Re: [mosquitto-dev] Proposal: Enhancing Mosquitto with Symmetric Key Pay

[Frédéric Desbiens <frederic.desbiens@xxxxxxxxxxxxxxxxxxxxxx>]

Hi Tim.

Thank you for reaching out!

I manage Embedded and IoT programs at the Foundation. Nice to meet you! 

The process is fairly simple, but may vary depending on the Eclipse project you wish to contribute to. I will describe it at a high level.

1. Check whether the project team is interested in your contribution. This email will do quite nicely.
2. If the project team is interested, please create an Eclipse Foundation account and sign our contributor agreement. You can find the details here: https://www.eclipse.org/legal/eca/. One important detail: ensure the email address associated with your Eclipse account matches the one used to sign your commits.
3. Submit one or several PRs with your contributions. I think it would be a good idea to ask the project lead (Roger Light) what the team's preferences are in that department.
4. Continue to contribute! After building a history of merged pull requests, you may become eligible to be elected as a committer on the project.

I support the project team, but I am not part of it; I will let Roger and the other team members consider the merits of your potential contribution. They are the ones deciding whether a contribution will be accepted or not.

If you have other pieces of code you would like to open source, you could also start your very own Eclipse projet(s). The two of us can hop on a call if you want to learn more about this or about membership in the Eclipse Foundation and its IoT working group.

Lastly, I am also the project lead for Eclipse ThreadX, the only open source RTOS certified for safety-critical applications. We are looking for contributors — and I am obviously part of *that* team.

I hope this helps.

Best Regards,

Frédéric DESBIENS

Project Lead | Eclipse ThreadX  

Senior Manager — Embedded and IoT | Eclipse Foundation

Mastodon: @fdesbiens@xxxxxxxxxxxxxxxxxxxxx

Eclipse Foundation: The Community for Open Innovation and Collaboration

On Tue, 10 Jun 2025 at 08:19, Tim Dhillon via mosquitto-dev <mosquitto-dev@xxxxxxxxxxx> wrote:

I work for a startup called Blue mesh Solutions.

I’ve developed a new library that provides symmetric key encryption (with a default minimum of 1024 bits). I've successfully integrated this library directly into the Mosquitto source code, creating a modified Mosquitto broker and accompanying library.

This enhancement offers the following key capabilities:

• End-to-End Payload Encryption: Message payloads are encrypted end-to-end, ensuring confidentiality between the publishing client and the subscribing client.
• Topic Encryption: In addition to payload encryption, the MQTT topic itself is also encrypted.
• Flexible Security Layers: This encryption can be used in two primary ways:
  • Double-Wrapped Security: It can be layered on top of existing TLS connections, providing an additional robust layer of encryption.
  • Resource-Constrained Devices: Alternatively, for devices where TLS overhead is prohibitive, this library offers a viable encryption solution without requiring full TLS implementation.

I believe this feature would be a valuable addition to the Mosquitto core source. It addresses critical security needs, particularly for sensitive data and in environments with limited resources.

Would there be interest in incorporating this enhancement into the official Mosquitto source? If so, what would be the process for proposing this, and who typically makes the final decision on such contributions?

Thanks

Tim

_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev