Indy案例执行与数据流程
一、Steward初始化工作
-
加载钱包存储插件(数据库)
-
Steward连接nodes pool
pool需要提前启动;
pool相关配置在utils.py中定义;
区块文件存储在:/tmp/indy/
-
Steward创建did
Steward通过seed来创建公钥、私钥,公钥前16个字节base58解码后生成did,后16个字节为verkey(同key)。
did:Th7MpTaRZVRYnPiabds81Y key: FYmoFw55GeQH7SRFa37dkx1d2dZ3zUF8ckg7wmL7ofN4注意:1. 我每次运行时,这个did都是一样的,应该是与seed有关。
2. 这里直接创建did,不需要发送NYM交易给账本
二、发证机构创建钱包与did
这里描述的第三方机构创建did、key,发送给Steward,由其代理发送给Ledger
这里由Steward代理发送给Ledger的目的应该是帮其在Indy网络中注册身份,如果是普通用户,role为none,则无需发送给Ledger。
-
Government创建钱包与did
-
Government创建钱包
-
Government创建did、key
did: H23tFYtuX3CtZ1eS7ZcycS key: 9jN6QBScticjc4mvHSAe8hWSuwftE8JBNDsGk7XbMFpo -
Government将did、key发送给Steward
-
Steward将根据接收到的did、key创建NYM交易,发送给Ledger
NYM交易:(创建账本已知的DID被称为Verinym,用于创建Verinym的交易被称为NYM交易。)
{ "reqId":1587714095951780089, "identifier":"Th7MpTaRZVRYnPiabds81Y", "operation": {"type":"1", "dest":"H23tFYtuX3CtZ1eS7ZcycS", "verkey":"9jN6QBScticjc4mvHSAe8hWSuwftE8JBNDsGk7XbMFpo", "role":"101"}, "protocolVersion":2, }
-
-
其他机构创建钱包与did(过程同上)
三、第三方机构发布Credential Schemas和Definition到Ledger
Credential Schema 是基础的语义结构,它描述了一个特定的 Credential 可以包含的属性列表。
注意:Government发布Schema到Ledger;发证机构发布Definition到Ledger。
-
Government创建 "Job-Certificate" Schema
"Job-Certificate" Schema:
{"ver":"1.0", "id":"5wBzkrv6Jj4EyXFruTUgBM:2:Job-Certificate:0.2", "name":"Job-Certificate", "version":"0.2", "attrNames":["first_name","experience","salary","employee_status","last_name"], "seqNo":null}然后根据Schema生成Request发送给Ledger,Request如下:
{"reqId":1587994003690170747, "identifier":"5wBzkrv6Jj4EyXFruTUgBM", "operation": {"type":"101", "data": {"name":"Job-Certificate", "version":"0.2", "attr_names":["employee_status","last_name","first_name","salary","experience"]}}, "protocolVersion":2} -
Government创建 "Transcript" (成绩单)Schema
"Transcript" Schema:
{"ver":"1.0", "id":"5wBzkrv6Jj4EyXFruTUgBM:2:Transcript:1.2", "name":"Transcript", "version":"1.2", "attrNames":["average","ssn","first_name","last_name","status","degree","year"], "seqNo":null}然后根据Schema生成Request发送给Ledger,Request如下:
{"reqId":1587994521550954649, "identifier":"5wBzkrv6Jj4EyXFruTUgBM", "operation": {"type":"101","data": {"name":"Transcript", "version":"1.2", "attr_names":["ssn","last_name","year","first_name","status","average","degree"]}}, "protocolVersion":2} -
Fabe获取“transcript_Schema”
{"ver":"1.0", "id":"5wBzkrv6Jj4EyXFruTUgBM:2:Transcript:1.2", "name":"Transcript", "version":"1.2", "attrNames":["average","first_name","status","last_name","degree","year","ssn"], "seqNo":193} -
Faber创建“Faber Transcript”Credential Definition并存储到钱包中
Credential Definition:
{"ver":"1.0", "id":"TXJEN2L697TqCc41N2EFQA:3:CL:193:TAG1", "schemaId":"193", "type":"CL", "tag":"TAG1", "value": {"primary": {"n":"...","s":"...","r": {"ssn":"...","degree":"...","status":"...","first_name":"...","year":"...","average":"...","last_nam e":"...6","master_secret":"..."}, "rctxt":"...","z":"..."}}} -
