From 87718c6102f92cba5eda062cac8f4a4778e0c152 Mon Sep 17 00:00:00 2001 From: Pieter Hintjens Date: Wed, 23 Oct 2013 16:03:40 +0200 Subject: [PATCH] Clarified use of secret/public keys --- doc/zmq_setsockopt.txt | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/doc/zmq_setsockopt.txt b/doc/zmq_setsockopt.txt index fe2e2913..f3c2e9c3 100644 --- a/doc/zmq_setsockopt.txt +++ b/doc/zmq_setsockopt.txt @@ -624,8 +624,9 @@ linkzmq:zmq_curve[7]. A value of '1' means the socket will act as CURVE server. A value of '0' means the socket will not act as CURVE server, and its security role then depends on other option settings. Setting this to '0' shall reset the socket security to NULL. When you -set this you must also set both the public and secret keys using the -ZMQ_CURVE_PUBLICKEY and ZMQ_CURVE_SECRETKEY options. +set this you must also set the server's secret key using the +ZMQ_CURVE_SECRETKEY option. A server socket does not need to know +its own public key. [horizontal] Option value type:: int @@ -637,14 +638,11 @@ Applicable socket types:: all, when using TCP transport ZMQ_CURVE_PUBLICKEY: Set CURVE public key ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Sets the socket's long term public key. You must set this on both CURVE -client and server sockets, see linkzmq:zmq_curve[7]. You can provide the -key as 32 binary bytes, or as a 40-character string encoded in the Z85 -encoding format. For servers, the public key must be persisted and -shared through some unspecified but secure mechanism to clients. The -public key must always be used with the matching secret key generated -at the same time. To generate a public/secret key pair, use the -tools/curve_keygen tool. +Sets the socket's long term public key. You must set this on CURVE client +sockets, see linkzmq:zmq_curve[7]. You can provide the key as 32 binary +bytes, or as a 40-character string encoded in the Z85 encoding format. +The public key must always be used with the matching secret key. To +generate a public/secret key pair, use linkzmq:zmq_curve_keypair[3]. [horizontal] Option value type:: binary data or Z85 text string @@ -659,7 +657,8 @@ ZMQ_CURVE_SECRETKEY: Set CURVE secret key Sets the socket's long term secret key. You must set this on both CURVE client and server sockets, see linkzmq:zmq_curve[7]. You can provide the key as 32 binary bytes, or as a 40-character string encoded in the Z85 -encoding format. +encoding format. To generate a public/secret key pair, use +linkzmq:zmq_curve_keypair[3]. [horizontal] Option value type:: binary data or Z85 text string @@ -674,7 +673,7 @@ ZMQ_CURVE_SERVERKEY: Set CURVE server key Sets the socket's long term server key. You must set this on CURVE client sockets, see linkzmq:zmq_curve[7]. You can provide the key as 32 binary bytes, or as a 40-character string encoded in the Z85 encoding format. -This key must be the same as the public key set on the server socket. +This key must have been generated together with the server's secret key. [horizontal] Option value type:: binary data or Z85 text string