Private Data Example

Start the network

./network.sh down ./network.sh up createChannel -ca -s couchdb

Deploy the private data smart contract to the channel

./network.sh deployCC -ccn private -ccp ../asset-transfer-private-data/chaincode-go/ -ccl go -ccep "OR('Org1MSP.peer','Org2MSP.peer')" -cccg ../asset-transfer-private-data/chaincode-go/collections_config.json

Environment variables to use the Fabric CA client

export PATH=${PWD}/../bin:${PWD}:$PATH export FABRIC_CFG_PATH=$PWD/../config/

Fabric CA client home set to the MSP of the Org1 CA admin

export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org1.example.com/

Register a new owner client identity using the fabric-ca-client

fabric-ca-client register --caname ca-org1 --id.name owner --id.secret ownerpw --id.type client --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem

Register identities

Generating Identities by enrolling new owner client

fabric-ca-client enroll -u https://owner:ownerpw@localhost:7054 --caname ca-org1 -M ${PWD}/organizations/peerOrganizations/org1.example.com/users/owner@org1.example.com/msp --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem

Copy Node OU

cp ${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml ${PWD}/organizations/peerOrganizations/org1.example.com/users/owner@org1.example.com/msp/config.yaml

Registering a new user (buyer)

Set Env Variables

export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org2.example.com/

Register User

fabric-ca-client register --caname ca-org2 --id.name buyer --id.secret buyerpw --id.type client --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem

Enrolling User

fabric-ca-client enroll -u https://buyer:buyerpw@localhost:8054 --caname ca-org2 -M ${PWD}/organizations/peerOrganizations/org2.example.com/users/buyer@org2.example.com/msp --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem

Copy OU

cp ${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml ${PWD}/organizations/peerOrganizations/org2.example.com/users/buyer@org2.example.com/msp/config.yaml

==========================

Create an asset in private data

We created the Identity, we can invoke the private data smart contract to create a new asset

export PATH=${PWD}/../bin:$PATH export FABRIC_CFG_PATH=$PWD/../config/ export CORE_PEER_TLS_ENABLED=true export CORE_PEER_LOCALMSPID="Org1MSP" export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/owner@org1.example.com/msp export CORE_PEER_ADDRESS=localhost:7051

Note that the private data is passed using the --transient flag. Inputs passed as transient data will not be persisted in the transaction

`

Setting Data as env variable that is going to be used while create asset:

export ASSET_PROPERTIES=$(echo -n "{"objectType":"asset","assetID":"asset1","color":"green","size":20,"appraisedValue":100}" | base64 | tr -d \n)

peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n private -c '{"function":"CreateAsset","Args":[]}' --transient "{"asset_properties":"$ASSET_PROPERTIES"}"

Submitting transaction

peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n private -c '{"function":"CreateAsset","Args":[]}' --transient "{"asset_properties":"$ASSET_PROPERTIES"}"

Query the private data as an Authorized peer

peer chaincode query -C mychannel -n private -c '{"function":"ReadAsset","Args":["asset1"]}'

peer chaincode query -C mychannel -n private -c '{"function":"ReadAssetPrivateDetails","Args":["Org1MSPPrivateCollection","asset1"]}'

Query the private data as an unauthorized peer

Switch to a peer in Org2

export CORE_PEER_LOCALMSPID="Org2MSP" export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org2.example.com/users/buyer@org2.example.com/msp export CORE_PEER_ADDRESS=localhost:9051

peer chaincode query -C mychannel -n private -c '{"function":"ReadAsset","Args":["asset1"]}'

User 2 is not authorized to access this

peer chaincode query -C mychannel -n private -c '{"function":"ReadAssetPrivateDetails","Args":["Org1MSPPrivateCollection","asset1"]}'

Transfer the Asset using AgreeToTransfer

export ASSET_VALUE=$(echo -n "{"assetID":"asset1","appraisedValue":100}" | base64 | tr -d \n)

peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n private -c '{"function":"AgreeToTransfer","Args":[]}' --transient "{"asset_value":"$ASSET_VALUE"}"

peer chaincode query -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n private -c '{"function":"ReadAssetPrivateDetails","Args":["Org2MSPPrivateCollection","asset1"]}'

result: {"assetID":"asset1","appraisedValue":100}

Now buyer has agreed to buy asset at User 1 (owner's) price

The asset needs to be transferred by the identity that owns the asset, so need to change to Org 2

export CORE_PEER_LOCALMSPID="Org1MSP" export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/owner@org1.example.com/msp export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt export CORE_PEER_ADDRESS=localhost:7051

peer chaincode query -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n private -c '{"function":"ReadTransferAgreement","Args":["asset1"]}'

