Skip to content

External Storage

Imagine that two participants on a network decide to share a video. It’s impractical to store something this large on a blockchain, so they decide to store it off-chain on AWS. Participant A uploads the video to an S3 bucket and records the resource URI and S3 path to access it.

Participant B may verify the legitimacy of the timestamped file upload by calling viewHash on a smart contract called externalStorage. viewHash returns the timestamp of the upload and the public key of the uploader.

When Participant B views the hash of the S3 resource, he is responsible for manually verifying that the S3 resource matches the deserialized hash of the datasource. In addition, Participant A will be responsible for communicating any potential S3 authentication credentials to Participant B out-of-band.

Participant B may call an additional function, verifyHash, which accepts the external storage hash as an argument. If the submitted hash matches the hash previously added to the contract, the method will return true.

Setup S3 Credentials

To begin, we will supply our S3 credentials to our ./strato.sh run script when we startup our node:

EXT_STORAGE_S3_BUCKET - enables external storage feature; the AWS S3 bucket name to use as the blockchain data external storage EXT_STORAGE_S3_ACCESS_KEY_ID - the access key ID for AWS S3 bucket provided EXT_STORAGE_S3_SECRET_ACCESS_KEY- the secret access key for AWS S3 bucket provided

The startup command should look like this (modify variables with your own S3 credentials):

~/strato-getting-started$ 

EXT_STORAGE_S3_BUCKET=<YOUR STORAGE BUCKET NAME>
EXT_STORAGE_S3_ACCESS_KEY_ID=<YOUR ACCESS KEY ID>
EXT_STORAGE_S3_SECRET_ACCESS_KEY=<YOUR SECRET ACCESS KEY>

./strato.sh --enterprise

Upload File to S3

This endpoint uploads a file to an AWS S3 bucket and creates a smart contract with the URI of the file on S3. This allows a user to cryptographically prove that the file was uploaded to S3 at a specific date.

uploadFile() {

    const content = "../path/to/my/file";
    const provider = "amazon";
    const metadata = "sample video on s3";

    fetch("http://localhost/apex-api/bloc/file/upload", {
        method: "POST",
        headers: "content-type: application/json",
        body: JSON.stringify(content, provider, metadata)
        },
    })
    .then(function(response) {
        console.log(response);
    })  
    .catch(function(error) {
        console.log(error);
    })
}

If the file is uploaded successfully, we'll get a response with the address of the smart contract that is storing our file.

{
  "contractAddress": "0x123456789",
  "URI": "`...`", 
  "metadata": "a sample video on s3"
}

Attest Legitimacy of File

This endpoint can be used to sign a method in the smart contract to attest the legitimacy of the uploaded file on S3.

curl -x POST "http://localhost/apex-api/bloc/file/attest"
    -H  "accept: application/json;charset=utf-8"
    -d  "ea5e32eff6edcfa1da15a124b73c6995096799a7"

This returns a list of addresses that have signed the contract:

{
  "signers": [
    {
      "1": "0x123456",
      "2": "0x246810",
      "3": "0x235711"
     }
  ]
}

Get Signers of File

This endpoint returns the list of users who have attested the legitimacy of the stored resource.

curl -x GET "http://localhost/apex-api/bloc/file/verify"
    -H  "accept: application/json;charset=utf-8"
    -d  "ea5e32eff6edcfa1da15a124b73c6995096799a7"

We'll get a response with the list of addresses who have attested the legitimacy of the stored resource.

{
  "uri": "0123456",
  "timestamp": "02182018_2253",
  "signers": [
    {
"1": "0x123456789",
"2": "02468101214"
    }
  ]  
}

Download Stored File

We can download the file from S3 with this endpoint:

curl -x GET "http://localhost/apex-api/bloc/file/download"
    -H  "accept: application/json;charset=utf-8"
    -d  "ea5e32eff6edcfa1da15a124b73c6995096799a7"

This will immediately begin download of the stored resource to the user's computer.