Hi Luca, Thanks very much for your response. I had read that test, though, and find that it always generates keys on the fly to run the tests and never loads them from disk. I'll need to read them from disk in the real world, of course. I just can't find examples of doing that outside of CZMQ. Perhaps curve was just never intended to be used directly in the ZeroMQ core?
Thanks again - Brian. -----Original Message----- From: zeromq-dev [mailto:[email protected]] On Behalf Of Luca Boccassi Sent: Friday, March 24, 2017 7:01 AM To: ZeroMQ development list Subject: Re: [zeromq-dev] CZMQ a requirement for curve and ZeroMQ? On Fri, 2017-03-24 at 05:40 -0500, Brian Sellden wrote: > Hello, > > I've done some looking around on this and am just confused about what > support there is for curve without using czmq. Some references say > that the support for reading/writing certs and such in the C++ ZeroMQ > core is not that great so just use CZMQ. > > So perhaps misguided, I attempted to load a secret key from a zcert_t > and stuff it into a zmq::socket_t with setsockopt. Doing so always > throws an 'invalid argument' exception so I guess I just need some > guidance. Here's my code: > > > > zmq::socket_t newSocket(zmq::context_t &context, int socketType, > > const char* endpoint) { > > // Create the socket > > zmq::socket_t socket(context, socketType); > > > > // Configure as a curve server, Stonehouse. > > int server = 1; > > socket.setsockopt(ZMQ_CURVE_SERVER, &server, > sizeof(server)); > > std::cout << "Configured socket as curve server" << > std::endl; > > > > // Read secret key and set on socket. > > zcert_t* cert = > zcert_load("certs/session_logging_daemon.txt_secret"); > > std::cout << "Loaded keyfile." << std::endl; > > // const byte* secret = zcert_secret_key(cert); > > const char* secret = zcert_secret_txt(cert); > > std::cout << "Retrieved secret key of length " << > sizeof(secret) > > << std::endl; > > socket.setsockopt(ZMQ_CURVE_SECRETKEY, secret, > sizeof(secret)); > > std::cout << "Added secret key to socket" << > std::endl; > > zcert_destroy(&cert); > > > > // Bind the socket > > socket.bind(endpoint); > > > > return socket; > > } > > > > And the output is: > > Configured socket as curve server > > Loaded keyfile. > > Retrieved secret key of length 8 > > terminate called after throwing an instance of 'zmq::error_t' > > what(): Invalid argument > > > > Thanks - > > > > Brian. Hi, Curve can be used with just libzmq, see a working example in the unit test: https://github.com/zeromq/libzmq/blob/master/tests/test_security_curve.cpp CZMQ will make your life easier with a higher level abstraction and classes to manage certificates, see examples: https://github.com/zeromq/czmq/tree/master/examples/security Kind regards, Luca Boccassi _______________________________________________ zeromq-dev mailing list [email protected] https://lists.zeromq.org/mailman/listinfo/zeromq-dev
