This project uses Blockchain and OpenPGP to create a decentralised registry of file verification data. The registry contains the hash of the file, a signature confirming the ownership and the public key of the owner or author of the file. The signature is generated using OpenPGP, and the network is assumed to be a decentralised blockchain, making the data on the network immutable.
Gnupg binary for your operating system.
I tested the python library gnupg in this simple script: /prototypes/gpg.py and from what I can tell it only seems to work with gpg1 or gnupg1 package. For reference this is the package that I used https://aur.archlinux.org/packages/gnupg1/ download a similar one for your OS.
You can also configure the path to the gpg binary via the environment variable GPG_BINARY
sqlite3 database for a quick start.
I use SQLite for testing the application but you can plugin any DB that you want using the environment variable SQLALCHEMY_DATABASE_URI on both the client and the API.
All of these variables have defaults, but if you want to use something else, please feel free to define the values for these environment variables and the code will pick them up.
If you don't know what enironement variables are or how to define them, then refer to this: Environment_variable#Assignment
Config file: src/api/config.py
This allows you to define which database program to use for the API and the path to the DB. Default: sqlite:///src/api/app.db
Config file: src/client/config.py
This allows you to define which database program to use for the Client and the path to the DB. Default: sqlite:///src/client/app.db
Using this you can define the path to the desired gpg binary to be used by the gnupg python library.
Default: /usr/bin/gpg1
Used for defining where the GPG key store (key database) is stored. This can be stored on another secure node rather than the client for more security, hence this option. Default: src/client/keys
This is the secret key used for generating CSRF tokens for forms. This is a security feature and I suggest that you use your own key. Default: "your-secret-key"
This defines the path to the folder where files are stored temporarily for processing (generating file hash) and then deleted right after that. This is for both adding and verifying a file. Default: src/client/uploads
There are two separate applications that need to be started for the whole system to work:
- API (Blockchain):
src/api - Client:
src/client
Navigate to the folders above in separate terminal windows. It is required to create a virtual environment for python before running the applications (for both directories):
$ python3 -m venv .venvActivate the virtual environment:
$ source .venv/bin/activateNOTE: Before processding make sure that the terminal prompt looks like this:
(.venv) $
Both the API and the Client come with three bash scripts:
setup.sh: installs the required python dependencies, configures flask and create database.run.sh: starts the application.clean.sh: deletes the database.
NOTE: the API application needs to be running for the Client to work as expected.
For a fresh setup run the ./setup.sh script followed by ./run.sh and the terminal output should look like this:
(.venv) $ ./run.sh
* Serving Flask app "blockAPI"
* Running on http://127.0.0.1:6000/ (Press CTRL+C to quit)(.venv) $ ./run.sh
* Serving Flask app "blockclient"
* Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)Once you have added a file, it is not automatically added to the blockchain. The chain needs to be mined, if you search for the file before mining it will not be found (404). For the purposes of this demo program the mining process has to be triggered manually. You can automate this later when you are running nodes to form consensus.
Generally you will have multiple files in the transaction pool ready to be mined and added to a block in the blockchain. But when you are testing you can call the following endpoint after adding the first file to test the verification mechanism after that.
For now you need to call the API endpoint: /api/mine
CURL
$ curl --location --request GET "http://localhost:6000/api/mine"Once you are done close the application with Ctrl + C and run the ./clean.sh script and finally, to exit the virtual environment:
(.venv) $ deactivate