This interface allows upload an extract and proceed with a trusted timestamping of these extract and provide a PDF receipt as a proof. Trusted timestamping, is the process of securely keeping track of the creation and modification time of a document. Security here means that no one—not even the owner of the document—should be able to change it once it has been recorded provided that the timestamper's integrity is never compromised.
As part of the PoC, the front is a web screens accessible via a browser type Chrome or Firefox.
- Validator:
The sending of the extracts and receipts is done via an upload by a user on the interface, in return a clear message of green color indicates if the timestamp is confirmed or by a message on a red background if the validation of the timestamp has failed.
The backends communicate with the blockchain, broadcast the various transactions (issue / signature of a transaction, issue receipts ...) and manage the associated keys by checking the validity of the signer and his key.
After a security audit it was asked by the Geneva state to make error message more generic. However that implied modifying automatically generated files. If those files are generated once again all changes made to fit the audit will be deleted.
- Install Docker^docker and Docker Compose^dockercompose (Window 10, macOS, Linux, ...)
- Edit environments variables (see below) according to your needs[^dockercomposespec] (https://docs.docker.com/compose/compose-file/) in the docker-compose-prod.yml
- Build the set of containers by running
docker-compose -f docker-compose-prod.yml up -d - Access interface at
- http://127.0.0.1:8001/ctivalidator/ for the timestamping service
- Access API interface at http://127.0.0.1:8001/ctivalidator/api/sonde
Mandatory :
- WS_URI is a URI pointing to an Ethereum RPC endpoint (e.g: http://localhost:8545) => The Ethereum node must be fully sync prior to use.
- LOCKED_ADDR is an Ethereum address used by the validate service to verify the transaction signer of the receipt (e.g: 0x533a245f03a1a46cacb933a3beef752fd8ff45c3)
- TIMEOUT is a UNIX timestamp to manage the expiration time of a private key. To generate one you could use the website http://www.timestamp.fr/
- CSRF_TIME_LIMIT is the longevity of a CSRF Token in seconds. Should at least be 300.
Optional :
- HTTP(S)_PROXY are environment variables used to specified a forward proxy for connection to pass through.
HTTPS support is provided via the docker images jwilder/nginx-proxy. The nginx-proxy image faces Internet and dispatches requests to the
concerned service. Services that are reached from the Internet must have the following environment variables :
VIRTUAL_HOST: The domain name associated to the service.
Administrators must add an A record to their DNS configuration that points to the IP of the machine that hosts
nginx/proxy.
KEY_NAMEis the name given to the cert & key files used by the Service Provider (e.g: myservice ). When updated, the names in the volumes tag of the docker-compose-prod.yml need to be updated too.IDP_METADATAis the public url where the SAML package gets the Identity Provider metadata.SP_URLis the root url of the Service ProviderAPI_HOSTis the hostname of the API. It is based on the docker image name.MAIN_URIis used to specify the required prefix for the webapp. Default is ctivalidator.VIRTUAL_HOSTis used bynginx-proxyto identify the domain name associated to the Webapp's Docker.
The State of Geneva disclaims all liability for any use of all or part of the code, in particular due to programming defects.