Re: [zeromq-dev] ZeroMQ Curve Publish Subscribe

[LENFERINK Roy]

Hi Alex,

Thanks for your answer and explanation. It is now a bit more clear.
I also gave a look on the blogs of Pieter and this private / public key system 
is for authenticating the subscribers and after you are authenticated some 
short-term keys are exchanged.
So what I did, I created a .curve directory on my publisher with the public key 
of the subscriber, and only the subscriber has the private key (and keeps it 
private).
So now only the subscriber can connect to the socket of the publisher. And then 
they are securely exchanging the data which will be send between publisher and 
subscriber.

Thanks!

Greetings,
Roy


-Original Message-
From: zeromq-dev [mailto:zeromq-dev-boun...@lists.zeromq.org] On Behalf Of alex.
Sent: Thursday, 13 October, 2016 17:00
To: zeromq-dev@lists.zeromq.org
Subject: Re: [zeromq-dev] ZeroMQ Curve Publish Subscribe

Hi Roy,

it seems you are convoluting how ZeroMQ and CurveMQ work. ZMQ simply abstracts 
how clients talk over a network. Pub-Sub is a fine example of that since you, 
as a developer can write programs where clients can fan-out messages, i.e. from 
one node to many others in one direction.
This does not mean, however, that this is what actually happens. In fact, ZMQ 
opens as many (bidirectional) TCP connections between the publisher and all the 
subscribers and sends pretty much the same message from the publisher to all 
the subscribers, each in its own connection.

What this means for encryption is that the high-level message you send is 
actually encrypted with the public key of each subscriber and then sent 
individually. In fact, a single subscriber could never decrypt a message that 
was sent to another subscriber.

TL;DR it just _seems_ as though the publisher is "encrypting" the message once 
with his private key, but in fact the message is encrypted as many times as 
there are subscribers.

Cheers!
alex.



Disclaimer:

If you are not the intended recipient of this email, please notify the sender 
and
delete it.
Any unauthorized copying, disclosure or distribution of this email or its
attachment(s) is forbidden.
Thales Nederland BV will not accept liability for any damage caused by this 
email or
its attachment(s).
Thales Nederland BV is seated in Hengelo and is registered at the Chamber of
Commerce under number 06061578.


___
zeromq-dev mailing list
zeromq-dev@lists.zeromq.org
http://lists.zeromq.org/mailman/listinfo/zeromq-dev

Re: [zeromq-dev] ZeroMQ Curve Publish Subscribe

[Holger Joukl]

Hi,

(silent lurker on this list and no curve experience at all, but...)

"zeromq-dev"  schrieb am 13.10.2016
08:59:15:
> I would like to swap the keys, so, the publisher should encrypt the data
> with his public key, and the subscribers should decrypt the data using
> the private key of the publisher.

There seems to be some serious misunderstanding here imho:
Never ever give the private key (yours, or the publisher's) to someone else
(anybody, or the subscribers).

Holger

Landesbank Baden-Wuerttemberg
Anstalt des oeffentlichen Rechts
Hauptsitze: Stuttgart, Karlsruhe, Mannheim, Mainz
HRA 12704
Amtsgericht Stuttgart

___
zeromq-dev mailing list
zeromq-dev@lists.zeromq.org
http://lists.zeromq.org/mailman/listinfo/zeromq-dev

Re: [zeromq-dev] ZeroMQ Curve Publish Subscribe

[alex.]

Hi Roy,

it seems you are convoluting how ZeroMQ and CurveMQ work. ZMQ simply
abstracts how clients talk over a network. Pub-Sub is a fine example of
that since you, as a developer can write programs where clients can
fan-out messages, i.e. from one node to many others in one direction.
This does not mean, however, that this is what actually happens. In
fact, ZMQ opens as many (bidirectional) TCP connections between the
publisher and all the subscribers and sends pretty much the same message
from the publisher to all the subscribers, each in its own connection.

