Question

In this tutorial, we will learn step by step how to setup a Secret Store with 3 nodes and use it for a simple use case:

Alice has a confidential document stored locally on her hard-drive. She will encrypt it and store the encryption key in a secure way. Later on, Alice will share this encrypted document with Bob making sure that he is the only one able to decrypt it.

To keep things simple we will work on a Private development chain but the Secret Store nodes are meant to be connected to and synchronize any blockchain (Private or Public).

The overall picture of this tutorial is the following:

• 3 Secret Store nodes (each with an account)
• 3 regular user accounts (Alice, Bob and Charlie)
• Each entity on this picture is running a node on the same blockchain. Interactions with the blockchain are not represented on this diagram.
• The nodes part of the secret store are connected with each other using a secure connection (blue lines).
• The Secret Store node 1 (SS1) exposes an HTTP API that Alice, Bob and Charlie can use to generate, store or retrieve encryption keys (orange lines).
• Alice will send an encrypted document to Bob per email (gray line).
• Charlie should not be able to decrypt the document.

Table of contents:

• Part 1 - Configuring each node
  • 1. Enable the Secret Store feature of OpenEthereum
  • 2. Create and configure the users’ nodes
  • 3. Create and configure the Secret Store nodes
    • 3.1 Configuration file for the Secret Store node 1
    • 3.2 Configuration file for the Secret Store node 2
    • 3.3 Configuration file for the Secret Store node 3
  • 4. Add bootnodes to each configuration file
  • 5. Network overview
• Part 2 - Document encryption
  • 1. Choose a Document key id for this document
  • 2. Get the server key for this document
    • 2.1 Sign the Document Key id
    • 2.2 Generate the Secret Store Server key
  • 3. Generate the Document key from the Secret Store key
  • 4. Document encryption
  • 5. Store the Document key on the SS
  • 6. Section overview
• Part 3 - Key retrieval
  • 1. Sign the Document key id with Bob’s account
  • 2. Ask the Secret Store for the decryption keys
  • 3. Decrypt the document
  • 4. Section overview
• Part 4 - Introducing permissioning
  • 1. Sign the Document key id with Charlie’s account
  • 2. Ask the Secret Store for the decryption keys
  • 3. Create and deploy a Permissioning contract
  • 4. Modify the Secret Store configuration files
  • 5. Permissioning verification
    • 5.1 Test with Bob
    • 5.2 Test with Charlie

Part 1 - Configuring each node →