Re: [zeromq-dev] Titanic SP with encrypted data transfer
Thank you very much for the answer Pieter, On Fri, Dec 14, 2012 at 12:23 AM, Pieter Hintjens p...@imatix.com wrote: On Thu, Dec 13, 2012 at 11:42 PM, Jovan Kostovski chomb...@gmail.com wrote: I know that ZeroMQ supports TLS shared keys encryption... It doesn't, yet, unfortunately. Hm... I know that ZMQ does not support it by it self,but I saw some example[1] which use TLS shared key encryption, so I wanted now what are the options... If you need encryption, you will need to either do it at a lower layer (VPN) If I use VPN it won't affect the the ZMQ sockets and messages, It would just be a ZMQ communication through a secure channel, right. You can also encrypt per message, using pre-shared keys, which is the least nasty option IMO. I think I'll go for this solution because it does not affect the ZMQ messaging layer and it would be easy just to encrypt the message payload (the message bodies) I do hope we find a better general solution at some stage; you are not the only person who hits this. Are there any ideas how to support this except the once on http://www.zeromq.org/topics:encryption ? I'm willing to help in the development BR, Jovan References: [1] https://github.com/ianbarber/TLSZMQ ___ zeromq-dev mailing list zeromq-dev@lists.zeromq.org http://lists.zeromq.org/mailman/listinfo/zeromq-dev
Re: [zeromq-dev] Titanic SP with encrypted data transfer
ugh, this has been on my list for some time, slowly moving up the priority chain... (current target is mid-spring) https://github.com/wesyoung/libzmq if you wanna port it up the 3x tree and fiddle with it a bit. haven't touched it in a few months, and even then, only got it to compile. could someone post this to the encryption doc as a reference? i can't due to low karma.. :) On Dec 14, 2012, at 4:52 AM, Jovan Kostovski wrote: Thank you very much for the answer Pieter, On Fri, Dec 14, 2012 at 12:23 AM, Pieter Hintjens p...@imatix.com wrote: On Thu, Dec 13, 2012 at 11:42 PM, Jovan Kostovski chomb...@gmail.com wrote: I know that ZeroMQ supports TLS shared keys encryption... It doesn't, yet, unfortunately. Hm... I know that ZMQ does not support it by it self,but I saw some example[1] which use TLS shared key encryption, so I wanted now what are the options... If you need encryption, you will need to either do it at a lower layer (VPN) If I use VPN it won't affect the the ZMQ sockets and messages, It would just be a ZMQ communication through a secure channel, right. You can also encrypt per message, using pre-shared keys, which is the least nasty option IMO. I think I'll go for this solution because it does not affect the ZMQ messaging layer and it would be easy just to encrypt the message payload (the message bodies) I do hope we find a better general solution at some stage; you are not the only person who hits this. Are there any ideas how to support this except the once on http://www.zeromq.org/topics:encryption ? I'm willing to help in the development BR, Jovan References: [1] https://github.com/ianbarber/TLSZMQ ___ zeromq-dev mailing list zeromq-dev@lists.zeromq.org http://lists.zeromq.org/mailman/listinfo/zeromq-dev -- Wes wesyoung.me signature.asc Description: Message signed with OpenPGP using GPGMail ___ zeromq-dev mailing list zeromq-dev@lists.zeromq.org http://lists.zeromq.org/mailman/listinfo/zeromq-dev
Re: [zeromq-dev] Titanic SP with encrypted data transfer
On Thu, Dec 13, 2012 at 11:42 PM, Jovan Kostovski chomb...@gmail.com wrote: I know that ZeroMQ supports TLS shared keys encryption... It doesn't, yet, unfortunately. If you need encryption, you will need to either do it at a lower layer (VPN), which is usually quite nasty, or else modify the TSP protocol to do encryption using something like SASL, which is also nasty. You can also encrypt per message, using pre-shared keys, which is the least nasty option IMO. I do hope we find a better general solution at some stage; you are not the only person who hits this. -Pieter ___ zeromq-dev mailing list zeromq-dev@lists.zeromq.org http://lists.zeromq.org/mailman/listinfo/zeromq-dev
Re: [zeromq-dev] Titanic SP with encrypted data transfer
On Friday, December 14, 2012 12:23:19 AM Pieter Hintjens wrote: On Thu, Dec 13, 2012 at 11:42 PM, Jovan Kostovski chomb...@gmail.com wrote: I know that ZeroMQ supports TLS shared keys encryption... It doesn't, yet, unfortunately. If you need encryption, you will need to either do it at a lower layer (VPN), which is usually quite nasty, or else modify the TSP protocol to do encryption using something like SASL, which is also nasty. You can also encrypt per message, using pre-shared keys, which is the least nasty option IMO. Another idea is to gateway through a secure protocol such as HTTPS or XMPP when crossing hostile networks. This isn't really a ZeroMQ solution, but if the majority of your sockets aren't at risk and you're just trying to protect a couple of them that go over the internet, it's probably the best choice in terms of secureness vs nastiness. :) It is, however, quite some extra coding. Justin ___ zeromq-dev mailing list zeromq-dev@lists.zeromq.org http://lists.zeromq.org/mailman/listinfo/zeromq-dev