What this means for encryption is that the high-level message you send
is actually encrypted with the public key of each subscriber and then
sent individually. In fact, a single subscriber could never decrypt a
message that was sent to another subscriber.

TL;DR it just _seems_ as though the publisher is "encrypting" the
message once with his private key, but in fact the message is encrypted
as many times as there are subscribers.

Cheers!
alex.

On 13.10.2016 08:59, LENFERINK Roy wrote:
> Hello everyone,
> 
>  
> 
> Currently I’m investigating the possibilities of ZeroMQ.
> 
>  
> 
> At the moment, I have created a publisher subscribe system with curve
> enabled.
> 
>  
> 
> This is the code I used to get it up and running (got it from Pieter
> hintjes his blog):
> 
> http://pastebin.com/LjV8aKLG
> 
>  
> 
> At the moment, the publisher is encrypting data with his private key and
> 
> different subscribers can decrypt the data using the publishers public key.
> 
> This is more ‘authenticating’ data than ‘encrypting’ data.
> 
>  
> 
> I would like to swap the keys, so, the publisher should encrypt the data
> 
> with his public key, and the subscribers should decrypt the data using
> 
> the private key of the publisher.
> 
>  
> 
> I have tested it with just loading the public key into the publishers
> program
> 
> and then load the private key into the subscribers program and apply
> this key to the
> 
> subscribers socket, but this is constantly giving me a message:
> 
> “CURVE I: cannot open client HELLO – wrong server key?”
> 
>  
> 
> Is it possible to use a public key for encrypting data (publisher
> socket) and
> 
> the private key for decrypting data (subscriber socket) with the
> architecture of ZeroMQ ?
> 
>  
> 
> Many thanks in advance,
> 
> Roy
> 
> 
> Disclaimer:
> 
> If you are not the intended recipient of this email, please notify the sender 
> and
> delete it. 
> Any unauthorized copying, disclosure or distribution of this email or its
> attachment(s) is forbidden. 
> Thales Nederland BV will not accept liability for any damage caused by this 
> email or
> its attachment(s). 
> Thales Nederland BV is seated in Hengelo and is registered at the Chamber of
> Commerce under number 06061578.
> 
> 
> 
> 
> ___
> zeromq-dev mailing list
> zeromq-dev@lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
> 
___
zeromq-dev mailing list
zeromq-dev@lists.zeromq.org
http://lists.zeromq.org/mailman/listinfo/zeromq-dev

[zeromq-dev] ZeroMQ Curve Publish Subscribe

[LENFERINK Roy]

Hello everyone,

Currently I'm investigating the possibilities of ZeroMQ.

At the moment, I have created a publisher subscribe system with curve enabled.

This is the code I used to get it up and running (got it from Pieter hintjes 
his blog):
http://pastebin.com/LjV8aKLG

At the moment, the publisher is encrypting data with his private key and
different subscribers can decrypt the data using the publishers public key.
This is more 'authenticating' data than 'encrypting' data.

I would like to swap the keys, so, the publisher should encrypt the data
with his public key, and the subscribers should decrypt the data using
the private key of the publisher.

I have tested it with just loading the public key into the publishers program
and then load the private key into the subscribers program and apply this key 
to the
subscribers socket, but this is constantly giving me a message:
"CURVE I: cannot open client HELLO - wrong server key?"

Is it possible to use a public key for encrypting data (publisher socket) and
the private key for decrypting data (subscriber socket) with the architecture 
of ZeroMQ ?

Many thanks in advance,
Roy



Disclaimer:

If you are not the intended recipient of this email, please notify the sender 
and
delete it.
Any unauthorized copying, disclosure or distribution of this email or its
attachment(s) is forbidden.
Thales Nederland BV will not accept liability for any damage caused by this 
email or
its attachment(s).
Thales Nederland BV is seated in Hengelo and is registered at the Chamber of
Commerce under number 06061578.


___
zeromq-dev mailing list
zeromq-dev@lists.zeromq.org
http://lists.zeromq.org/mailman/listinfo/zeromq-dev