To guarantee file immutability, you can store files in Object Storage Service (OSS) and record each file's MD5 hash on a Hyperledger Fabric ledger. Because the hash — not the file itself — is stored on-chain, you can verify that a file has not been tampered with without writing large binaries to the ledger.
The sample application compiles into two binaries:
push: Reads a local file, records its MD5 hash on the ledger via a Fabric chaincode, then uploads the file to OSS.fetch: Takes a hash string, verifies the hash exists on the ledger via a Fabric chaincode, then downloads the corresponding file from OSS.
Prerequisites
Before you begin, ensure that you have:
A Go development environment set up. See Use Fabric Go SDK for setup instructions.
A BaaS network with a user account, a channel, and a copy of
connection-profile.yaml. See Use Fabric Go SDK for how to obtain the connection profile.An OSS bucket, and the AccessKey ID and AccessKey Secret of an Alibaba Cloud account that has write access to that bucket.
Create an OSS bucket
Create an OSS bucket to store the uploaded files. See Create a bucket for instructions.
This tutorial uses new-bucket as the bucket name. Replace it with your actual bucket name in the following steps.
Download the sample application
Download the sample application archive to
$GOPATH/srcand decompress it:cd $GOPATH/src curl -O https://baas-sdk.oss-cn-hangzhou.aliyuncs.com/go-oss-demo-1.4.5.tar.gz tar -xzf go-oss-demo-1.4.5.tar.gzCopy the BaaS SDK connection profile to the application directory:
cp connection-profile.yaml $GOPATH/src/go-oss-demo/
Deploy the chaincode
Upload chaincode/sacc.out to your BaaS network and instantiate it. See Deploy chaincode for instructions.
Build and run the application
Build the binaries
In the go-oss-demo directory, run the build script to compile the source code:
./build.shThis produces two binaries: push and fetch.
Set environment variables
Set the following environment variables before running either binary:
export baas_user="user" # BaaS username
export baas_secret="password" # Password for the BaaS user
export baas_channel="first-channel" # Channel name
export oss_ak="ak" # AccessKey ID of your Alibaba Cloud account
export oss_ak_secret="secret" # AccessKey Secret of your Alibaba Cloud account
export oss_endpoint="oss-cn-hangzhou.aliyuncs.com" # OSS endpoint for your bucket's region
export oss_bucket="new-bucket" # Name of the OSS bucket you created earlierUpload a file and record its hash
Run push with a local file path to upload the file to OSS and record its MD5 hash on the ledger:
./push README.mdExpected output:
Going to enroll user
[fabsdk/fab] 2019/02/19 07:39:26 UTC - lib.(*Client).initHTTPClient -> INFO TLS Enabled
[fabsdk/fab] 2019/02/19 07:39:26 UTC - util.BCCSPKeyRequestGenerate -> INFO generating key: &{A:ecdsa S:256}
[fabsdk/fab] 2019/02/19 07:39:26 UTC - log.print -> INFO encoded CSR
Success enroll user: appuser1
======================================================
[-] Uploading README.md to Alibaba Cloud OSS, MD5: 9218e8b37fabdc50bb6eca8597ffce22
[-] Upload MD5 to chaincode...
[-] Done.The MD5 hash 9218e8b37fabdc50bb6eca8597ffce22 is now recorded on the ledger. Use this hash to retrieve the file in the next step.
Download a file by its hash
Run fetch with the hash string to verify it on the ledger and download the corresponding file from OSS:
./fetch 9218e8b37fabdc50bb6eca8597ffce22Expected output:
User appuser1 already enrolled, skip enrollment.
======================================================
[-] Fetch file info from chaincode...
Chaincode status: 200
Payload: baas-sdk-test1.9218e8b37fabdc50bb6eca8597ffce22
[-] Downloading to 9218e8b37fabdc50bb6eca8597ffce22
[-] Done.The file is downloaded as 9218e8b37fabdc50bb6eca8597ffce22. Verify that its contents match the original README.md.
What's next
Use Fabric Go SDK — more sample code and SDK usage details