根据Credential Definition生成请求,发送给Ledger
{"reqId":1587996418869063899,"identifier":"TXJEN2L697TqCc41N2EFQA","operation":{"ref":193,"data":{"primary":{"n":"...","s":"...","r":{"last_name":"...","first_name":"...","average":"...","master_secret":"...","year":"...","ssn":"...","degree":"...","status":"..."},"rctxt":"...","z":"...1"}},"type":"102","signature_type":"CL","tag":"TAG1"},"protocolVersion":2} -
Acme获取“'job_certificate_schema”
{"ver":"1.0","id":"5wBzkrv6Jj4EyXFruTUgBM:2:Job-Certificate:0.2","name":"Job-Certificate","version":"0.2","attrNames":["employee_status","last_name","salary","experience","first_name"],"seqNo":192} -
Acme创建“Faber Transcript”Definition并存储到钱包中
{"ver":"1.0", "id":"XWEqorG6dT28yQuxgSQzPh:3:CL:192:TAG1", "schemaId":"192", "type":"CL", "tag":"TAG1", "value": {"primary": {"n":"...","s":"...","r": {"last_name":"...","employee_status":"...","first_name":"...","experience":"...","salary":"...","master_secret":"..."}, "rctxt":"...","z":"..."}, "revocation": {"g":"...","g_dash":"...","h":"...","h0":"...","h1":"...","h2":"...","htilde":"...","h_cap":"...","u":"...","pk":"...","y":"..."}}} -
Acme根据"Faber Transcript" Credential Definition 生成请求并发送到Ledger
{"reqId":1587997282250838013, "identifier":"XWEqorG6dT28yQuxgSQzPh", "operation": {"ref":192,"data": {"primary": {"n":"...","s":"...","r": {"last_name":"...","master_secret":"...","employee_status":"...","first_name":"...","salary":"...","experience":"..."}, "rctxt":"...","z":"..."}, "revocation": {"g":"...","g_dash":"...","h":"...","h0":"...","h1":"...","h2":"...","htilde":"...","h_cap":"...","u":"...","pk":"...","y":"..."}}, "type":"102", "signature_type":"CL", "tag":"TAG1"}, "protocolVersion":2} -
Acme创建Revocation Registry Definition和 Revocation Registry Entry 并存储到钱包
Revocation Registry Definition:
{"ver":"1.0", "id":"Dto3PtATnKTtNY5Wia1zCz:4:Dto3PtATnKTtNY5Wia1zCz:3:CL:99:TAG1:CL_ACCUM:TAG1", "revocDefType":"CL_ACCUM", "tag":"TAG1", "credDefId":"TXJEN2L697TqCc41N2EFQA:3:CL:99:TAG1", "value":{"issuanceType":"ISSUANCE_ON_DEMAND","maxCredNum":5,"publicKeys":{ "accumKey":{"z":"..."}}, "tailsHash":"ALNDBiuuJhtGwfsoJfWBjLB846T2CKn4By8gnW6axSjX","tailsLocation":"/tmp/indy_acme_tails/ALNDBiuuJhtGwfsoJfWBjLB846T2CKn4By8gnW6axSjX"}}Revocation Registry Entry:
{ "ver":"1.0", "value": {"accum":"..."}, } -
Acme根据 Revocation Registry Definition生成请求并发送给Ledger
{ "reqId":1587885562969092691, "identifier":"TXJEN2L697TqCc41N2EFQA", "operation": {"type":"113", "id":"Dto3PtATnKTtNY5Wia1zCz:4:Dto3PtATnKTtNY5Wia1zCz:3:CL:99:TAG1:CL_ACCUM:TAG1", "revocDefType":"CL_ACCUM", "tag":"TAG1", "credDefId":"Dto3PtATnKTtNY5Wia1zCz:3:CL:99:TAG1", "value": {"issuanceType":"ISSUANCE_ON_DEMAND", "maxCredNum":5, "publicKeys": {"accumKey": {"z":"..."}}, "tailsHash":"ALNDBiuuJhtGwfsoJfWBjLB846T2CKn4By8gnW6axSjX", "tailsLocation":"/tmp/indy_acme_tails/ALNDBiuuJhtGwfsoJfWBjLB846T2CKn4By8gnW6axSjX"}}, "protocolVersion":2, } -
