zmq_curve - secure authentication and confidentiality
The CURVE mechanism defines a mechanism for secure authentication and
confidentiality for communications between a client and a server. CURVE is
intended for use on public networks. The CURVE mechanism is defined by this
A socket using CURVE can be either client or server, at any moment, but not
both. The role is independent of bind/connect direction.
A socket can change roles at any point by setting new options. The role affects
all zmq_connect and zmq_bind calls that follow it.
To become a CURVE server, the application sets the ZMQ_CURVE_SERVER option on
the socket, and then sets the ZMQ_CURVE_SECRETKEY option to provide the socket
with its long-term secret key. The application does not provide the socket
with its long-term public key, which is used only by clients.
To become a CURVE client, the application sets the ZMQ_CURVE_SERVERKEY option
with the long-term public key of the server it intends to connect to, or
accept connections from, next. The application then sets the
ZMQ_CURVE_PUBLICKEY and ZMQ_CURVE_SECRETKEY options with its client long-term
If the server does authentication it will be based on the client’s long
term public key.
The standard representation for keys in source code is either 32 bytes of base
256 (binary) data, or 40 characters of base 85 data encoded using the Z85
algorithm defined by http://rfc.zeromq.org/spec:32
The Z85 algorithm is designed to produce printable key strings for use in
configuration files, the command line, and code. There is a reference
implementation in C at https://github.com/zeromq/rfc/tree/master/src
For test cases, the client shall use this long-term key pair (specified as
hexadecimal and in Z85):
And the server shall use this long-term key pair (specified as hexadecimal and
This page was written by the 0MQ community. To make a change please read the 0MQ
Contribution Policy at http://www.zeromq.org/docs:contributing