Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add curve security support #249

Open
Avadesign-David opened this issue Mar 8, 2017 · 6 comments
Open

Add curve security support #249

Avadesign-David opened this issue Mar 8, 2017 · 6 comments

Comments

@Avadesign-David
Copy link

Currently, it only support plain account password with zauth api. But according to czmq document, zauth also support curve security.
Is there any reason that do not support curve?Or, it just haven't implement it?

I have already use malamute in my project for a while, it work fine when use this in my home automation gateway.
But i think it may be also useful for communicate with the mobile app which we need the transfer data to be protect.
@bluca
Copy link
Member

bluca commented Mar 8, 2017

It's just not been implement yet. If you would like to work on it please send us a PR and we'll be happy to merge it, and if you have questions just ask, here or on the mailing list

@Avadesign-David
Copy link
Author

I have an idea for adding curve security feature in malamute.
Is it possible to add another ZMQ_ROUTER in malamute and we set this interface to use curve security?
With this, malamute has 2 interface for client, one is original, the other one is for those client need curve security.

  1. The original one handle those client use "ipc" or "inproc" connection to malamute server, and do not need to waste cpu resource on data encryption.
  2. The other one handle those client is from internet connection.

@bluca
Copy link
Member

bluca commented Mar 11, 2017

Wouldn't it be simpler to just add an option to enable curve? There's already one for plain auth

@Avadesign-David
Copy link
Author

Well, add curve feature one original is much simple.
But it will force all the client to use curve security, event some client is in the same pc. I think it may cost more cpu usage. I wonder if we can open two interface to let the plain auth and curve auth exists at same time.

@Avadesign-David
Copy link
Author

I have found that the curve only support in "tcp". So, if i enabled the curve in the malamute, it will only works in "tcp" transport, right?
According to this limit, may be we can enable the curve security, and bind the transport on both "ipc" and "tcp". Then the curve will works on "tcp" interface while the "ipc" transport remain no curve security support.

@bluca
Copy link
Member

bluca commented Mar 19, 2017

Curve is independent with regards to the transport type and socket type, so it will work on IPC too.

If you want to send a PR to add this new API please do so (mark it DRAFT) and then we can see where to go from there. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bluca @Avadesign-David