Acme根据 Revocation Registry Entry生成请求并发送给Ledger
{ "reqId":1587887139326607780, "identifier":"TXJEN2L697TqCc41N2EFQA", "operation": {"type":"114", "revocRegDefId":"Dto3PtATnKTtNY5Wia1zCz:4:Dto3PtATnKTtNY5Wia1zCz:3:CL:99:TAG1:CL_ACCUM:TAG1", "revocDefType":"CL_ACCUM", "value":{"accum":"..."}}, "protocolVersion":2, }
四、获取凭证
这里描述的是Alice从Faber获取成绩单。
-
Alice创建钱包
-
Alice创建did
注意,不需要发送给Steward,由其发送给Ledger
did:4KCC4H79gxSPA8EwCyoeo7 key:4KCC4H79gxSPA8EwCyoeo7 -
Faber颁发Credential Offer
{ "schema_id":"VqBSxjid1RcENXrwtqNdBs:2:Transcript:1.2", "cred_def_id":"G1Dgsh41uoXZwDdhNjSpxY:3:CL:110:TAG1", "key_correctness_proof": {"c":"11940152381752445575456459162414694479920620198794785106329130586494888137021","xz_cap":"...", "xr_cap":[["average","..."],["master_secret","..."],["last_name","..."],["status","..."],["year","..."],["first_name","..."],["degree","..."],["ssn","..."]]}, "nonce":"934207022396506473830394", } -
通信:发送Credential Offer
-
Alice创建一个Master Secret
注意:一个 Master Secret 是一个供证明人使用的关于私有数据的 item,用来保证一个 credential 能够唯一地应用于自己。Master Secret 是一个 input,这个 input 合并了来自于多个 Credentials 的数据,用来证明这些 Credentials 有一个通用的主题(common subject)(证明者)。一个 Master Secret 应该只有证明者自己知道。
789d559a-cdce-41c2-8b6b-872da02c677b -
Alice创建Credential Definition Request
{"reqId":1587907308563759971, "identifier":"MHVZFRaSBqUP7noPegpuBp", "operation": {"type":"108", "ref":130, "signature_type":"CL", "origin":"XmjwDhiDyFKYwGe3oEmQC7", "tag":"TAG1"}, "protocolVersion":2} -
Alice从Ledger获取Credential Definition
{"reqId": 1587907308563759971, "identifier":"MHVZFRaSBqUP7noPegpuBp", "operation": {"type":"108", "ref":130, "signature_type":"CL", "origin":"XmjwDhiDyFKYwGe3oEmQC7", "tag":"TAG1"}, "protocolVersion":2} -
Alice向Ledger发出获取Credential 请求(这里是获取真正成绩单)
{"prover_did":"MHVZFRaSBqUP7noPegpuBp", "cred_def_id":"XmjwDhiDyFKYwGe3oEmQC7:3:CL:130:TAG1", "blinded_ms":{"u":"...","ur":null,"hidden_attributes":["master_secret"],"committed_attributes":{}},"blinded_ms_correctness_proof":{"c":"...","v_dash_cap":"...","m_caps":{"master_secret":"..."},"r_caps":{}},"nonce":"1090027927560957530097319"} Request-metadata {"master_secret_blinding_data":{"v_prime":"","vr_prime":null},"nonce":"1090027927560957530097319","master_secret_name":"789d559a-cdce-41c2-8b6b-872da02c677b"} -
通信:发出请求
-
Faber为Alice创建Transcript Credential(成绩单)
{"schema_id":"3uYRkiVt9FBB6dqHFHFb99:2:Transcript:1.2", "cred_def_id":"XmjwDhiDyFKYwGe3oEmQC7:3:CL:130:TAG1", "rev_reg_id":null, "values": {"status": {"raw":"graduated", "encoded":"2213454313412354"}, "degree": {"raw":"Bachelor of Science, Marketing", "encoded":"12434523576212321"}, "year": {"raw":"2015","encoded":"2015"}, "last_name": {"raw":"Garcia", "encoded": "5321642780241790123587902456789123452"}, "ssn": {"raw":"123-45-6789", "encoded":"3124141231422543541"}, "first_name": {"raw":"Alice", "encoded":"1139481716457488690172217916278103335"}, "average": {"raw":"5", "encoded":"5"}}, "signature": {"p_credential":{"m_2":"...","a":"...","e":"...","v":"..."}, "r_credential":null}, "signature_correctness_proof":{"se":"...","c":"..."}, "rev_reg":null, "witness":null} -
