0
0
mirror of https://github.com/zeromq/libzmq.git synced 2025-01-14 01:37:56 +08:00
libzmq/doc/zmq_curve.adoc
Francesco Montorsi b6ca9b2983 Feature: modernize API documentation
* migrate from the old, unmaintained "asciidoc-py" tool to the new "asciidoctor" generator
* migrate from asciidoc-py syntax to the modern Asciidoc syntax (especially page titles and section titles)
* remove the need of "xmlto" utility to create the manpage output; use asciidoctor for that
* add HTML output support to the doc/Makefile by using asciidoctor
* change API documentation files extension from .txt to .adoc to make it more explicit that they are Asciidoc-encoded (as a bonus several IDE plugins will autodetect the .adoc format as Asciidoc)
* remove asciidoc.conf: asciidoctor does not support that; this also required replacing the macro linkzmq into all documentation pages
* add a new Github action CI do deploy to Github Pages the static HTMLs produced by Asciidoctors
* removed references to the "xmlto" and "a2x" tools from the build and packaging systems: Asciidoctor can convert the documentation directly to e.g. pdf (via extended converters) and anyway there was no code/target for using "xmlto" and "a2x" tools anyway
2023-10-25 23:59:38 +02:00

85 lines
2.8 KiB
Plaintext

= zmq_curve(7)
== NAME
zmq_curve - secure authentication and confidentiality
== SYNOPSIS
The CURVE mechanism defines a mechanism for secure authentication and
confidentiality for communications between a client and a server. CURVE
is intended for use on public networks. The CURVE mechanism is defined
by this document: <http://rfc.zeromq.org/spec:25>.
== CLIENT AND SERVER ROLES
A socket using CURVE can be either client or server, at any moment, but
not both. The role is independent of bind/connect direction.
A socket can change roles at any point by setting new options. The role
affects all zmq_connect and zmq_bind calls that follow it.
To become a CURVE server, the application sets the ZMQ_CURVE_SERVER option
on the socket, and then sets the ZMQ_CURVE_SECRETKEY option to provide the
socket with its long-term secret key. The application does not provide the
socket with its long-term public key, which is used only by clients.
To become a CURVE client, the application sets the ZMQ_CURVE_SERVERKEY
option with the long-term public key of the server it intends to connect
to, or accept connections from, next. The application then sets the
ZMQ_CURVE_PUBLICKEY and ZMQ_CURVE_SECRETKEY options with its client
long-term key pair.
If the server does authentication it will be based on the client's long
term public key.
== KEY ENCODING
The standard representation for keys in source code is either 32 bytes of
base 256 (binary) data, or 40 characters of base 85 data encoded using the
Z85 algorithm defined by http://rfc.zeromq.org/spec:32.
The Z85 algorithm is designed to produce printable key strings for use in
configuration files, the command line, and code. There is a reference
implementation in C at https://github.com/zeromq/rfc/tree/master/src.
== TEST KEY VALUES
For test cases, the client shall use this long-term key pair (specified
as hexadecimal and in Z85):
----
public:
BB88471D65E2659B30C55A5321CEBB5AAB2B70A398645C26DCA2B2FCB43FC518
Yne@$w-vo<fVvi]a<NY6T1ed:M$fCG*[IaLV{hID
secret:
7BB864B489AFA3671FBE69101F94B38972F24816DFB01B51656B3FEC8DFD0888
D:)Q[IlAW!ahhC2ac:9*A}h:p?([4%wOTJ%JR%cs
----
And the server shall use this long-term key pair (specified as hexadecimal
and in Z85):
----
public:
54FCBA24E93249969316FB617C872BB0C1D1FF14800427C594CBFACF1BC2D652
rq:rM>}U?@Lns47E1%kR.o@n%FcmmsL/@{H8]yf7
secret:
8E0BDD697628B91D8F245587EE95C5B04D48963F79259877B49CD9063AEAD3B7
JTKVSB%%)wK0E.X)V>+}o?pNmC{O&4W4b!Ni{Lh6
----
== SEE ALSO
xref:zmq_z85_encode.adoc[zmq_z85_encode]
xref:zmq_z85_decode.adoc[zmq_z85_decode]
xref:zmq_setsockopt.adoc[zmq_setsockopt]
xref:zmq_null.adoc[zmq_null]
xref:zmq_plain.adoc[zmq_plain]
xref:zmq.adoc[zmq]
== AUTHORS
This page was written by the 0MQ community. To make a change please
read the 0MQ Contribution Policy at <http://www.zeromq.org/docs:contributing>.