Support for security features in 4.0.0

[saki7]

ZeroMQ protocol 4.0 and current CZMQ support new security features. I'd love to see it in rbczmq.

see: http://zeromq.org/docs:changes-4-0-0#toc4

[methodmissing]

Hi Nana,

It's on the roadmap - we just haven't gotten around to it yet as entry to 2014's been busy ...

[saki7]

I see :)

[mattconnolly]

Hi @saki7,

One thing you could do to help, would be to let us know if you can compile zeromq and czmq on your operating system with security. This will require libsodium to be installed.

Depending on your system there there may be some steps required to make this happen. If you can try this out and let us know what you find that would be great.

Cheers, Matt.

[saki7]

I have been using zeromq4-x and czmq for a while, which are built with libsodium. I haven't actually run the auth functions but since it has been successfully compiled so I guess I can use it if I want.

No complex process required, I just ran usual configure and make. Maybe I had installed some dependencies by apt-get install.

My environment is Ubuntu 12.04 LTS, GCC 4.8.1, and Ruby 2.1.0. Can you allow me to clarify, to be more specific, what do you actually want to know about my environment?

[methodmissing]

Seems like a good start already then :-) I'll sync up with Matt and see where we can get with this ...

[saki7]

Yea. I am currently using ZMQ for bridging between C++ client and Ruby on Rails server. BTW I think ZMQ's protocol and API are fairly simple and clean. I like the design and concepts.

[skandragon]

Bump?

[skandragon]

Is it just a matter of defining the constants like DOMAIN and so on? It looks like there is a bit of other work, like depreciating ipv4only and using ipv6 instead, but that doesn't seem too terribly hard.

[methodmissing]

@skandragon there's quite a bit more to it.

• Introduce support for bundling curve
• Align the binding with libzmq mainline
• Align the binding with czmq mainline
• Introduce support for the curve specific API

I'll catch up when there's a block of free time.

[skandragon]

It could be done in some level of stages though, and I could do some of it. For instance, you don't actually need CURVE to be there in order to use the ZAP interface, which enables authentication using non-CURVE methods. The aligning could happen without adding curve, and I might be able to do some of that if you don't get to it first.

[nestegg]

Is there something I can do to help move this forward?

[jesuspc]

Any update on this?

[paddor]

@jesuspc You might wanna take a look at CZTop, a new CZMQ binding based on FFI. It supports ZMQ >= 4.0, including security features (CURVE).

[joegoggins]

Thanks for the link and the library @paddor :smile: !

I'm early in a greenfield project that requires zmq auth + secure encrypted communications and I'm considering switching out the backend to use CZTop instead. Your architectural approach with CZTop looks awesome, not to mention 100% test coverage and solid documentation. I'm looking forward to giving it a whirl.

This said, @methodmissing , I've had great luck with rbczmq and don't want to dive into a technical change I don't need to if I can get that same or similar functionality soon via this library. I'm curious on your thoughts/recommendations. (also, thanks for the great open source library!)