通信:发送成绩单凭证
-
Alice将凭证存储在钱包
五、用户使用凭证创建证明
这里描述的是Alice向acme公司申请工作,需要证明,证明中的属性来自于“成绩单”凭证。
-
Acme创建"Job-Application" Proof Request
{"nonce": "723734352206793706742956", "name": "Job-Application", "version": "0.1", "requested_attributes": {"attr1_referent": {"name": "first_name"}, "attr2_referent": {"name": "last_name"}, "attr3_referent": {"name": "degree", "restrictions": [{"cred_def_id": "XBT4WwQKo4F5QTe1cAdQGt:3:CL:140:TAG1"}]}, "attr4_referent": {"name": "status", "restrictions": [{"cred_def_id": "XBT4WwQKo4F5QTe1cAdQGt:3:CL:140:TAG1"}]}, "attr5_referent": {"name": "ssn", "restrictions": [{"cred_def_id": "XBT4WwQKo4F5QTe1cAdQGt:3:CL:140:TAG1"}]}, "attr6_referent": {"name": "phone_number"}}, "requested_predicates": {"predicate1_referent": {"name": "average", "p_type": ">=", "p_value": 4, "restrictions": [{"cred_def_id": "XBT4WwQKo4F5QTe1cAdQGt:3:CL:140:TAG1"}]}}} -
通信:发送Proof Request
-
Alice根据Request中属性来搜索钱包中所需要的凭证
根据Request中的每一个属性分别搜索需要的凭证,即这里6个属性会搜索到6个一样凭证(6个属性在成绩单凭证中)。
{'attrs': {'average': '5', 'degree': 'Bachelor of Science...Marketing', 'first_name': 'Alice', 'last_name': 'Garcia', 'ssn': '123-45-6789', 'status': 'graduated', 'year': '2015'}, 'cred_def_id': 'XBT4WwQKo4F5QTe1cAd...:140:TAG1', 'cred_rev_id': None, 'referent': 'e808f63f-a694-4bec-...3ccd504d0', 'rev_reg_id': None, 'schema_id': 'W82yyDu4niEsy3f2yKB...cript:1.2'}合并搜索到的凭证,所生成的Proof:
{e808f63f-a694-4bec-...3ccd504d0': {'attrs': {{'average': '5', 'degree': 'Bachelor of Science...Marketing', 'first_name': 'Alice', 'last_name': 'Garcia', 'ssn': '123-45-6789', 'status': 'graduated', 'year': '2015'}}, 'cred_def_id': 'XBT4WwQKo4F5QTe1cAd...:140:TAG1', 'cred_rev_id': None, 'referent': 'e808f63f-a694-4bec-...3ccd504d0', 'rev_reg_id': None, 'schema_id': 'W82yyDu4niEsy3f2yKB...cript:1.2'}} -
Alice为凭证获取Schemas、Definition、Revocation State
Schemas:
{"W82yyDu4niEsy3f2yKBqEj:2:Transcript:1.2": {"ver": "1.0", "id": "W82yyDu4niEsy3f2yKBqEj:2:Transcript:1.2", "name": "Transcript", "version": "1.2", "attrNames": ["first_name", "last_name", "degree", "ssn", "average", "status", "year"], "seqNo": 140}}Definition:
{"XBT4WwQKo4F5QTe1cAdQGt:3:CL:140:TAG1": {"ver": "1.0", "id": "XBT4WwQKo4F5QTe1cAdQGt:3:CL:140:TAG1", "schemaId": "140", "type": "CL", "tag": "TAG1", "value": {"primary": {"n": "...", "s": "...", "r": {"first_name": "...", "average": "...", "master_secret": "...", "status": "...", "year": "...", "last_name": "...", "degree": "...", "ssn": "..."}, "rctxt": "...", "z": "..."}}}}Revocation State为空。
-
生成Proof Request,Alice将属性值分类
分为三类:1. 属性值将会被透漏的 2. 属性值将不会被透漏的 3. 创建可证实的 proof 不需要的属性