Transfer Asset

export ASSET_OWNER=$(echo -n "{"assetID":"asset1","buyerMSP":"Org2MSP"}" | base64 | tr -d \n)

peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n private -c '{"function":"TransferAsset","Args":[]}' --transient "{"asset_owner":"$ASSET_OWNER"}" --peerAddresses localhost:7051 --tlsRootCertFiles ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt

Query

peer chaincode query -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n private -c '{"function":"ReadAsset","Args":["asset1"]}'

Purge Private Data

Setting Env

export CORE_PEER_LOCALMSPID="Org2MSP" export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org2.example.com/users/buyer@org2.example.com/msp export CORE_PEER_ADDRESS=localhost:9051

peer chaincode query -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n private -c '{"function":"ReadAssetPrivateDetails","Args":["Org2MSPPrivateCollection","asset1"]}'

response: {"assetID":"asset1","appraisedValue":100}

Get Total Blocks on Peer0 of Org2

docker logs peer0.org1.example.com 2>&1 | grep -i -a -E 'private|pvt|privdata'

shows 3 blocks

Let's add 3 more blocks

export ASSET_PROPERTIES=$(echo -n "{"objectType":"asset","assetID":"asset2","color":"blue","size":30,"appraisedValue":100}" | base64 | tr -d \n) peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n private -c '{"function":"CreateAsset","Args":[]}' --transient "{"asset_properties":"$ASSET_PROPERTIES"}"

Shows 3 more blocks

docker logs peer0.org1.example.com 2>&1 | grep -i -a -E 'private|pvt|privdata'

Now Private data appraisedValue on Org1MSPPrivateCollection has now been purged as blockToLive is set to 3 in collections_config.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

a2.PRIVATE_DATA_README.md

a2.PRIVATE_DATA_README.md

Private Data Example

Start the network

Deploy the private data smart contract to the channel

Environment variables to use the Fabric CA client

Fabric CA client home set to the MSP of the Org1 CA admin

Register a new owner client identity using the fabric-ca-client

Register identities

Generating Identities by enrolling new owner client

Copy Node OU

Registering a new user (buyer)

Set Env Variables

Register User

Enrolling User

Copy OU

Create an asset in private data

We created the Identity, we can invoke the private data smart contract to create a new asset

Note that the private data is passed using the --transient flag. Inputs passed as transient data will not be persisted in the transaction

Setting Data as env variable that is going to be used while create asset:

Submitting transaction

Query the private data as an Authorized peer

Query the private data as an unauthorized peer

Switch to a peer in Org2

User 2 is not authorized to access this

Transfer the Asset using AgreeToTransfer

Now buyer has agreed to buy asset at User 1 (owner's) price

The asset needs to be transferred by the identity that owns the asset, so need to change to Org 2

Transfer Asset

Query

Purge Private Data

Setting Env

Get Total Blocks on Peer0 of Org2

shows 3 blocks

Let's add 3 more blocks

Shows 3 more blocks

Now Private data appraisedValue on Org1MSPPrivateCollection has now been purged as blockToLive is set to 3 in collections_config.json

Files

a2.PRIVATE_DATA_README.md

Latest commit

History

a2.PRIVATE_DATA_README.md

File metadata and controls

Private Data Example

Start the network

Deploy the private data smart contract to the channel

Environment variables to use the Fabric CA client

Fabric CA client home set to the MSP of the Org1 CA admin

Register a new owner client identity using the fabric-ca-client

Register identities

Generating Identities by enrolling new owner client

Copy Node OU

Registering a new user (buyer)

Set Env Variables

Register User

Enrolling User

Copy OU

Create an asset in private data

We created the Identity, we can invoke the private data smart contract to create a new asset

Note that the private data is passed using the --transient flag. Inputs passed as transient data will not be persisted in the transaction

Setting Data as env variable that is going to be used while create asset:

Submitting transaction

Query the private data as an Authorized peer

Query the private data as an unauthorized peer

Switch to a peer in Org2

User 2 is not authorized to access this

Transfer the Asset using AgreeToTransfer

Now buyer has agreed to buy asset at User 1 (owner's) price

The asset needs to be transferred by the identity that owns the asset, so need to change to Org 2

Transfer Asset

Query

Purge Private Data

Setting Env

Get Total Blocks on Peer0 of Org2

shows 3 blocks

Let's add 3 more blocks

Shows 3 more blocks

Now Private data appraisedValue on Org1MSPPrivateCollection has now been purged as blockToLive is set to 3 in collections_config.json