x21e8 service to manage RDDL network identities on TrustAnchors and workflows.
Project description
0x21e8 RDDL Interaction Service
The 0x21e8 service is usually installed and executed on RDDL compatible hardware wallets (HW-03). The service utilizes the hardware wallet and enables the HW-03 devices to interact with the RDDL network (Planetmint and liquid).
Besides the pure wallet functionality it works as the core service to launch any RDDL specific use cases:
- storage of (un/encrypted) data (w3storage (IPFS))
- attestation of data
- attestation of machines
- issuing of tokens
- lookup of data
- lookup of tokens
- combination of data & tokens
The current version runs with a software-based keystore. Production based versions will use keystores based on secure elements. Initialization and configuration of the keystores is currently enabled via API.
The service exposes all features via a RESTFul API. The documentation of the API is exposed via <ip/hostname>/docs.
WARNING use this code only for demonstrational purposes. Production code must not rely on this service.
Prepare the Environment
Please run the following scripts to install 0x21e8 service ()
### For a RPI: some architectures need to get a zenroom and dependencies build from source (glibc compatibility)
bash install.sh
The script basically prepares your system to build the service and installs some requirements for this.
Very often, poetry can be used directly without any indication to build some packages from source. Then, the following instruction will be sufficient:
curl -sSL https://install.python-poetry.org | python3 - # installs poetry
poetry install
poetry shell
Service Configuration
The service needs the following configurations:
- RDDL network planetmint services (RESTFul)
- RDDL network liquid services (RPC)
- RPC URL
- RPC port
- RPC user
- RPC password
- web3storage token to store data
- RDDL asset registration endpoint
- RDDL CID resolver
- RDDL Authentication service to be able to authenticate with EdDSA to RDDL services
The configuration is set via environment variables such as
- LQD_RPC_PORT
- LQD_RPC_USER
- LQD_RPC_PASSWORD
- LQD_RPC_HOST
- PLNTMNT_ENDPOINT
- WEB3STORAGE_TOKEN
- RDDL_ASSET_REG_ENDPOINT
- CID_RESOLVER
- RDDL_AUTH
Alternatively, the variables can be defined within the .env
file of the project. A example env.example
file can be adjusted and copied to .env
.
Service Execution
uvicorn --log-level debug --reload x21e8.main:app
Service deployment
In order to deploy the service within an production environment adjust the user and group names if needed and execute the following commands:
sudo cp 0x21e8.service /etc/systemd/system # that's the folder where main.py is located within
sudo systemctl daemon-reload
sudo systemctl enable 0x21e8.service
sudo systemctl start 0x21e8.service
Current state of Liquid Part:
The liquid transactions are created the following way:
Confidential Address Derivation
- A master key is generated from a mnemonic phrase
- This key is derived once (1) and a child key is acquired.
- The child key is used to derive a liquid address.
- .
- .
- .
- Through various steps a confidential address is created. This address is passed along the private key that was used to create the confidential address. This private key is not used anywhere. Apparently, the address is also not used anywhere.
Asset Issuance
- the
issue_asset
function is called which makes a rpc call in the background. The issue here is the confidential address created before is not used. where do we use the confidential address ? its not used anywhere else - This part is solely handled by RPC calls. Is the trusted gw also make rpc calls ? or is it going to delegate this to some other backend service ?
- After we are done here, we get some kind of receipt for our transaction which will be used later on.
Asset Id Registration
- The asset id will be registered to our trusted domain. Is this a one time thing ? Are we going to use the same asset / token for every activity ? As far as i have understood, the asset issuer (r&c) does this only once.
Asset Id Registration on Liquid Network
- The asset id and the corresponding contract is registered on liquid as the final step. Is this also done only by (r&c) and done only once ?
It seems like there is a confusion around creating/issuing an asset and actually distributing it to users. The steps here resemble a one-time asset issuance rather than asset distribution (which is called asset re-issuance. Here is the official documentation : https://docs.blockstream.com/liquid/developer-guide/developer-guide-index.html#proof-of-issuance-blockstream-s-liquid-asset-registry. The trusted gateway should ask for a re-issuance of token and this service should do it. The hw should focus on generating an address (from a mnemonic), post the planetmint tx first get the id from this tx and send it along the issuance request to the service so the service can determine how much token will be issued. Maybe its not like this and the issued asset represents a NFT on Liquid Network so for every create tx from planet mint there will be another asset issued on Liquid.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file x21e8-0.9.2.tar.gz
.
File metadata
- Download URL: x21e8-0.9.2.tar.gz
- Upload date:
- Size: 27.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.5.1 CPython/3.9.17 Linux/5.15.0-1041-azure
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 8c772a846afa96dc13f4d0ec857248b30df4952231b309d0e9ffff8d006583ad |
|
MD5 | 84a07a3b9523fdcb09d9b3aa0f61bdaf |
|
BLAKE2b-256 | 1145fbb48446066355b603eb32808855c8d1e65a792d99c2d4b7779684e7d814 |
File details
Details for the file x21e8-0.9.2-py3-none-any.whl
.
File metadata
- Download URL: x21e8-0.9.2-py3-none-any.whl
- Upload date:
- Size: 33.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.5.1 CPython/3.9.17 Linux/5.15.0-1041-azure
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | f7ccab28b8ba2f58b5516c304432e290b75cabc9357621b5d3b5bacb1b87ef45 |
|
MD5 | 73bb64e0be2c25a9faad83b0c606941c |
|
BLAKE2b-256 | aa59200f373f60d8fac63819ac96fa1d106837d32fa39e4f63fdd0b93bce6b70 |