github.com/s7techlab/cckit@v0.10.5/extensions/encryption/README.md (about) 1 # Hyperledger Fabric chaincode kit (CCKit) - Encryption extension 2 3 Allows to encrypt all data in ledger. Based on [example](https://github.com/hyperledger/fabric/tree/master/examples/chaincode/go/enccc_example) 4 5 6 ## Using ECDH for establishing secret key 7 8 ECDH (Elliptic curve Diffie-Hellman): both parties can establish a secret value by sending only the public key 9 of their ephemeral or static key pair to the other party. If the key pair of one of the parties is trusted by the other 10 party then that key pair may also be used for authentication. 11 12 13 ## Flow of a CHAINCODE transaction 14 15 ### 1. Sending proposal from client to peer 16 17 The [proposal](https://github.com/hyperledger/fabric/blob/master/protos/peer/proposal.proto) is basically a request to 18 do something on a [chaincode](https://github.com/hyperledger/fabric/blob/master/protos/peer/chaincode.proto), 19 that will result on some action - some change in the state of a chaincode and/or some data to be committed to the ledger. 20 21 ``` 22 SignedProposal 23 |\_ Signature (signature on the Proposal message by the creator specified in the header) 24 \_ Proposal 25 |\_ Header 26 |\_ ChaincodeProposalPayload 27 | |\_ ChaincodeInvocationSpec 28 | | \_ ChaincodeSpec 29 | | |\_ Chaincode_id 30 | | \_ Input 31 | | \_ Args 32 | \_ TransiendMap 33 \_ ChaincodeAction (the actions for this proposal - optional for a proposal) 34 ``` 35 36 Proposal contains: 37 38 * `Signature` is a signature of the client over the Proposal. 39 * `ChannelId` - name of the fabric channel that is the target of this transaction 40 * `ChaincodeName` and `ChaincodeVersion` - the name and version of the chaincode that is being invoked by this proposal. 41 * `TxId` - the transaction identifier, computed as the hash of SignatureHeader. 42 * `Creator` - is the serialized identity of the client. 43 * `Nonce` - an array of random bytes. 44 * `Args` - the set of arguments for this chaincode invocation. 45 46 47 > For encrypting data can be used contents of `Trasient Map` field - data (e.g. cryptographic material) that might be used to implement 48 some form of application-level confidentiality. 49 50 > The contents of this field are supposed to always be omitted from the transaction and 51 excluded from the ledger. 52 53 54 55 ### 2. Peer sends proposal response back to client 56 57 The proposal response contains an endorser's response to a client's proposal. A proposal response contains a success/error code, 58 a response payload and a signature (also referred to as endorsement) over the response payload. 59 60 The response payload contains a hash of the proposal (to securely link this response to the corresponding proposal) 61 and an opaque extension field that depends on the type specified in the header of the corresponding proposal. A 62 proposal response contains the following messages: 63 64 ``` 65 ProposalResponse 66 |\_ Endorsement (the endorser's signature over the whole response payload) 67 \_ ProposalResponsePayload (the payload of the proposal response) 68 ``` 69 70 ### 3. Client assembles endorsements into a transaction 71 72 A transaction message assembles one or more proposals and corresponding responses into a message to be sent to orderers. 73 After ordering, (batches of) transactions are delivered to committing peers for validation and final delivery into the ledger. 74 A transaction contains one or more actions. Each of them contains a header (same as that of the proposal that requested it) 75 and an opaque payload that depends on the type specified in the header. 76 77 ``` 78 SignedTransaction 79 |\_ Signature (signature on the Transaction message by the creator specified in the header) 80 \_ Transaction 81 \_ TransactionAction (1...n) 82 |\_ Header (1) (the header of the proposal that requested this action) 83 \_ Payload (1) (the payload for this action) 84 ``` 85 86 87 ## Chaincode state encryption 88 89 Encrypter entity from [chaincode/shim/entities](https://github.com/hyperledger/fabric/tree/master/core/chaincode/shim/ext/entities) 90 package is capable of performing AES 256 bit encryption using PKCS#7 padding. 91 Optionally, the IV can be provided in which case it is used during the encryption; othjerwise, a random one is generated.