malamute icon indicating copy to clipboard operation
malamute copied to clipboard

Published 20 hours ago verified publisher icon zeromq

Add curve security support

Open Avadesign-David opened this issue 7 years ago • 6 comments

Currently, it only support plain account password with zauth api. But according to czmq document, zauth also support curve security. Is there any reason that do not support curve?Or, it just haven't implement it?

I have already use malamute in my project for a while, it work fine when use this in my home automation gateway. But i think it may be also useful for communicate with the mobile app which we need the transfer data to be protect.

Avadesign-David avatar Mar 08 '17 07:03 Avadesign-David

It's just not been implement yet. If you would like to work on it please send us a PR and we'll be happy to merge it, and if you have questions just ask, here or on the mailing list

bluca avatar Mar 08 '17 08:03 bluca

I have an idea for adding curve security feature in malamute. Is it possible to add another ZMQ_ROUTER in malamute and we set this interface to use curve security? With this, malamute has 2 interface for client, one is original, the other one is for those client need curve security.

  1. The original one handle those client use "ipc" or "inproc" connection to malamute server, and do not need to waste cpu resource on data encryption.
  2. The other one handle those client is from internet connection.

Avadesign-David avatar Mar 11 '17 12:03 Avadesign-David

Wouldn't it be simpler to just add an option to enable curve? There's already one for plain auth

bluca avatar Mar 11 '17 12:03 bluca

Well, add curve feature one original is much simple. But it will force all the client to use curve security, event some client is in the same pc. I think it may cost more cpu usage. I wonder if we can open two interface to let the plain auth and curve auth exists at same time.

Avadesign-David avatar Mar 11 '17 12:03 Avadesign-David

I have found that the curve only support in "tcp". So, if i enabled the curve in the malamute, it will only works in "tcp" transport, right? According to this limit, may be we can enable the curve security, and bind the transport on both "ipc" and "tcp". Then the curve will works on "tcp" interface while the "ipc" transport remain no curve security support.

Avadesign-David avatar Mar 15 '17 09:03 Avadesign-David

Curve is independent with regards to the transport type and socket type, so it will work on IPC too.

If you want to send a PR to add this new API please do so (mark it DRAFT) and then we can see where to go from there. Thanks!

bluca avatar Mar 19 '17 19:03 bluca