The ZeroMQ library uses a slightly modified CURVE protocoll in order to secure your messages against manipulation and eaves-dropping.
Building ZeroMQ with encryption support
The code in ZeroMQ implementing the CURVE protocol utilizes crypto primitives from the NaCL library, see https://nacl.cr.yp.to/ for detailed background.
However ZeroMQ does not use NaCL itself currently. The reason for this is that the build system of NaCL assumes that the machine building the code will be the machine running the code. NaCL targets for maximal performance at the cost of portability of the binary code.
Luckily there exist two libraries providing an API compatible to NaCL(at least for the subset ZeroMQ uses):
- libsodium: see https://libsodium.org/ by Frank Denis(and others)
- tweetnacl: see https://tweetnacl.cr.yp.to/ by the authors of NaCL: DJB, Lange, Schwab(and others)
ZeroMQ supports building with each of these two libraries. By default1 it will use tweetnacl, a copy of the required sources is embedded in the git repo.
If you enable libsodium the embedded files will not be used and instead the resulting library of ZeroMQ will be linked against the shared libsodium library.
Choosing between libsodium and tweetnacl
So now you have the choice between two implementation, here is a recommendation how to choose, based on a single critria:
If you plan to distribute your code in binary form: Use libsodium.
Motivation: It is easier to provide security updates if the security library is separated from other libraries.
The embedded copy of tweetnacl is provided in order to support for minimum hassle prototyping and to provide security by default if you build from source.
howto enable building with libsodium
- add the —with-libsodium switch to the configure script
- add the -DWITH_LIBSODIUM=ON switch to the cmake call.
- Place libsodium at this location ..\..\..\libsodium and run configure.bat
Written: 07 Mar 2016 10:42
Revised: 07 Mar 2016 12:11
If you found this page useful, please rate it up so others will find it.
Who's watching this page?Dominic Luciano
Fernando J Quintero
... and more