Java Parity Secret Store Library

Secret Store client Library (Java) nevermined.io

Table of Contents

• secret-store-client-java
  • Table of Contents
  • Features
  • Technical Details
  • Pre-requisites
  • API
    • Installing the library
    • Publishing Documents
    • Decrypting Documents
  • On-chain Permissions
  • Links
  • License

Features

This library allows to encrypt & decrypt secrets using the Parity EVM and Secret Store components. The library exposes 2 main objects to do that (PublisherWorker & ConsumerWorker).

The PublisherWorker class, given a document id and the content of a document, encrypts the document, store the decryption keys in the distributed vault (Secret Store) and return the encrypted document.

The ConsumerWorker class, given a document id and the encrypted document, decrypt the document using the keys stored in the secret store.

Technical Details

From the Parity Secret Store documentation page:

The Parity Secret Store is core technology that enables:

• distributed elliptic curve (EC) key pair generation - key is generated by several parties using special cryptographic protocol, so that:
  • private key portion remains unknown to every single party;
  • public key portion could be computed on every party and could be safely exposed to external entities;
  • every party hold the ‘share’ of the private key;
  • any subset of t+1 parties could unite to restore the private portion of the key;
  • any subset of less than t+1 parties could not restore the private portion of the key;
• distributed key storage - private key shares are stored separately by every party and are never exposed neither to another parties, nor to external entities;
• threshold retrieval according to blockchain permissions - all operations that are requiring private key, require at least t+1 parties to agree on ‘Permissioning contract’ state.

Pre-requisites

If you want to run this locally you need the following:

• A URL to a Secret Store node (you can run it locally too)
• A URL to an instance of the Parity EVM client (you should run it locally)
• Consumer and Publisher ethereum accounts
• JVM >= 8

API

Installing the library

Typically in Maven you could add the dependency:

<dependency>
  <groupId>io.nevermined</groupId>
  <artifactId>secretstore-client</artifactId>
  <version>0.1.0</version>
</dependency>

Encrypting Documents

Encrypt or decrypt documents require interaction with the Parity blockchain client (for security reasons it's better to have this running locally) and one of the nodes of the Secret Store cluster. You can initialize the PublisherWorker object passing the URL's to both components, the ethereum address of the user encrypting documents and the password of that ethereum account.

// Initializing the Publisher
publisher= new PublisherWorker(
    "http://localhost:8010",
    "http://localhost:8545",
    "0x123..",
    "password"
);

Publishing a document only require an API call:

String docEncrypted= publisher.encryptDocument("my-document-id", contentOfTheDocument);

Decrypting Documents

You can initialize the ConsumerWorker object passing the URL's of the Secret Store and Parity EVM client, the ethereum address of the user consuming documents and the password of that ethereum account.

// Initializing the Consumer
consumer= new ConsumerWorker(
    "http://localhost:8010",
    "http://localhost:8545",
    "0xabc..",
    "password"
);

It's possible to decrypt a document using the decrypt method:

String document= consumer.decryptDocument("my-document-id", docEncrypted);

You can find a complete integration test in the PublishConsumeIT file.

On-chain Permissions

Secret Store incorporate the mechanisms to query a Smart Contract to authorize a Consumer to decrypt a secret. This library was tested in a Secret Store setup using this feature.

In order to test the integration with last version of Nevermined Service Agreements, you can integrate the SLA Smart Contracts of the contracts.

For testing purposes, this library includes the web3j bindings of a testing Smart Contract implementing the authorization phase integrated with the Secret Store.

To build the java bindings we use the following command:

$ web3j truffle generate --javaTypes contracts/contracts/AccessServiceAgreement.json -o src/main/java -p com.nevermined.secretstore.contracts

Links

You can find further information about the Secret Store in the following links:

• Parity Secret Store
• Parity Secret Store Tutorial

Attribution

This library is based in the Ocean Protocol Secret Store Java library (source code not existing anymore in ocean protocol). It keeps the same Apache v2 License and adds some improvements. See NOTICE file.

License

Copyright 2020 Keyko GmbH
This product includes software developed at
BigchainDB GmbH and Ocean Protocol (https://www.oceanprotocol.com/)

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.