{"self_attested_attributes": {"attr1_referent": "Alice", "attr2_referent": "Garcia", "attr6_referent": "123-45-6789"}, "requested_attributes": {"attr3_referent": {"cred_id": "e808f63f-a694-4bec-9617-44c3ccd504d0", "revealed": true}, "attr4_referent": {"cred_id": "e808f63f-a694-4bec-9617-44c3ccd504d0", "revealed": true}, "attr5_referent": {"cred_id": "e808f63f-a694-4bec-9617-44c3ccd504d0", "revealed": true}}, "requested_predicates": {"predicate1_referent": {"cred_id": "e808f63f-a694-4bec-9617-44c3ccd504d0"}}} -
Alice创建"Job Application Proof"
{"proof": {"proofs": [{"primary_proof": {"eq_proof": {"revealed_attrs": {"degree":"12434523576212321", "ssn":"3124141231422543541", "status":"2213454313412354"}, "a_prime":"...","e":"...","v":"...","m": {"first_name":"...","master_secret":"...","year":"...","average":"...","last_name":"..."}, "m2":"..."}, "ge_proofs": [{"u":{"1":"...","0":"...","3":"...","2":"..."}, "r":{"DELTA":"...","2":"...","1":"...","3":"...","0":"..."}, "mj":"...", "alpha":"...", "t":{"2":"...","3":"...","DELTA":"...","1":"...","0":"..."}, "predicate": {"attr_name":"average","p_type":"GE","value":4}}]}, "non_revoc_proof":null}], "aggregated_proof": {"c_hash":"11709415628720087997396257378569456511106011202830226475088556399571443205461", "c_list":[[...],[...],[...],[...],[...],[...]]}}, "requested_proof": {"revealed_attrs": {"attr5_referent": {"sub_proof_index":0, "raw":"123-45-6789", "encoded":"3124141231422543541"}, "attr3_referent": {"sub_proof_index":0, "raw":"Bachelor of Science, Marketing", "encoded":"12434523576212321"}, "attr4_referent": {"sub_proof_index":0 ,"raw":"graduated", "encoded":"2213454313412354"}}, "self_attested_attrs": {"attr2_referent":"Garcia", "attr1_referent":"Alice", "attr6_referent":"123-45-6789"}, "unrevealed_attrs":{}, "predicates": {"predicate1_referent": {"sub_proof_index":0}}}, "identifiers": [{"schema_id":"W82yyDu4niEsy3f2yKBqEj:2:Transcript:1.2", "cred_def_id":"XBT4WwQKo4F5QTe1cAdQGt:3:CL:140:TAG1", "rev_reg_id":null, "timestamp":null}]} -
通信:发送Proof
六、验证Proof
-
Acme为凭证获取Schemas、Definition、Revocation Register Definition、Revocation Register Entries
Schemas:
{"W82yyDu4niEsy3f2yKBqEj:2:Transcript:1.2": {"ver": "1.0", "id": "W82yyDu4niEsy3f2yKBqEj:2:Transcript:1.2", "name": "Transcript", "version": "1.2", "attrNames": ["status", "average", "last_name", "year", "degree", "ssn", "first_name"], "seqNo": 140}}Definition:
{"XBT4WwQKo4F5QTe1cAdQGt:3:CL:140:TAG1": {"ver": "1.0", "id": "XBT4WwQKo4F5QTe1cAdQGt:3:CL:140:TAG1", "schemaId": "140", "type": "CL", "tag": "TAG1", "value": {"primary": {"n": "...", "s": "...", "r": {"ssn": "...", "last_name": "...", "first_name": "...", "average": "...", "status": "...", "degree": "...", "year": "...", "master_secret": "..."}, "rctxt": "...", "z": "..."}}}}'Revocation Definition、Revocation Register为空。
-
Acme进行验证。(这里仅调用函数做了简单判断)
-
真实情况中验证为Aries完成
网友评论