Mirroristas/bigchaindb
2
0
Fork 0
mirror of https://github.com/bigchaindb/bigchaindb.git synced 2024-10-13 13:34:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updated the Cryptography page in the docs

Browse Source
This commit is contained in:
troymc 2016-12-11 12:41:44 +01:00
parent efbc1e1b9a
commit c2a5d325cf
1 changed files with 52 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
docs/server/source/appendices/cryptography.md
View File

@ -8,31 +8,69 @@ as described in [the section on JSON serialization](json-serialization.html).
## Hashes ## Hashes
We compute hashes using the SHA3-256 algorithm and BigchainDB computes transaction and block hashes using an implementation of the
[pysha3](https://bitbucket.org/tiran/pykeccak) as the Python implementation. We [SHA3-256](https://en.wikipedia.org/wiki/SHA-3)
store the hex-encoded hash in the database. For example: algorithm provided by the
[**pysha3** package](https://bitbucket.org/tiran/pykeccak),
which is a wrapper around the optimized reference implementation
from [http://keccak.noekeon.org](http://keccak.noekeon.org).
Here's the relevant code from `bigchaindb/bigchaindb/common/crypto.py`
(as of 11 December 2016):
```python ```python
import hashlib
# monkey patch hashlib with sha3 functions
import sha3 import sha3
data = "message" def hash_data(data):
tx_hash = hashlib.sha3_256(data).hexdigest() """Hash the provided data using SHA3-256"""
return sha3.sha3_256(data.encode()).hexdigest()
``` ```
The incoming `data` is understood to be a Python 3 string,
which may contain Unicode characters such as `'ü'` or `'字'`.
The Python 3 `encode()` method converts `data` to a bytes object.
`sha3.sha3_256(data.encode())` is a _sha3.SHA3 object;
the `hexdigest()` method converts it to a hexadecimal string.
For example:
```python
>>> import sha3
>>> data = '字'
>>> sha3.sha3_256(data.encode()).hexdigest()
'c67820de36d949a35ca24492e15767e2972b22f77213f6704ac0adec123c5690'
```
Note: Hashlocks (which are one kind of crypto-condition)
may use a different hash function.
## Signature Algorithm and Keys ## Signature Algorithm and Keys
BigchainDB uses the [Ed25519](https://ed25519.cr.yp.to/) public-key signature BigchainDB uses the [Ed25519](https://ed25519.cr.yp.to/) public-key signature
system for generating its public/private key pairs. Ed25519 is an instance of system for generating its public/private key pairs. Ed25519 is an instance of
the [Edwards-curve Digital Signature Algorithm the [Edwards-curve Digital Signature Algorithm
(EdDSA)](https://en.wikipedia.org/wiki/EdDSA). As of April 2016, EdDSA was in (EdDSA)](https://en.wikipedia.org/wiki/EdDSA). As of December 2016, EdDSA was an
["Internet-Draft" status with the ["Internet-Draft" with the
IETF](https://tools.ietf.org/html/draft-irtf-cfrg-eddsa-05) but was [already IETF](https://tools.ietf.org/html/draft-irtf-cfrg-eddsa-08) but was [already
widely used](https://ianix.com/pub/ed25519-deployment.html). widely used](https://ianix.com/pub/ed25519-deployment.html).
BigchainDB uses the the [ed25519](https://github.com/warner/python-ed25519) BigchainDB uses the the
Python package, overloaded by the [cryptoconditions [**cryptoconditions** package](https://github.com/bigchaindb/cryptoconditions)
library](https://github.com/bigchaindb/cryptoconditions). to do signature and keypair-related calculations.
That package, in turn, uses the [**PyNaCl** package](https://pypi.python.org/pypi/PyNaCl),
a Python binding to the Networking and Cryptography (NaCl) library.
All keys are represented with the base58 encoding by default. All keys are represented with
[a Base58 encoding](https://en.wikipedia.org/wiki/Base58).
The cryptoconditions package uses the
[**base58** package](https://pypi.python.org/pypi/base58)
to calculate a Base58 encoding.
(There's no standard Base58 encoding.)
Here's an example public/private key pair:
```js
"keypair": {
"public": "9WYFf8T65bv4S8jKU8wongKPD4AmMZAwvk1absFDbYLM",
"private": "3x7MQpPq8AEUGEuzAxSVHjU1FhLWVQJKFNNkvHhJPGCX"
}
```