Encryption
ZeroMQ 4.x has extensible encryption, and comes with CurveZMQ as a built-in security mechanism. Pieter Hintjens has some articles that explain how this works. The only extra dependency is libsodium, which provides the Curve25519 security functions.
If you use the CZMQ binding, or a wrapper over that, you also get a set of security helpers: certificate generation, run time authentication, and so on.
Libzmq uses an extensible bridge for authentication, so you can use any backend you like, e.g. LDAP or PAM.
Comments: 3
page revision: 7, last edited: 11 Jun 2017 16:16
munged may be an option.
Could you maybe add the ability to set a preshared key on a socket? If this is done in 0MQ it would by much easier than doing the encryption/decryption on different OS and different languages. Maybe it's not a perfect solution, but it would work with multicast and I think it's better than nothing while waiting on someting like SSL or so.
Hi, I am looking into the possibility to use the zeroMq from z/OS accessible from assembler. Does a z/OS option exist?
Then there is the question about security. In our organization nothing is accepted by security boards if the transport cannot be encryption and secured against manipulation. Currently I cannot see any alternative to SSL because of the administration of certs which is already in place in most organizations.
If no assembler routines exist in the existing implementation, what would be the cost to implement a component with basic support (point 2 point, safe delivery, delivery once? We will consider developing a “client” if the effort is reasonable in man hours.