Connect to a server with curve server key only

[csampaio26]

Is it possible to connect to a zmq server with only CURVE_SERVERKEY?
The key is similar to "masdasdasdsadasdQWEqwedsa2+BrhQ=" and im trying to use it to connect to a zmq server

self.socket.setsockopt(zmq.CURVE_SERVERKEY, z85.encode(base64.b64decode(self.server_public_key)))

It gives me no error and it doesnt connect.

[minrk]

This isn't a pyzmq issue, but I believe you still need to set a private and public in order to send encrypted messages. That means also setting zmq.CURVE_SECRETKEY and zmq.CURVE_PUBLICKEY. The values aren't important, so they can be generated each time, e.g. from zmq.curve_keypair().

Failure to authenticate with zmq generally means just silently not connecting (as if the peer is not there) rather than error, because zmq connect is async there's nowhere to raise.

[csampaio26]

@minrk It still doesnt work. In c# I just use

requestSocket.Options.CurveServerKey = Convert.FromBase64String(_zmqCurvePublicKey); requestSocket.Options.CurveCertificate = new NetMQCertificate();

I though doing the same here would work also.

I have changed it to

self.socket.setsockopt(zmq.CURVE_SERVERKEY, base64.b64decode(self.server_public_key))

sender_public, sender_secret = zmq.curve_keypair()

self.socket.setsockopt(zmq.CURVE_SECRETKEY, sender_secret)

self.socket.setsockopt(zmq.CURVE_PUBLICKEY, sender_public)

[minrk]

I'm not sure. That certainly looks right.

Here's an example that works (all in Python). Maybe it will help you debug:

from threading import Thread

import zmq

server_public, server_private = zmq.curve_keypair()

url = "tcp://127.0.0.1:5555"

def server():
    with zmq.Context() as ctx:
        with ctx.socket(zmq.ROUTER) as s:
            s.curve_secretkey = server_private
            s.curve_publickey = server_public
            s.curve_server = 1
            s.rcvtimeo = 3000 # give up after 3 seconds
            s.bind(url)
            msg = s.recv_multipart()
            print(f"server: received {msg[1:]} from {msg[0]}")
            s.send_multipart([msg[0], b"ack"])

def client():
    client_public, client_private = zmq.curve_keypair()

    with zmq.Context() as ctx:
        with ctx.socket(zmq.DEALER) as s:
            s.curve_secretkey = client_private
            s.curve_publickey = client_public
            s.curve_serverkey = server_public
            s.linger = 0
            s.rcvtimeo = 3000 # give up after 3 seconds
            s.connect(url)
            msg = [b"hello"]
            print(f"client: sending {msg}")
            s.send_multipart(msg)
            reply = s.recv_multipart()
            print(f"client: received {reply}")

# start server
t = Thread(target=server, daemon=True)
t.start()
# start client
client()
# wait for server cleanup
t.join()

The only thing I can think of is possible inconsistencies in base64 handling (you might show the actual bytes to compare - curve keys are already z85-encoded, so double-encoding them with base64 is unusual since they are valid ASCII already), or making sure to set all the curve parameters before calling connect/bind.