Building ZeroMQ with encryption support


The ZeroMQ library uses a slightly modified CURVE protocoll in order to secure your messages against manipulation and eaves-dropping.

See and for detailed background.

Building ZeroMQ with encryption support

The code in ZeroMQ implementing the CURVE protocol utilizes crypto primitives from the NaCL library, see for detailed background.

However ZeroMQ does not use NaCL itself currently. The reason for this is that the build system of NaCL assumes that the machine building the code will be the machine running the code. NaCL targets for maximal performance at the cost of portability of the binary code.

Luckily there exist two libraries providing an API compatible to NaCL(at least for the subset ZeroMQ uses):

ZeroMQ supports building with each of these two libraries. By default1 it will use tweetnacl, a copy of the required sources is embedded in the git repo.

If you enable libsodium the embedded files will not be used and instead the resulting library of ZeroMQ will be linked against the shared libsodium library.

Choosing between libsodium and tweetnacl

So now you have the choice between two implementation, here is a recommendation how to choose, based on a single critria:

If you plan to distribute your code in binary form: Use libsodium.

Motivation: It is easier to provide security updates if the security library is separated from other libraries.

The embedded copy of tweetnacl is provided in order to support for minimum hassle prototyping and to provide security by default if you build from source.

howto enable building with libsodium


  • add the —with-libsodium switch to the configure script


  • add the -DWITH_LIBSODIUM=ON switch to the cmake call.


  • Place libsodium at this location ..\..\..\libsodium and run configure.bat