rbczmq icon indicating copy to clipboard operation
rbczmq copied to clipboard

Published 20 hours ago verified publisher icon methodmissing

Support for security features in 4.0.0

Open saki7 opened this issue 11 years ago • 14 comments

ZeroMQ protocol 4.0 and current CZMQ support new security features. I'd love to see it in rbczmq.

see: http://zeromq.org/docs:changes-4-0-0#toc4

saki7 avatar Feb 24 '14 10:02 saki7

Hi Nana,

It's on the roadmap - we just haven't gotten around to it yet as entry to 2014's been busy ...

methodmissing avatar Feb 24 '14 10:02 methodmissing

I see :)

saki7 avatar Feb 24 '14 10:02 saki7

Hi @saki7,

One thing you could do to help, would be to let us know if you can compile zeromq and czmq on your operating system with security. This will require libsodium to be installed.

Depending on your system there there may be some steps required to make this happen. If you can try this out and let us know what you find that would be great.

Cheers, Matt.

mattconnolly avatar Feb 24 '14 12:02 mattconnolly

I have been using zeromq4-x and czmq for a while, which are built with libsodium. I haven't actually run the auth functions but since it has been successfully compiled so I guess I can use it if I want.

No complex process required, I just ran usual configure and make. Maybe I had installed some dependencies by apt-get install.

My environment is Ubuntu 12.04 LTS, GCC 4.8.1, and Ruby 2.1.0. Can you allow me to clarify, to be more specific, what do you actually want to know about my environment?

saki7 avatar Feb 24 '14 14:02 saki7

Seems like a good start already then :-) I'll sync up with Matt and see where we can get with this ...

methodmissing avatar Feb 24 '14 14:02 methodmissing

Yea. I am currently using ZMQ for bridging between C++ client and Ruby on Rails server. BTW I think ZMQ's protocol and API are fairly simple and clean. I like the design and concepts.

saki7 avatar Feb 24 '14 15:02 saki7

Bump?

skandragon avatar Nov 13 '14 04:11 skandragon

Is it just a matter of defining the constants like DOMAIN and so on? It looks like there is a bit of other work, like depreciating ipv4only and using ipv6 instead, but that doesn't seem too terribly hard.

skandragon avatar Nov 13 '14 04:11 skandragon

@skandragon there's quite a bit more to it.

  • Introduce support for bundling curve
  • Align the binding with libzmq mainline
  • Align the binding with czmq mainline
  • Introduce support for the curve specific API

I'll catch up when there's a block of free time.

methodmissing avatar Nov 13 '14 10:11 methodmissing

It could be done in some level of stages though, and I could do some of it. For instance, you don't actually need CURVE to be there in order to use the ZAP interface, which enables authentication using non-CURVE methods. The aligning could happen without adding curve, and I might be able to do some of that if you don't get to it first.

skandragon avatar Nov 13 '14 16:11 skandragon

Is there something I can do to help move this forward?

nestegg avatar Jul 06 '15 19:07 nestegg

Any update on this?

jesuspc avatar Jan 25 '16 12:01 jesuspc

@jesuspc You might wanna take a look at CZTop, a new CZMQ binding based on FFI. It supports ZMQ >= 4.0, including security features (CURVE).

paddor avatar Jan 25 '16 17:01 paddor

Thanks for the link and the library @paddor :smile: !

I'm early in a greenfield project that requires zmq auth + secure encrypted communications and I'm considering switching out the backend to use CZTop instead. Your architectural approach with CZTop looks awesome, not to mention 100% test coverage and solid documentation. I'm looking forward to giving it a whirl.

This said, @methodmissing , I've had great luck with rbczmq and don't want to dive into a technical change I don't need to if I can get that same or similar functionality soon via this library. I'm curious on your thoughts/recommendations. (also, thanks for the great open source library!)

joegoggins avatar Mar 22 '16 20:03 joegoggins