All Articles

Pieter Hintjens is a writer, programmer and thinker who has spent decades building large software systems and on-line communities, which he describes as "Living Systems". He is an expert in distributed computing, having written over 30 protocols and distributed software systems. He designed AMQP in 2004, and founded the ZeroMQ free software project in 2007.

He is the author of the O'Reilly ZeroMQ book, "Culture and Empire", "The Psychopath Code", "Social Architecture", and "Confessions of a Necromancer." In April 2016 he was diagnosed with terminal metastasis of a previous cancer.

0_look.png

Using ZeroMQ Security (part 2)
In the previous article I gave an overview of how and why ZeroMQ's security layers work. In this article I'll develop a simple secure application, step by step. We'll use a simple example of a server PUSH socket sending "Hello" to a client PULL socket. We'll work through the ZeroMQ NULL, PLAIN, and CURVE security mechanisms, up to full authentication. The examples are in C but the principles apply to all languages.

date.png19 Sep 2013 21:07 | comments.png 15 Comments | 0
look.png

Using ZeroMQ Security (part 1)
In this series of articles I'll explain how to use the new ZeroMQ security layers in your applications. The example we'll make is a chat application that provides unbreakable strong security. In this first article, I'll explain more about ZeroMQ's security technology, how it works, and why we chose it. (Read part 2.)

date.png12 Sep 2013 09:17 | comments.png 0 Comments | 0
compose.png

Securing ZeroMQ: Circus Time
Thanks to the quiet but persistent work of Martin Hurton, the master branch of libzmq, the ZeroMQ core library, now "does security". In this last article in the mini-series, "Securing ZeroMQ", I'll explain what we built, and why, and how this can work for your ZeroMQ applications.

date.png04 Jul 2013 16:59 | comments.png 1 Comments | 0
chat3.png

Securing ZeroMQ: draft ZMTP v3.0 Protocol
In the previous article in this series, "Securing ZeroMQ", I showed a proof-of-concept for CurveZMQ. Now we're moving that into the ZeroMQ protocol, ZMTP. It's not a small change. You can't just sprinkle security over a protocol like chocolate chips onto pancakes. It means a new protocol, and this gives us a chance to address other problems with ZMTP. The result is ZMTP v3.0. In this article I'll explain ZMTP v3.0. If you never read the 1.0 or 2.0 spec, don't worry, I'll cover those briefly too.

date.png14 Apr 2013 11:15 | comments.png 0 Comments | 0
battery_power.png

Securing ZeroMQ: CurveZMQ protocol and implementation
This week, we flesh out the basics of our CurveCP-derived protocol, with an implementation in C that I'm calling CurveZMQ. In this article I'll explain what this simple but powerful security protocol looks like. The code here will already work over 0MQ sockets but our next stage is to move this into libzmq itself, for all sockets over tcp:// and ipc://. So stay tuned!

date.png22 Mar 2013 22:19 | comments.png 0 Comments | 0
magic.png

Securing ZeroMQ: the Sodium Library
Marc Falzon (@falzm) pointed me to libsodium, aka Sodium, a repackaging of the NaCl library. The Sodium README says that it's, "tested on a variety of compilers and operating systems, including Windows, iOS and Android," and "tests and benchmarks will be performed at run-time, so that the same binary package can still run everywhere." This fixes the biggest problem with NaCl, which is that it optimizes at compile-time, so you can't ship it in binaries. Today I tried Sodium, and here are the results of my tests.

date.png12 Mar 2013 10:48 | comments.png 0 Comments | 0
lock_closed.png

Securing ZeroMQ: CurveCP and NaCl
One of the biggest user requests for ØMQ is a good security layer. Mainstream options like TLS/SSL are complex, slow and designed for web browsing, not high-speed messaging. In this article I'll present CurveCP, one of the most exciting security developments in recent years. It's part of the NaCl networking and cryptography library and looks perfectly suited to ØMQ. To demonstrate this, I've made a "Hello World" proof of concept that shows an authenticated, confidential connection from one client to one server, over ØMQ.

date.png11 Mar 2013 21:29 | comments.png 2 Comments | 0
rss icon RSS feed
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License