This is the repo containing code for the DENA BMIL project.
- Make a general python script, which
- can generate a random, or
- encrypt data and store it into a file
- read an encrypted file and pass it to stdout
- the decrypted contents should never touch the filesystem
- Make a nodejs server, which
- imports the KILT sdk
- checks, if a store file exists
- if not -> get random from python script -> make new identity -> store it in an encrypted file
- if it does exist -> decrypt file -> setup identity
- Implements credential workflow
- Local development
- Use node v14
- Install dependencies with
yarn install - Use in development mode with
yarn start- This will use a mock implementation of the zymkey cryto chip
- To use on OLI box
- Make sure nodejs and yarn are installed
- Make sure python3 is installed
- Make sure, that zymkey libraries are installed
- If not install them according to point 4 in the manual: https://community.zymbit.com/t/getting-started-zymkey4i-with-raspberry-pi/202
yarn installfor dependenciesyarn buildto build the application in production mode using zymkey crypto chipyarn serveto run the application
- Make sure you have docker and docker-compose installed
- Start services with
docker compose up -d. This includes a dev blockchain node, the demo client and services needed for the demo client and message exchange - Open http://localhost:3000 to open the demo client
- Add the Faucet account by going ot
a. Click "Manage Identities"
b. Click "Add Identity"
c. Enter a name for the account, e.g. "Faucet"
d. Check "Import Seed Phrase"
e. Enter
receive clutch item involve chaos clutch furnace arrest claw isolate okay togetherinto the "Seed Phrase" field f. Click "Advanced Options" g. Select "ED25519" for the Signing Key Pair h. Click "Add" to add the Facuet Account to your Accounts - To generate the needed ctype, execute
npx ts-node generateCtype.ts
- Go to http://localhost:3000/, make a new identity "Bundesnetzagentur" and send some tokens from the Faucet account to it
- Make another identity "Installateur" and also send some tokens to it
- With the "Bundesnetzagentur" identity, go to "Delegations" and create a new Delegation on the "BMILInstallationCredential" ctype
- Invite the "Installateur" identity ("Select action..."->"Invite contact") with attestation rights, switch to that identity and accept the invitation in the "Messages" tab
- Switch to the "Bundesnetzagentur" identity (still in messages tab) and put the delegation on chain ("Create delegation")
- Switch back to the "Installateur" identity (still in messages tab) and save the delegation
- Go to the "Delegations" tab, open the correct delegation and note down the full root delegation hash (Right click on hash -> Inspect -> copy the hash from the title attribute )
- Open
src/utils/const.tsand change theBMILInstallationCredentialDelegationRootIdto the one noted down above - Copy
.env.exampleto.envand change the variables as necessary (the default is ok for this tutorial) - Run the application (e.g.
yarn startfor the quick dev mode) - Generate an identity, by sending a POST request to http://localhost:3002/identity
- Note down the address of the identity
- Go to the demo-client and transfer some tokens to the identity
- Send a POST request to http://localhost:3002/identity/register. This will register a DID for the identity
- Note down the DID
- Go to the demo-client
- Add the DID above as a contact
- With the "Installateur", go to "Contacts" and as the "action" next to the DID select "Submit Terms"
- Select the "BMILInstallationCredential"
- Click on "With prefilled claim" and fill in all the information, except
name(If you have amaster_data.jsonconfigured, you also don't need to fill in the device specific information) - As delegation, select the delegation saved in the "Attester Setup"
- Click "Send Terms"
- The application will receive a message
- If all the details can be validated, it will automatically send a "request-attestation-for-claim" message back to the attester
- If the
MASTER_DATAenv variable was provided, the application will try to extract device information out of the file and add it to the "Request For Attestation", before sending it back to the attesster - If the
BOX_NAMEenv variable was provided, the application will add the info to thenamefield - In the demo-client as the "Installateur", go to "Messages", click on the message from the application, confirm the information and click on "Attest Claim". This will put the attestation on the chain and send a message back to the application
- The application will receive the message with the attestation and saves it in its store
- If a
EWF_URLenv variable was provided, it will convert the credential to a VC and send it to the EWF app
For verification, register and copy the did of the application and add it as a new contact on the demo client under the Contacts tab. As "action" you can now choose "Request claims", selecting the correct ctype (In the example the BMILInstallationCredential ctype with the hash 0xf3f981d9ed4559d9303455826b06bc7048a76107d96185cc31e491cadeafec9e) and wait for the application to respond.
You will get a message including the credential in the demo client under "Messages".
To see the API documentation, run yarn swagger and go to http://localhost:3002/doc/.
Here you see the available endpoints and can call them directly via the swagger interface.
- Problems with expired GPG Key from zymkey
- Needed to delete it and redownload it (https://community.zymbit.com/t/buster-repo-not-working-on-rpi4/776)
- Tried to get the fundamental python scripts to work
- generating a random hex sequence
- encrypting and decrypting a file
- Mostly figuring out
argparse - How to read and write stdout/stdin
- Having to manually install node 12 (
curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -&sudo apt install -y nodejs)- this also installs npm
- have to install yarn
npm install -g yarn-> led to permission issue -> installed it with sudo - install typescript and
ts-node-dev-> configure package.json - figuring out how to exchange data between node and python