mirror of
https://github.com/zeromq/libzmq.git
synced 2024-12-26 23:01:04 +08:00
85 lines
2.8 KiB
Plaintext
85 lines
2.8 KiB
Plaintext
= zmq_curve(7)
|
|
|
|
|
|
== NAME
|
|
zmq_curve - secure authentication and confidentiality
|
|
|
|
|
|
== SYNOPSIS
|
|
The CURVE mechanism defines a mechanism for secure authentication and
|
|
confidentiality for communications between a client and a server. CURVE
|
|
is intended for use on public networks. The CURVE mechanism is defined
|
|
by this document: <http://rfc.zeromq.org/spec:25>.
|
|
|
|
|
|
== CLIENT AND SERVER ROLES
|
|
A socket using CURVE can be either client or server, at any moment, but
|
|
not both. The role is independent of bind/connect direction.
|
|
|
|
A socket can change roles at any point by setting new options. The role
|
|
affects all zmq_connect and zmq_bind calls that follow it.
|
|
|
|
To become a CURVE server, the application sets the ZMQ_CURVE_SERVER option
|
|
on the socket, and then sets the ZMQ_CURVE_SECRETKEY option to provide the
|
|
socket with its long-term secret key. The application does not provide the
|
|
socket with its long-term public key, which is used only by clients.
|
|
|
|
To become a CURVE client, the application sets the ZMQ_CURVE_SERVERKEY
|
|
option with the long-term public key of the server it intends to connect
|
|
to, or accept connections from, next. The application then sets the
|
|
ZMQ_CURVE_PUBLICKEY and ZMQ_CURVE_SECRETKEY options with its client
|
|
long-term key pair.
|
|
|
|
If the server does authentication it will be based on the client's long
|
|
term public key.
|
|
|
|
== KEY ENCODING
|
|
The standard representation for keys in source code is either 32 bytes of
|
|
base 256 (binary) data, or 40 characters of base 85 data encoded using the
|
|
Z85 algorithm defined by http://rfc.zeromq.org/spec:32.
|
|
|
|
The Z85 algorithm is designed to produce printable key strings for use in
|
|
configuration files, the command line, and code. There is a reference
|
|
implementation in C at https://github.com/zeromq/rfc/tree/master/src.
|
|
|
|
|
|
== TEST KEY VALUES
|
|
For test cases, the client shall use this long-term key pair (specified
|
|
as hexadecimal and in Z85):
|
|
|
|
----
|
|
public:
|
|
BB88471D65E2659B30C55A5321CEBB5AAB2B70A398645C26DCA2B2FCB43FC518
|
|
Yne@$w-vo<fVvi]a<NY6T1ed:M$fCG*[IaLV{hID
|
|
|
|
secret:
|
|
7BB864B489AFA3671FBE69101F94B38972F24816DFB01B51656B3FEC8DFD0888
|
|
D:)Q[IlAW!ahhC2ac:9*A}h:p?([4%wOTJ%JR%cs
|
|
----
|
|
|
|
And the server shall use this long-term key pair (specified as hexadecimal
|
|
and in Z85):
|
|
|
|
----
|
|
public:
|
|
54FCBA24E93249969316FB617C872BB0C1D1FF14800427C594CBFACF1BC2D652
|
|
rq:rM>}U?@Lns47E1%kR.o@n%FcmmsL/@{H8]yf7
|
|
|
|
secret:
|
|
8E0BDD697628B91D8F245587EE95C5B04D48963F79259877B49CD9063AEAD3B7
|
|
JTKVSB%%)wK0E.X)V>+}o?pNmC{O&4W4b!Ni{Lh6
|
|
----
|
|
|
|
== SEE ALSO
|
|
* xref:zmq_z85_encode.adoc[zmq_z85_encode]
|
|
* xref:zmq_z85_decode.adoc[zmq_z85_decode]
|
|
* xref:zmq_setsockopt.adoc[zmq_setsockopt]
|
|
* xref:zmq_null.adoc[zmq_null]
|
|
* xref:zmq_plain.adoc[zmq_plain]
|
|
* xref:zmq.adoc[zmq]
|
|
|
|
|
|
== AUTHORS
|
|
This page was written by the 0MQ community. To make a change please
|
|
read the 0MQ Contribution Policy at <https://zeromq.org/how-to-contribute/>.
|