github.com/s7techlab/cckit@v0.10.5/extensions/encryption/README.md (about)

     1  # Hyperledger Fabric chaincode kit (CCKit) - Encryption extension
     2  
     3  Allows to encrypt all data in ledger. Based on [example](https://github.com/hyperledger/fabric/tree/master/examples/chaincode/go/enccc_example)
     4  
     5  
     6  ## Using ECDH for establishing secret key 
     7  
     8  ECDH (Elliptic curve Diffie-Hellman): both parties can establish a secret value by sending only the public key 
     9  of their ephemeral or static key pair to the other party. If the key pair of one of the parties is trusted by the other
    10  party then that key pair may also be used for authentication. 
    11  
    12   
    13  ## Flow of a CHAINCODE transaction 
    14  
    15  ### 1. Sending proposal from client to peer 
    16  
    17  The [proposal](https://github.com/hyperledger/fabric/blob/master/protos/peer/proposal.proto)  is basically a request to 
    18  do something on a [chaincode](https://github.com/hyperledger/fabric/blob/master/protos/peer/chaincode.proto), 
    19  that will result on some action - some change in the state of a chaincode and/or some data to be committed to the ledger.   
    20  
    21  ```
    22  SignedProposal
    23  |\_ Signature                                    (signature on the Proposal message by the creator specified in the header)
    24   \_ Proposal
    25      |\_ Header                                  
    26      |\_ ChaincodeProposalPayload             
    27      |   |\_ ChaincodeInvocationSpec
    28      |   |    \_ ChaincodeSpec
    29      |   |        |\_ Chaincode_id 
    30      |   |         \_ Input 
    31      |   |             \_ Args
    32      |    \_ TransiendMap
    33       \_ ChaincodeAction                          (the actions for this proposal - optional for a proposal)
    34  ```     
    35      
    36  Proposal contains:
    37      
    38       * `Signature` is a signature of the client over the Proposal.
    39       * `ChannelId` - name of the fabric channel that is the target of this transaction 
    40       * `ChaincodeName` and `ChaincodeVersion` - the name and version of the chaincode that is being invoked by this proposal.
    41       * `TxId` -  the transaction identifier, computed as the hash of SignatureHeader.
    42       * `Creator` - is the serialized identity of the client.
    43       * `Nonce` - an array of random bytes.
    44       * `Args` - the set of arguments for this chaincode invocation.
    45      
    46       
    47  > For encrypting data can be used contents of `Trasient Map` field - data (e.g. cryptographic material) that might be used to implement 
    48  some form of application-level confidentiality. 
    49  
    50  > The contents of this field are supposed to always be omitted from the transaction and
    51  excluded from the ledger.
    52  
    53  
    54  
    55  ### 2. Peer sends proposal response back to client
    56  
    57  The proposal response contains an endorser's response to a client's proposal. A proposal response contains a success/error code, 
    58  a response payload and a signature (also referred to as endorsement) over the response payload.
    59  
    60  The response payload contains a hash of the proposal (to securely link this response to the corresponding proposal) 
    61  and an opaque extension field that depends on the type specified in the header of the corresponding proposal. A
    62  proposal response contains the following messages:
    63  
    64  ```
    65  ProposalResponse
    66  |\_ Endorsement                                  (the endorser's signature over the whole response payload)
    67   \_ ProposalResponsePayload                      (the payload of the proposal response)
    68  ```
    69  
    70  ### 3. Client assembles endorsements into a transaction
    71   
    72  A transaction message assembles one or more proposals and corresponding responses into a message to be sent to orderers. 
    73  After ordering, (batches of) transactions are delivered to committing peers for validation and final delivery into the ledger. 
    74  A transaction contains one or more actions. Each of them contains a header (same as that of the proposal that requested it) 
    75  and an opaque payload that depends on the type specified in the header.
    76  
    77  ```
    78  SignedTransaction
    79  |\_ Signature                                    (signature on the Transaction message by the creator specified in the header)
    80   \_ Transaction
    81       \_ TransactionAction (1...n)
    82          |\_ Header (1)                           (the header of the proposal that requested this action)
    83           \_ Payload (1)                          (the payload for this action)
    84  ```
    85  
    86  
    87  ## Chaincode state encryption 
    88  
    89  Encrypter entity from [chaincode/shim/entities](https://github.com/hyperledger/fabric/tree/master/core/chaincode/shim/ext/entities) 
    90  package is capable of performing AES 256 bit encryption using PKCS#7 padding.
    91  Optionally, the IV can be provided in which case it is used during the encryption; othjerwise, a random one is generated.