From 597cc5edd624525563e6549dc0057eca2a51c81d Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 11 Nov 2014 13:30:46 -0500 Subject: upgrade to new version --- doc/zmq_curve.txt | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 doc/zmq_curve.txt (limited to 'doc/zmq_curve.txt') diff --git a/doc/zmq_curve.txt b/doc/zmq_curve.txt new file mode 100644 index 0000000..e1fe697 --- /dev/null +++ b/doc/zmq_curve.txt @@ -0,0 +1,92 @@ +zmq_curve(7) +============ + + +NAME +---- +zmq_curve - secure authentication and confidentiality + + +SYNOPSIS +-------- +The CURVE mechanism defines a mechanism for secure authentication and +confidentiality for communications between a client and a server. CURVE +is intended for use on public networks. The CURVE mechanism is defined +by this document: . + + +CLIENT AND SERVER ROLES +----------------------- +A socket using CURVE can be either client or server, at any moment, but +not both. The role is independent of bind/connect direction. + +A socket can change roles at any point by setting new options. The role +affects all zmq_connect and zmq_bind calls that follow it. + +To become a CURVE server, the application sets the ZMQ_CURVE_SERVER option +on the socket, and then sets the ZMQ_CURVE_SECRETKEY option to provide the +socket with its long-term secret key. The application does not provide the +socket with its long-term public key, which is used only by clients. + +To become a CURVE client, the application sets the ZMQ_CURVE_SERVERKEY +option with the long-term public key of the server it intends to connect +to, or accept connections from, next. The application then sets the +ZMQ_CURVE_PUBLICKEY and ZMQ_CURVE_SECRETKEY options with its client +long-term key pair. + +If the server does authentication it will be based on the client's long +term public key. + +KEY ENCODING +------------ +The standard representation for keys in source code is either 32 bytes of +base 256 (binary) data, or 40 characters of base 85 data encoded using the +Z85 algorithm defined by http://rfc.zeromq.org/spec:32. + +The Z85 algorithm is designed to produce printable key strings for use in +configuration files, the command line, and code. There is a reference +implementation in C at https://github.com/zeromq/rfc/tree/master/src. + + +TEST KEY VALUES +--------------- +For test cases, the client shall use this long-term key pair (specified +as hexadecimal and in Z85): + +---- +public: + BB88471D65E2659B30C55A5321CEBB5AAB2B70A398645C26DCA2B2FCB43FC518 + Yne@$w-vo}U?@Lns47E1%kR.o@n%FcmmsL/@{H8]yf7 + +secret: + 8E0BDD697628B91D8F245587EE95C5B04D48963F79259877B49CD9063AEAD3B7 + JTKVSB%%)wK0E.X)V>+}o?pNmC{O&4W4b!Ni{Lh6 +---- + +SEE ALSO +-------- +linkzmq:zmq_z85_encode[3] +linkzmq:zmq_z85_decode[3] +linkzmq:zmq_setsockopt[3] +linkzmq:zmq_null[7] +linkzmq:zmq_plain[7] +linkzmq:zmq[7] + + +AUTHORS +------- +This page was written by the 0MQ community. To make a change please +read the 0MQ Contribution Policy at . -- cgit v1.2.3