msealand

zmq-zap

	debug = require('debug')('zmq-zap:examples:curve'),

// public / private key pairs used to encrypt the data

// The clientPublicKey is also used for authentication

var serverPublicKey = z85.decode('E&ahzm6FilM:*[[7G1Df!cd$}(Z8}=K!>#QwNrnn'),

	serverPrivateKey = z85.decode('a6*<Em>Zd^a4ENdsGp>MNZ8-PevbUblDfk(9NJA<'),

	clientPublicKey = z85.decode('(kW)UE2vR%M^!mp9LPJ]3%[o?Y-344U?#LKW8m>('),

	clientPrivateKey = z85.decode('Gzy#j=-mi{2iCF2vi]N?pketY7+cI*xc8YXRFjH1');

var serverPublicKey = serverKeypair.public,

	serverPrivateKey = serverKeypair.secret,

	clientPrivateKey = clientKeypair.secret;

// Tell it to use the CURVE mechanism for authentication

zap.use(new CurveMechanism(function(data, callback) {

	debug('Authenticating %s', JSON.stringify(data, true, 2));

	// This is where you'd check to see if you want to let the socket connect.

	// The CURVE mechanism lets you authenticate based on domain and address and a pre-exchanged publickey.

	// For this example, let sockets connect where the "server" is in the "test" domain and the "client"'s address is "127.0.0.1"

	if ((data.domain == 'test') && (data.address == "127.0.0.1")) {

		// and where the publickey matches the one we have for the client

		if (data.publickey == '(kW)UE2vR%M^!mp9LPJ]3%[o?Y-344U?#LKW8m>(') callback(null, true);

		if (data.publickey == clientPublicKey) callback(null, true);

// We'll use a router so that we can handle multiple requests at once

	// When we get a message, send it through to the ZAP handler

	zap.authenticate(arguments, function(err, response) {

		// Always send the response if the handler gives us one in the callback.

		// This should be done even if there is an error so that we don't block any sockets.

		if (response) zapSocket.send(response);

// The socket for the ZAP handler should be bound before creating any sockets that will use it.

// We'll use bindSync to make sure that the bind completes before we do anything else.

zapSocket.bindSync('inproc://zeromq.zap.01');

// Although ZMQ doesn't typically think of sockets as "server" or "client", the security mechanisms are different in that there should always be a "server" side that handles the authentication piece.

// Tell the socket that we want it to be a CURVE "server"

// Set the private key for the server so that it can decrypt messages (it does not need its public key)

// We'll also set a domain, but this is optional for the CURVE mechanism

// It'll look for a "hello" message and send back "world"

	    if (data == 'hello') rep.send('world');

// This will send a "hello" message once it connect and expect "world" back

// The example will exit after this receives a message

// Set the CURVE "client" public and private keys as well as the "server" public key

    if (data == 'world') debug('success!');

	else debug('unknown message: %s', data);

These examples use ØMQ directly and will need the [prerequisites](../README.md#prerequisites) installed.

Running the examples with debug output on might give a better idea of what's happening:

	zmq-zap:examples:null req connected +0ms

	zmq-zap:examples:null req hello sent +3ms

	zmq-zap:examples:null rep received hello +1ms

	zmq-zap:examples:null req received world +0ms

A basic example of using the NULL authentication mechanism to authenticate a socket using a domain and address with the req-rep pattern.

A basic example of using the PLAIN authentication mechanism to authenticate a socket using a domain, address, username, and password with the req-rep pattern.

A basic example of using the CURVE authentication mechanism to authenticate a socket using a domain, address, and public key and encrypt the data using [elliptic curve encryption](http://en.wikipedia.org/wiki/Elliptic_curve_cryptography) with the req-rep pattern.

See the source code in the file below for an example of how to generate CurveZMQ keypairs.

  "description": "ZeroMQ Authentication Protocol",

    "url": "https://github.com/msealand/zmq-zap.node.git"

  "author": "Michael Sealand <msealand@gmail.com>",

    "url": "https://github.com/msealand/zmq-zap.node/issues"

  "homepage": "https://github.com/msealand/zmq-zap.node",

		{
		"name": "zmq-zap",
		"version": "0.0.2",
		"version": "0.0.3",
		"description": "ZeroMQ Authentication Protocol",
		@@ -37,4 +37,4 @@ "main": "index.js",
		"z85": "~0.0.1",
		"debug": "~0.7.4"
		"debug": "~3.1.0"
		}
		}

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes

		@@ -9,8 +9,9 @@ var zmq = require('zmq'),
		// The clientPublicKey is also used for authentication
		var serverPublicKey = z85.decode('E&ahzm6FilM:*[[7G1Df!cd$}(Z8}=K!>#QwNrnn'),
		serverPrivateKey = z85.decode('a6*<Em>Zd^a4ENdsGp>MNZ8-PevbUblDfk(9NJA<'),
		clientPublicKey = z85.decode('(kW)UE2vR%M^!mp9LPJ]3%[o?Y-344U?#LKW8m>('),
		clientPrivateKey = z85.decode('Gzy#j=-mi{2iCF2vi]N?pketY7+cI*xc8YXRFjH1');
		var serverKeypair = zmq.curveKeypair(),
		clientKeypair = zmq.curveKeypair();
		var serverPublicKey = serverKeypair.public,
		serverPrivateKey = serverKeypair.secret,
		clientPublicKey = clientKeypair.public,
		clientPrivateKey = clientKeypair.secret;


		// Requires for ZAP handler
		@@ -34,3 +35,3 @@ var zmqzap = require('../'),
		// and where the publickey matches the one we have for the client
		if (data.publickey == '(kW)UE2vR%M^!mp9LPJ]3%[o?Y-344U?#LKW8m>(') callback(null, true);
		if (data.publickey == clientPublicKey) callback(null, true);
		else callback(null, false);
		@@ -37,0 +38,0 @@ }

		@@ -54,2 +54,4 @@ # Examples

		See the source code in the file below for an example of how to generate CurveZMQ keypairs.

		[curve.js](curve.js)