Skip to content
Tessera - Enterprise Implementation of Quorum's transaction manager
Branch: master
Clone or download
namtruong and melowe Update Jetty SslContextFactory (#755)
* upgrade version of okhttp3 beyond 3.12.0 to avoid vulnerability CVE-2018-20200

* instantiate SslContextFactory.Server instead
Latest commit 34afb8f May 23, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Move code owners file into specific GitHub folder Mar 14, 2019
argon2 [maven-release-plugin] prepare for next development iteration Apr 11, 2019
config-cli Support communication with a TLS-secured InfluxDB (#747) May 14, 2019
config-migration Remove excess newlines from migration and GRPC modules (#724) May 1, 2019
config Support communication with a TLS-secured InfluxDB (#747) May 14, 2019
data-migration Load resource stream over file (#733) May 7, 2019
ddls [maven-release-plugin] prepare for next development iteration Apr 11, 2019
docs/0.9 Add homepage for version 0.9 Apr 10, 2019
enclave Add jdk version classifier to distribution jars (#743) May 13, 2019
encryption [maven-release-plugin] prepare for next development iteration Apr 11, 2019
grpc-api [maven-release-plugin] prepare for next development iteration Apr 11, 2019
grpc-service minor clean up - remove byte[] return for partyinfo since it will alw… May 17, 2019
grpc [maven-release-plugin] prepare for next development iteration Apr 11, 2019
jaxrs-client Added enforcer rule for dependency convergence and fixed issues May 7, 2019
jaxrs-service minor clean up - remove byte[] return for partyinfo since it will alw… May 17, 2019
key-generation [maven-release-plugin] prepare for next development iteration Apr 11, 2019
key-pair-converter [maven-release-plugin] prepare for next development iteration Apr 11, 2019
key-vault upgrade version of okhttp3 beyond 3.12.0 to avoid vulnerability CVE-2… May 21, 2019
security Remove excess newlines from TLS/security module (#720) Apr 29, 2019
server Update Jetty SslContextFactory (#755) May 23, 2019
service-locator [maven-release-plugin] prepare for next development iteration Apr 11, 2019
shared Added matching logic in origin match. Apr 26, 2019
tessera-core minor clean up - remove byte[] return for partyinfo since it will alw… May 17, 2019
tessera-dist Add jdk version classifier to distribution jars (#743) May 13, 2019
tessera-sync Bugfix bouncycastle version conflict (#736) May 7, 2019
tests Node will not self-update partyinfo after successful partyinfo call May 17, 2019
.codecov.yml #447 Sep 14, 2018
.editorconfig Update code owners Oct 12, 2018
.gitignore Improvement rationalise shared (#432) Aug 20, 2018
.maven.xml Use github site plugin for deployment Apr 12, 2019
.travis.yml Add jdk version classifier to distribution jars (#743) May 13, 2019
Dockerfile Skip maven enforcer plugin (#739) May 8, 2019
LICENSE Update LICENSE Aug 2, 2018
README.md Update Tessera jar paths (#746) May 13, 2019
Tessera Privacy flow.jpeg Add files via upload Jul 16, 2018
TesseraLogo.png Remove README content that can now be found in the wiki Jul 31, 2018
checkstyle-suppressions.xml Exclude generated sources from checkstyle Jun 14, 2018
checkstyle.xml Update the "shared" module with checkstyle checks. Apr 12, 2019
logback-build.xml Security alert jetty version (#711) Apr 24, 2019
pom.xml upgrade version of okhttp3 beyond 3.12.0 to avoid vulnerability CVE-2… May 21, 2019
spotbugs-exclude.xml Logging vunerability handled in logback.xml exclude from spotbugs Apr 11, 2019
spotbugs-include.xml Add spotbugs config although dont fail on error at this time. Mar 29, 2019

README.md

Build Status codecov

Important: Release 0.9 Feature
Tessera now supports remote enclaves for increased security. Please refer to the wiki for details.

Tessera is a stateless Java system that is used to enable the encryption, decryption, and distribution of private transactions for Quorum.

Each Tessera node:

  • Generates and maintains a number of private/public key pairs

  • Self manages and discovers all nodes in the network (i.e. their public keys) by connecting to as few as one other node

  • Provides Private and Public API interfaces for communication:

    • Private API - This is used for communication with Quorum
    • Public API - This is used for communication between Tessera peer nodes
  • Provides two way SSL using TLS certificates and various trust models like Trust On First Use (TOFU), whitelist, certificate authority, etc.

  • Supports IP whitelist

  • Connects to any SQL DB which supports the JDBC client

Prerequisites

Building Tessera

To build and install Tessera:

  1. Clone this repo
  2. Build using Maven (see below)

Selecting an NaCl Implementation

Tessera can use either the jnacl or kalium NaCl cryptography implementations. The implementation to be used is specified when building the project:

jnacl (default)

mvn install

kalium

Install libsodium as detailed on the kalium project page, then run

mvn install -P kalium

Running Tessera

java -jar tessera-dist/tessera-app/target/tessera-app-${version}-app.jar -configfile /path/to/config.json

See the tessera-dist README for info on the different distributions available.

Once Tessera has been configured and built, you may want to copy the .jar to another location, create an alias and add it to your PATH:

alias tessera="java -jar /path/to/tessera-app-${version}-app.jar"

You will then be able to more concisely use the Tessera CLI commands, such as:

tessera -configfile /path/to/config.json

and

tessera help

By default, Tessera uses an H2 database. To use an alternative database, add the necessary drivers to the classpath:

java -cp some-jdbc-driver.jar:/path/to/tessera-app.jar:. com.quorum.tessera.Launcher

For example, to use Oracle database:

java -cp ojdbc7.jar:tessera-app.jar:. com.quorum.tessera.Launcher -configfile config.json

DDLs have been provided to help with defining these databases.

Since Tessera 0.7 a timestamp is recorded with each encrypted transaction stored in the Tessera DB. To update an existing DB to work with Tessera 0.7+, execute one of the provided alter scripts.

Configuration

Config File

A configuration file detailing database, server and network peer information must be provided using the -configfile command line property.

An in-depth look at configuring Tessera can be found on the Tessera Wiki and includes details on all aspects of configuration including:

  • Cryptographic key config:
    • Using existing private/public key pairs with Tessera
    • How to use Tessera to generate new key pairs
  • TLS config
    • How to enable TLS
    • Choosing a trust mode

Migrating from Constellation to Tessera

Tessera is the service used to provide Quorum with the ability to support private transactions, replacing Constellation. If you have previously been using Constellation, utilities are provided within Tessera to enable the migration of Constellation configuration and datastores to Tessera compatible formats. Details on how to use these utilities can be found in the Tessera Wiki.

Further reading

  • The Tessera Wiki provides additional information on how Tessera works, migrating from Constellation to Tessera, configuration details, and more.
  • Quorum is an Ethereum-based distributed ledger protocol that uses Tessera to provide transaction privacy.
  • Follow the Quorum Examples to see Tessera in action in a demo Quorum network.

Getting Help

Stuck at some step? Have no fear, the help is here Quorum Slack

You can’t perform that action at this time.