Login/Register
ZeroMQ securely over the internet
Asked Answered
rubysocketssslzeromq
W

2

9

I've been working with zeroMQ a bit and I want to be able to connect securely over the Internet. I'm in ruby and could use SSL and/or some sort of shh connection but cannot find any examples of how to do this.

I found this old stackoverflow link, How does zeromq work together with SSL? saying they were working on some sort of security, but that was a year ago and I can't find any new references.

Even if this isn't built into zeroMQ, I would assume that there would be some way to set this up with OpenSSL or something similar.

Note: zeroMQ website mentions using VPN or something if you want secure transport. I do not want to use VPN. There must be a better way.

Wineglass answered 21/10, 2012 at 1:2 Comment(3)
How about tunneling through SSH?Infielder
revsys.com/writings/quicktips/ssh-tunnel.htmlScarletscarlett
Ya, ssh tunnel will work and seems pretty straight forward. Just thought there might be a better, more standard way to do this with zeroMQWineglass
C
5

Similar to VPN, but much easier to setup:

  • encrypted tunnel with socat

Let's make each zeromq side connected locally to socat, and two socats connect with each other using encrypted channel.

Some links: [1], [2], [3], [4].

Ceporah answered 23/10, 2012 at 9:0 Comment(0)
S
5

Just wanted to add that since the question was asked, the ZMQ team developed, starting with ZeroMQ v4.0.0, the CurveZMQ protocol, which is an authentication and encryption protocol for ZeroMQ based on CurveCP and NaCl - fast, secure elliptic-curve crypto. This allows encrypted ZMQ message exchange, which would supposedly be secure over the internet.

For more details see Using ZeroMQ Security part 1. Some of the features that were added at the time are:

A new wire protocol, ZMTP 3.0, that adds a security handshake to all ZeroMQ connections.

A new security protocol, CurveZMQ, that implements "perfect forward security" between two ZeroMQ peers over a TCP connection. I'll explain CurveZMQ below.

A set of security mechanisms for ZMTP: NULL, PLAIN, and CURVE, each described by their own RFCs. NULL is essentially what we had before. PLAIN allows simple username and password authentication. CURVE implements the CurveZMQ protocol. [...]

For secure messaging over the internet, one would seek to implement, for example, the Ironhouse pattern. See part 2 for a description.

There are certainly Ruby implementations for this protocol, but I did not look for them.

If one is looking for Python implementations, one can look at these resources:

Slowly answered 1/4, 2020 at 15:10 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.