On 11/02/10 21:27, MinRK wrote: > Is there a better model for hiding message data using an unmodified > current release version of zeromq, which means that zmq_send and > zmq_recv are black boxes, and are assumed to be operating on an > untrusted network?
first, two warnings: 1) the zeromq-2.0.10 release is still remotely crashable, so you need a trusted network. encryption does not make sense in a trusted network. 2) i have no idea about your environment, requirements and resources. what i say may sound funny, may be too python-centric, or just the wrong thing to do in your case. if you consider key distribution solved, just use hmac + aes to signcrypt the messages. pycrypto supports both. if you also need to do key distribution, i'd try to work with a pgp implementation first. gpgme and thus pyme is slow and difficult to deploy, but you'd be safe. also see the m2crypto page. it claims to have pgp support. http://chandlerproject.org/Projects/MeTooCrypto. the library list there is also interesting. here's a relevant topic: http://stackoverflow.com/questions/1020320/how-to-do-pgp-in-python-generate-keys-encrypt-decrypt if those solutions are not efficient enough, you have many options. simplest is poor man's pki: generate a secret, hardcode it in your application and use it for signcrypted key-exchange. you can do this with public key cryptography if you know how it works. you can make it so everybody agrees on a different key on first contact. but try very hard to get pgp working before you try your own methods. hth burak _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
