a new Base85 encoding, Z85, which is safe to use
in code and elsewhere, and I've modified libzmq to use this where
it also uses binary keys (in get/setsockopt).
Very simply, if you use a 32-byte value, it's Base256 (binary),
and if you use a 40-byte value, it's Base85 (Z85).
I've put the Z85 codec into z85_codec.hpp, it's not elegant C++
but it is minimal and it works. Feel free to rewrap as a real class
if this annoys you.
2013-06-28 22:10:22 +02:00
|
|
|
For test cases, the client shall use this long-term key pair (specified
|
|
|
|
|
as hexadecimal and in Z85):
|
2013-06-20 18:09:12 +02:00
|
|
|
|
|
|
|
|
----
|
Added Z85 support
The use of binary for CURVE keys is painful; you cannot easily copy
these in e.g. email, or use them directly in source code. There are
various encoding possibilities. Base16 and Base64 are not optimal.
Ascii85 is not safe for source (it generates quotes and escapes).
So, I've designed a new Base85 encoding, Z85, which is safe to use
in code and elsewhere, and I've modified libzmq to use this where
it also uses binary keys (in get/setsockopt).
Very simply, if you use a 32-byte value, it's Base256 (binary),
and if you use a 40-byte value, it's Base85 (Z85).
I've put the Z85 codec into z85_codec.hpp, it's not elegant C++
but it is minimal and it works. Feel free to rewrap as a real class
if this annoys you.
2013-06-28 22:10:22 +02:00
|
|
|
public:
|
|
|
|
|
BB88471D65E2659B30C55A5321CEBB5AAB2B70A398645C26DCA2B2FCB43FC518
|
|
|
|
|
Yne@$w-vo<fVvi]a<NY6T1ed:M$fCG*[IaLV{hID
|
|
|
|
|
|
|
|
|
|
secret:
|
|
|
|
|
7BB864B489AFA3671FBE69101F94B38972F24816DFB01B51656B3FEC8DFD0888
|
|
|
|
|
D:)Q[IlAW!ahhC2ac:9*A}h:p?([4%wOTJ%JR%cs
|
2013-06-20 18:09:12 +02:00
|
|
|
----
|
|
|
|
|
|
Added Z85 support
The use of binary for CURVE keys is painful; you cannot easily copy
these in e.g. email, or use them directly in source code. There are
various encoding possibilities. Base16 and Base64 are not optimal.
Ascii85 is not safe for source (it generates quotes and escapes).
So, I've designed a new Base85 encoding, Z85, which is safe to use
in code and elsewhere, and I've modified libzmq to use this where
it also uses binary keys (in get/setsockopt).
Very simply, if you use a 32-byte value, it's Base256 (binary),
and if you use a 40-byte value, it's Base85 (Z85).
I've put the Z85 codec into z85_codec.hpp, it's not elegant C++
but it is minimal and it works. Feel free to rewrap as a real class
if this annoys you.
2013-06-28 22:10:22 +02:00
|
|
|
And the server shall use this long-term key pair (specified as hexadecimal
|
|
|
|
|
and in Z85):
|
2013-06-20 18:09:12 +02:00
|
|
|
|
|
|
|
|
----
|
Added Z85 support
The use of binary for CURVE keys is painful; you cannot easily copy
these in e.g. email, or use them directly in source code. There are
various encoding possibilities. Base16 and Base64 are not optimal.
Ascii85 is not safe for source (it generates quotes and escapes).
So, I've designed a new Base85 encoding, Z85, which is safe to use
in code and elsewhere, and I've modified libzmq to use this where
it also uses binary keys (in get/setsockopt).
Very simply, if you use a 32-byte value, it's Base256 (binary),
and if you use a 40-byte value, it's Base85 (Z85).
I've put the Z85 codec into z85_codec.hpp, it's not elegant C++
but it is minimal and it works. Feel free to rewrap as a real class
if this annoys you.
2013-06-28 22:10:22 +02:00
|
|
|
public:
|
|
|
|
|
54FCBA24E93249969316FB617C872BB0C1D1FF14800427C594CBFACF1BC2D652
|
|
|
|
|
rq:rM>}U?@Lns47E1%kR.o@n%FcmmsL/@{H8]yf7
|
|
|
|
|
|
|
|
|
|
secret:
|
|
|
|
|
8E0BDD697628B91D8F245587EE95C5B04D48963F79259877B49CD9063AEAD3B7
|
|
|
|
|
JTKVSB%%)wK0E.X)V>+}o?pNmC{O&4W4b!Ni{Lh6
|
2013-06-20 18:09:12 +02:00
|
|
|
----
|
2013-05-15 17:54:03 +02:00
|
|
|
|
|
|
|
|
SEE ALSO
|
|
|
|
|
--------
|
2013-09-15 20:07:33 +02:00
|
|
|
linkzmq:zmq_z85_encode[3]
|
|
|
|
|
linkzmq:zmq_z85_decode[3]
|
2013-05-15 17:54:03 +02:00
|
|
|
linkzmq:zmq_setsockopt[3]
|
|
|
|
|
linkzmq:zmq_null[7]
|
|
|
|
|
linkzmq:zmq_plain[7]
|
|
|
|
|
linkzmq:zmq[7]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
AUTHORS
|
|
|
|
|
-------
|
|
|
|
|
This page was written by the 0MQ community. To make a change please
|
|
|
|
|
read the 0MQ Contribution Policy at <http://www.zeromq.org/docs:contributing>.
|
