howestsecandpriv/iotasigneddata

Interface for Howest Security & Privacy's Iota signed data API

Maintainers

Details

gitlab.devops.ti.howest.be/web3-general/iota-laravel-signed-data-package

Installs: 12

Dependents: 0

Suggesters: 0

Security: 0

0.2 2023-01-17 10:25 UTC

Requires

MIT 047806505f46779346ff6d4c7bd08fa0b192e4ea

  • Shane Deconinck <shane.deconinck.woop@howest.be>

This package is not auto-updated.

Last update: 2023-10-24 14:09:42 UTC

README

The IotaSignedData package is a package for Laravel that allows for the writing of a hash to the IOTA blockchain. The package makes use of the Guzzle HTTP client to interact with the IOTA SignedData API. The package utilizes the env() function to fetch the IOTA SignedData API's URL and JWT token from the environment variables.

Requirements

  • Laravel 7+
  • PHP 7.2+
  • Guzzle HTTP client
  • IOTA SignedData API that implements an interface defined by the Web3 Team, Security and Privacy Research Group, Howest

Installation

To install the package, first install it using composer by running the command:

composer require howestsecandpriv/iotasigneddata

Configuration

The package requires two environment variables to be set in your .env file:

  • IOTA_SIGNED_DATA_API_URL: the URL of the IOTA SignedData API, should have a trailing slash.

  • IOTA_NODE_JWT_TOKEN: the JWT token to authenticate with the API. The JWT token contains the freelancer_id, which is used by the API as the payload index in IOTA

Usage

The package provides a single public method writeHash(string $hash, string $preImage = null): string that takes in a hash and an optional pre-image.

$response = IotaSignedData::writeHash("7bf4ab29630fc6dfa187f8a6b68a1efa8e36e8f2a8904ec7b3460ebfae1d2cd2", "pre-image");

The method first checks if the pre-image is provided and if it matches the hash. If the pre-image is provided but does not match the hash, an exception is thrown.

The method then uses the Guzzle HTTP client to send a POST request to the IOTA SignedData API with the provided hash and the JWT token in the headers. If the request is successful, the response body is returned. If the request is unsuccessful, an exception is thrown.

The IOTA SignedData API makes a signature pre-image that consists of concatenation of the freelancer_id and the hash. Then the API signs it. This way, it can be guaranteed that only the freelancer could have posted this to the API (explains need for freelancer_id concatenation), and that only the API could have written it to the tangle (that's the signature part).

Author

Shane Deconinck (shane.deconinck@howest.be)

© Web3 Team, Security and Privacy Research Group, Howest