This integration is currently not supported due to the end of life of oqs-openssl111. Feel free to vote this back into supported state by visiting the discussion on the topic.
This directory contains a Dockerfile that builds Mosquitto with the OQS OpenSSL 1.1.1 fork, which allows Mosquitto to negotiate quantum-safe keys and use quantum-safe authentication in TLS 1.3.
Work to further experiment with the quantum-safe algorithms using the MQTT protocol is ongoing. Questions, comments, corrections, improvements, and other contributions are welcome, e.g., via issues to this project.
Thanks,
--Chia-Chin Chung
Eclipse Mosquitto is an open source (EPL/EDL licensed) message broker that implements the MQTT protocol versions 5.0, 3.1.1 and 3.1. Mosquitto is lightweight and is suitable for use on all devices from low power single board computers to full servers.
The MQTT protocol provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for Internet of Things messaging such as with low power sensors or mobile devices such as phones, embedded computers or microcontrollers.
The following provides some introduction to Mosquitto:
- Introduction: Beginners Guide To The MQTT Protocol
- Usage: Mosquitto MQTT Broker, Using The Mosquitto_pub and Mosquitto_sub MQTT Client Tools- Examples
- Man pages: Mosquitto Man Pages
Install Docker and run the following simplified commands in this directory:
docker build -t oqs-mosquitto-img .This will generate the image with a default QSC algorithm (key exchange: kyber512, authentication: dilithium2 -- see Dockerfile to change).docker run -it --rm --name oqs-mosquitto -p 8883:8883 oqs-mosquitto-img
This will start a docker container that has mosquitto MQTT broker listening for TLS 1.3 connections on port 8883.
Complete information on how to use the image is available in the separate file USAGE.md.
The Dockerfile allows for significant customization of the built image:
This defines the resultant location of the OQS-OpenSSL, liboqs and Mosquitto installatiions.
By default this is '/usr/local/src'.
This defines the resultant location of the OQS-OpenSSL library installatiion.
By default this is '/usr/local/ssl'.
This permits changing the build options for the underlying library with the quantum safe algorithms. All possible options are documented here.
By default, the image is built such as to have maximum portability regardless of CPU type and optimizations available, i.e. to run on the widest possible range of cloud machines.
This permits changing the build options for the underlying openssl library containing the quantum safe algorithms.
The default setting defines a range of default algorithms suggested for key exchange. For more information see the documentation.
This defines the quantum-safe cryptographic key exchange algorithm.
The default value is 'kyber512', but this value can be set to any value documented here.
This defines the quantum-safe cryptographic signature algorithm for the internally generated server and client certificates.
The default value is 'dilithium2' but can be set to any value documented here.
This defines the IP address(or Domain Name) of the Mosquitto MQTT broker.
By default this is 'localhost'.
This defines the IP address(or Domain Name) of the Mosquitto MQTT publisher.
By default this is 'localhost'.
This defines the IP address(or Domain Name) of the Mosquitto MQTT subscriber.
By default this is 'localhost'.
This defines which shell script to use. There are three shell scripts(broker-start.sh, publisher-start.sh, and subscriber-start.sh) that can be used in this directory.
By default this is 'broker-start.sh'.
All modifications to this repository are released under the same terms as OpenSSL, namely as described in the file LICENSE.