Add security: authentication and encryption by BenediktBurger · Pull Request #75 · pymeasure/leco-protocol

BenediktBurger · 2026-04-24T15:13:22Z

Addresses #72

BenediktBurger · 2026-05-06T09:55:03Z

+    A security mode using CurveZMQ (RFC 50) for authentication and encryption based on Curve25519 key pairs, see {doc}`security`.
+
+Security mode
+    The security configuration of a LECO Network, either `NONE` (no security) or `CURVE` (authenticated and encrypted), see {ref}`security.md#security-modes`.


Has to be changed, as #80 has been merged. Does {doc} still work?

BenediktBurger · 2026-05-06T09:56:32Z

+:::{mermaid}
+sequenceDiagram
+    participant CA as Component A
+    participant Co as N1.COORDINATOR
+    Note over CA,Co: CURVE mode handshake
+    CA ->> Co: ZMQ CURVE handshake (client_secret + server_public)
+    Note right of Co: ZAP validates client public key
+    alt Handshake succeeds
+        Co -->> CA: Handshake OK
+        CA ->> Co: V|COORDINATOR|CA|H|sign_in
+        Co ->> CA: V|N1.CA|N1.COORDINATOR|H|result
+    else Unauthorized key
+        Co -->> CA: Connection rejected (ZAP)
+        Note right of Co: Log: "CURVE auth failed for [key hash]"
+    else Wrong server key
+        CA -->> Co: Handshake fails
+        Note left of CA: Log: "CURVE handshake failed"
+    end
+:::


Suggested change

:::{mermaid}

sequenceDiagram

participant CA as Component A

participant Co as N1.COORDINATOR

Note over CA,Co: CURVE mode handshake

CA ->> Co: ZMQ CURVE handshake (client_secret + server_public)

Note right of Co: ZAP validates client public key

alt Handshake succeeds

Co -->> CA: Handshake OK

CA ->> Co: V|COORDINATOR|CA|H|sign_in

Co ->> CA: V|N1.CA|N1.COORDINATOR|H|result

else Unauthorized key

Co -->> CA: Connection rejected (ZAP)

Note right of Co: Log: "CURVE auth failed for [key hash]"

else Wrong server key

CA -->> Co: Handshake fails

Note left of CA: Log: "CURVE handshake failed"

end

:::

```mermaid

sequenceDiagram

participant CA as Component A

participant Co as N1.COORDINATOR

Note over CA,Co: CURVE mode handshake

CA ->> Co: ZMQ CURVE handshake (client_secret + server_public)

Note right of Co: ZAP validates client public key

alt Handshake succeeds

Co -->> CA: Handshake OK

CA ->> Co: V|COORDINATOR|CA|H|sign_in

Co ->> CA: V|N1.CA|N1.COORDINATOR|H|result

else Unauthorized key

Co -->> CA: Connection rejected (ZAP)

Note right of Co: Log: "CURVE auth failed for [key hash]"

else Wrong server key

CA -->> Co: Handshake fails

Note left of CA: Log: "CURVE handshake failed"

end

```

see #80

BenediktBurger mentioned this pull request Apr 24, 2026

Add optional signatures for verification #72

Open

Add security: authentication and encryption

285aa85

BenediktBurger force-pushed the add-security branch from fc6c4f0 to 285aa85 Compare April 27, 2026 15:18

BenediktBurger commented May 6, 2026

View reviewed changes

BenediktBurger mentioned this pull request May 7, 2026

Add security pymeasure/pyleco#150

Draft

1 task

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add security: authentication and encryption#75

Add security: authentication and encryption#75
BenediktBurger wants to merge 1 commit into
mainfrom
add-security

BenediktBurger commented Apr 24, 2026

Uh oh!

BenediktBurger May 6, 2026

Uh oh!

BenediktBurger May 6, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

BenediktBurger commented Apr 24, 2026

Uh oh!

BenediktBurger May 6, 2026

Choose a reason for hiding this comment

Uh oh!

BenediktBurger May 6, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant