hyperledger-labs / blockchain-carbon-accounting

This project implements blockchain applications for climate action and accounting, including emissions calculations, carbon trading, and validation of climate claims. It is part of the Linux Foundation's Hyperledger Climate Action and Accounting SIG.
https://wiki.hyperledger.org/display/CASIG/Carbon+Accounting+and+Certification+WG
Apache License 2.0
195 stars 104 forks source link

Sign Transactions Offline - fabric-node-sdk #11

Closed udosson closed 3 years ago

udosson commented 4 years ago
  1. Test the following tutorial locally
  2. Implement functionality in REST API
sichen1234 commented 4 years ago

Sounds good. Please let me know how it goes.

sichen1234 commented 4 years ago

@udosson Should we still work on this? Or do your suggestions for trustID make this unnecessary now?

udosson commented 4 years ago

@opentaps I would leave this issue open as at the moment I don't know much about trustID and if it's production-ready (which I don't think). Hopefully, we can gather more information about trustID during the Open Climate Collabathon. And still, signing transactions offline in a kind of wallet app is the way to go if we want to move the user authentication away from the REST API/Frontend layer. If we think of a generic wallet we could just switch the crypto material we use to sign the transaction - fabric private key vs. SSI credential/identity.

sichen1234 commented 4 years ago

Ok sounds good.

Si Chen Open Source Strategies, Inc.

Video: Fighting Climate Change with Blockchain and Open Source https://youtu.be/NgxNWXa_IjE

On Fri, Nov 13, 2020 at 12:02 PM Robin Klemens notifications@github.com wrote:

@opentaps https://github.com/opentaps I would leave this issue open as at the moment I don't know much about trustID and if it's production-ready (which I don't think). Hopefully, we can gather more information about trustID during the Open Climate Collabathon. And still, signing transactions offline in a kind of wallet app is the way to go if we want to move the user authentication away from the REST API/Frontend layer. If we think of a generic wallet we could just switch the crypto material we use to sign the transaction - fabric private key vs. SSI credential/identity.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/opentaps/blockchain-carbon-accounting/issues/11#issuecomment-727003721, or unsubscribe https://github.com/notifications/unsubscribe-auth/AANAS4MC2RJWONKMC3N3OM3SPWGE7ANCNFSM4RBSHFFA .

brioux commented 3 years ago

I was able to reproduce offline private key signing using on a fabric test-network. I'll look into integrating the js funcitons I put together for offline signing into the REST API of the utility emissions channel.

brioux commented 3 years ago

Here is a small demo replicating the tutorial for offline signing. https://github.com/brioux/fabric-client-signer

  1. CA on Node Server registers users and opens gateway to fabric network.

  2. Browser requests server to generate either an endorsement proposal or query request.

  3. This is passed back to browser for signing with offline key.

  4. signatures are returned to server to either

    • send proposal and return a commit request.
    • Query is submitted to server and returns results

Commits are signed again by browser and sent back to gateway.

The first step when server opens gateway for client is currently done with local filesystem storage of X.509 identity with private key. Trying to instant I ate the gateway using only offline private key.

sichen1234 commented 3 years ago

Thanks for showing us this today. This issue is now completed. We'll move on to integrating with the Vault and HSM in #232