Overview: This page outlines tasks and milestones in order to manage and achieve goals that are set for the "X.509 Certificate Transparency using Hyperledger Fabric Blockchain" project.
Project tasks and milestones
- Week 1-3
- Broader Goals for first Evaluation
- Understanding CTB design (https://eprint.iacr.org/2018/1232)
- Running the existing proof-of-concept code for Hyperledger based CTB (HLCTB) network
- Building a proof-of-concept client/server application supporting HLCTB-assisted SSL/TLS connection
- Work done
May 27 - June 2
- Meeting with Prof. mahavir jhawar - Introduction and understanding the project
- Premier on using openssl for generating certificates and signing certificates by certificate authority.
- Read paper on CTB by mahavir jhawar: https://eprint.iacr.org/2018/1232.pdf
- Revisit Hyperledger key concepts: https://hyperledger-fabric.readthedocs.io/en/release-1.4/key_concepts.html
- Understand the structure of crypto-config folder where certificate for identity management are stored. (WIP)
- Run CTB network with two CA and browser organisations. Able to add certificate and query them.
- Reissue certificate while the previous one is active. I have gone through the go chaincode, VerifyPKCS1v15 is at heart of reissuing certificate. But I am not able to understand what the signCert exactly is? Whether it is sign of newcertstring or newcertfile or sha256 of newcert using the current public key.
openssl dgst -sha256 -sign currentCert.key -out sign.txt newCert.crt , but this produces binary output and VerifyPKCS1v15 is returning false.
June 3 - June 9
- Create a github repository with POC of CTB network using hyperledger
- Reported issue related Wrong port number in build your first network - FAB-15602Getting issue details... STATUS
- Understanding and running the basic-network, first-network and fabcar application of fabric-samples
- Write a blog on structure of crypto-config and how different keys are related
June 10 - June 16
- Monday - Meeting with deva madala on progress till now and technical guidance
- Testing the HLCTB network POC written by deva madala (fabric 1.1) and understood how to connect to HLCTB network and executing the chaincode
- Modifying the HLCTB network by adding CA to each org and couchDB for each peers for fabric 1.4
- Besides the main goal, started with switching from direct container management to orchestration of containers using kubernetes
- Create the project timeline and meeting regarding the same
- Change in existing chaincode for proper revocation of certificates
June 17 - June 23
- Using easybaas (VMware tool, https://labs.vmware.com/flings/blockchain-on-kubernetes) for creating the hyperledger related config for deploying on kubernetes and also modifying the same for incorporating the changes in fabric 1.4
- Tuesday - meeting with Prof. mahavir jhawar regarding preparation for demo and current progress
- Create an application(SDK) for connecting to the network and executing chaincode functions
- Create a demo for server/client SSL PKI verification using HLCTB network
- Thursday - show the demo to deva madala
- Write a readme on how to run demo server/client application for testing HLCTB network
- Friday- show the final step by step demo to Professor and deva madala and discussion of the second quarter plans
- Week 4-6
- Broader Goals for second Evaluation
- Hosting the HLCTB over cloud
- FireFox Extension to support HLCTB-assisted https connections
- Development of an interface allowing registration of Certification Authorities to HLCTB network
- Work Done
June 24 - June 30
- Trying to add Yeasy/blockchain-explorer:0.1.0-preview to the hlf network.
- Added blockchain-explorer for fabric 1.4 on the HLF CTB network for easy monitoing of the transactions and the ledger.
- Created a script for automatic testing of network. Using this we can generate multiple ca, domains cerificates , push them to the network, renew the certs for domains and also revoke them. It uses the CA server as a proxy.
- Tested for serial processing of transactions for 100 domains and 5 times renewal of certificates and revoking them in the end. The network handled that, and blocks produced had one transaction each. Achieved a processing rate of 20-30 transactions per minute.
- Tested for parallel processing with the same settings as serial processing. Each blocks had upto 10 transactions and achieved a processing rate of 200 transactions per minute.
- Create a docker image of blockchain-explorer . It has two images , one for server and other for client.
July 1 - July 7
- Raised issue on `Explorer not able to connect orderer from docker.` - - BE-676Getting issue details... STATUS
- Attending mentors and mentees meet call.
- Adding caliper to network
- Testing using caliper for different number of transactions and tps while changing block size and batch timeout in configtx.yaml
- Adding swagger interface to ca server
- Adding authentication to ca server
- Deploying whole network on cloud with blockchain-explorer, ca server and caliper
- Making chrome extension
July 7 - July 14
- Make firefox extension
- Add script for generating crypto-material and docker files for new CA organisation
- Adding new CA organisation to current HLCTB network(locally)
- Fixing queryCertificateHistory and adding creation of affiliation for orgs if not present
- Create pm2 process file for CA server, reports server and channel Config API.
- Week 7-9
- Broader Goals for third Evaluation
- Scaling up of HLCTB: Simulation of https connections to sufficiently many HLCTB-registered domains
- Bench-marking HLCTB-assisted handshake overhead (on top of SSL/TLS handshake)
- Fine tuning of HLCTB operations for better efficiency and security
- Work Done
July 15 - July 21
- Monday meeting on caliper, firefox extension, CA server api and discussed further plan.
- Deploy network on cloud and joining new organisation to network present on different server(whole network contains of 2 server)
- Patching TLS certificates of orderers and peers for including IP SANs and documenting the errors faced
- Documenting how to add new CA organisation
- Create transfer_asset script for transfer TLS certificate for CA server
- Documenting how to connect CA server to CA organisation in HLCTB network
July 22 - July 28
- Presentation on CTB and work done
- Reading paper on scaling hyperledger handle order of 4 tps.
- Adding demo for ctb-testing.ml using self-signed CA
July 29 - Aug 4
- Meeting with mentor showing the work done and changes needed.
- Adding demo for hfctb.ml using lets encrypt as CA
- Week 10-12
- Broader Goals for last Evaluation
- Prepare report explaining completed tasks
- Certificate revocation
- Present your work done to hyperledger community
- Wrapping up and organising the codebase
- Work Done
Aug 5 - Aug 11
- Meeting with mentors on created presentation and suggested changes in it for better understanding
- Create more interactive presentation and also a demo video
- Looked into certificate revocation part and studied current methods CRL, OCSP, OCSP stapling and Must-Staple
Aug 12 - Aug 18
- Attended Hyperledger internship presentation of other students
- Started working on report
- Setup a OCSP responder, webserver for handling OCSPERQUEST using ocsp npm package
Aug 19 - Aug 25
- Meeting with mentors-- different ways of integrating currently available revocation models in HFCTB network
- Wrapping up and organizing the codebase