Commit 71b423ae authored by Richard Newton's avatar Richard Newton

Merge pull request #717 from hintjens/master

Clarified use of secret/public keys
parents 1f85ed06 87718c61
...@@ -624,8 +624,9 @@ linkzmq:zmq_curve[7]. A value of '1' means the socket will act as ...@@ -624,8 +624,9 @@ linkzmq:zmq_curve[7]. A value of '1' means the socket will act as
CURVE server. A value of '0' means the socket will not act as CURVE CURVE server. A value of '0' means the socket will not act as CURVE
server, and its security role then depends on other option settings. server, and its security role then depends on other option settings.
Setting this to '0' shall reset the socket security to NULL. When you Setting this to '0' shall reset the socket security to NULL. When you
set this you must also set both the public and secret keys using the set this you must also set the server's secret key using the
ZMQ_CURVE_PUBLICKEY and ZMQ_CURVE_SECRETKEY options. ZMQ_CURVE_SECRETKEY option. A server socket does not need to know
its own public key.
[horizontal] [horizontal]
Option value type:: int Option value type:: int
...@@ -637,14 +638,11 @@ Applicable socket types:: all, when using TCP transport ...@@ -637,14 +638,11 @@ Applicable socket types:: all, when using TCP transport
ZMQ_CURVE_PUBLICKEY: Set CURVE public key ZMQ_CURVE_PUBLICKEY: Set CURVE public key
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sets the socket's long term public key. You must set this on both CURVE Sets the socket's long term public key. You must set this on CURVE client
client and server sockets, see linkzmq:zmq_curve[7]. You can provide the sockets, see linkzmq:zmq_curve[7]. You can provide the key as 32 binary
key as 32 binary bytes, or as a 40-character string encoded in the Z85 bytes, or as a 40-character string encoded in the Z85 encoding format.
encoding format. For servers, the public key must be persisted and The public key must always be used with the matching secret key. To
shared through some unspecified but secure mechanism to clients. The generate a public/secret key pair, use linkzmq:zmq_curve_keypair[3].
public key must always be used with the matching secret key generated
at the same time. To generate a public/secret key pair, use the
tools/curve_keygen tool.
[horizontal] [horizontal]
Option value type:: binary data or Z85 text string Option value type:: binary data or Z85 text string
...@@ -659,7 +657,8 @@ ZMQ_CURVE_SECRETKEY: Set CURVE secret key ...@@ -659,7 +657,8 @@ ZMQ_CURVE_SECRETKEY: Set CURVE secret key
Sets the socket's long term secret key. You must set this on both CURVE Sets the socket's long term secret key. You must set this on both CURVE
client and server sockets, see linkzmq:zmq_curve[7]. You can provide the client and server sockets, see linkzmq:zmq_curve[7]. You can provide the
key as 32 binary bytes, or as a 40-character string encoded in the Z85 key as 32 binary bytes, or as a 40-character string encoded in the Z85
encoding format. encoding format. To generate a public/secret key pair, use
linkzmq:zmq_curve_keypair[3].
[horizontal] [horizontal]
Option value type:: binary data or Z85 text string Option value type:: binary data or Z85 text string
...@@ -674,7 +673,7 @@ ZMQ_CURVE_SERVERKEY: Set CURVE server key ...@@ -674,7 +673,7 @@ ZMQ_CURVE_SERVERKEY: Set CURVE server key
Sets the socket's long term server key. You must set this on CURVE client Sets the socket's long term server key. You must set this on CURVE client
sockets, see linkzmq:zmq_curve[7]. You can provide the key as 32 binary sockets, see linkzmq:zmq_curve[7]. You can provide the key as 32 binary
bytes, or as a 40-character string encoded in the Z85 encoding format. bytes, or as a 40-character string encoded in the Z85 encoding format.
This key must be the same as the public key set on the server socket. This key must have been generated together with the server's secret key.
[horizontal] [horizontal]
Option value type:: binary data or Z85 text string Option value type:: binary data or Z85 text string
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment