The com.sunya.electionguard.workflow.EncryptBallots command line utility simulates batch ballot encryption on a single encryption device, for example a voting machine.
The input ballots come from a BallotProvider that you supply, or from randomly generated ballots generated against the election description. An Election Record containing the election description and context is also needed as input.
The ballots are randomly selected to be cast or spoiled.
The output is the encrypted ballots, stored in the output Election Record. These are cryptographically chained together to prevent tampering with the output, and so these encrypted ballots are called the encrypted ballot chain.
Usage: java -classpath electionguard-java-all.jar
com.sunya.electionguard.workflow.EncryptBallots [options]
Options:
* -in
Directory containing input election record
* -out
Directory to write output election record
-ballots
BallotProvider classname
-nballots
number of ballots to generate
Default: 0
* -device
Name of this device
--save
Save the original ballots for debugging
-h, --help
Display this help and exit
The input election record containing the description and the context is required. It can be in Json or protobuf format. In the workflow simulation, the output of the PerformKeyCeremony is used (but not the private Guardians).
Either a BallotProvider is provided (see below), or nballots fake ballots are generated against the election description.
The output directory where the Guardians are written is required. The file private/guardians.proto is written there. For safety in case of failure, the output directory should be different from the input directory.
The name of the device is required. It can be any unique name.
If the --save flag is specified, the input ballots are saved in Json serialized form in private/plaintext/.
Example:
java -classpath electionguard-java-all.jar com.sunya.electionguard.workflow.EncryptBallots \
-in /data/electionguard/keyceremony --proto \
-out /data/electionguard/publishEncryption \
-nballots 11 \
-device CountyCook-precinct079-device24358 \
--save
The program exits with a 0 on success, > 0 on failure. Typical (successful) output looks like:
BallotEncryptor read context from /data/electionguard/keyceremony
Ballots from com.sunya.electionguard.workflow.FakeBallotProvider
Write to /data/electionguard/publishEncryption
Ready to encrypt at location: 'CountyCook-precinct079-device24358'
Save private ballot in /data/electionguard/publishEncryption/private/plaintext
Publish cast = 7 spoiled = 4 failed = 0 total = 11
*** EncryptBallots SUCCESS
Users can supply their own java class that implements com.sunya.electionguard.workflow.BallotProvider, which supplies the input plaintext ballots. To do so, place a jar containing that class on the classpath. Example:
java -classpath electionguard-java-all.jar,my.jar com.sunya.electionguard.workflow.EncryptBallots \
-in /data/electionguard/keyceremony --proto \
-out /data/electionguard/publishEncryption \
-ballots my.package.MyBallotsProvider \
-device CountyCook-precinct079-device24358 \
--save
The class com.sunya.electionguard.workflow.FakeBallotProvider is an implementation of BallotProvider you can use as an example to write your own.
This input uses only the published election joint key, and the output is part of the published Election Record, so there are no security problems in the encryption.
The input ballots must be kept private, which is the job of the BallotProvider. So the save flag should only be used for testing and debugging.