Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time



This project uses Blockchain and OpenPGP to create a decentralised registry of file verification data. The registry contains the hash of the file, a signature confirming the ownership and the public key of the owner or author of the file. The signature is generated using OpenPGP, and the network is assumed to be a decentralised blockchain, making the data on the network immutable.



Gnupg binary for your operating system.

I tested the python library gnupg in this simple script: /prototypes/ and from what I can tell it only seems to work with gpg1 or gnupg1 package. For reference this is the package that I used download a similar one for your OS.

You can also configure the path to the gpg binary via the environment variable GPG_BINARY


sqlite3 database for a quick start.

I use SQLite for testing the application but you can plugin any DB that you want using the environment variable SQLALCHEMY_DATABASE_URI on both the client and the API.

Environment variables

All of these variables have defaults, but if you want to use something else, please feel free to define the values for these environment variables and the code will pick them up.

If you don't know what enironement variables are or how to define them, then refer to this: Environment_variable#Assignment


Config file: src/api/


This allows you to define which database program to use for the API and the path to the DB. Default: sqlite:///src/api/app.db


Config file: src/client/


This allows you to define which database program to use for the Client and the path to the DB. Default: sqlite:///src/client/app.db


Using this you can define the path to the desired gpg binary to be used by the gnupg python library. Default: /usr/bin/gpg1


Used for defining where the GPG key store (key database) is stored. This can be stored on another secure node rather than the client for more security, hence this option. Default: src/client/keys


This is the secret key used for generating CSRF tokens for forms. This is a security feature and I suggest that you use your own key. Default: "your-secret-key"


This defines the path to the folder where files are stored temporarily for processing (generating file hash) and then deleted right after that. This is for both adding and verifying a file. Default: src/client/uploads

Run the application

There are two separate applications that need to be started for the whole system to work:

  • API (Blockchain): src/api
  • Client: src/client

Setup venv with python3

Navigate to the folders above in separate terminal windows. It is required to create a virtual environment for python before running the applications (for both directories):

$ python3 -m venv .venv

Activate the virtual environment:

$ source .venv/bin/activate

NOTE: Before processding make sure that the terminal prompt looks like this: (.venv) $

Both the API and the Client come with three bash scripts:

  • installs the required python dependencies, configures flask and create database.
  • starts the application.
  • deletes the database.

NOTE: the API application needs to be running for the Client to work as expected.

Start the applications

For a fresh setup run the ./ script followed by ./ and the terminal output should look like this:


(.venv) $ ./
 * Serving Flask app "blockAPI"
 * Running on (Press CTRL+C to quit)


(.venv) $ ./
 * Serving Flask app "blockclient"
 * Running on (Press CTRL+C to quit)

Important note:

Once you have added a file, it is not automatically added to the blockchain. The chain needs to be mined, if you search for the file before mining it will not be found (404). For the purposes of this demo program the mining process has to be triggered manually. You can automate this later when you are running nodes to form consensus.

Generally you will have multiple files in the transaction pool ready to be mined and added to a block in the blockchain. But when you are testing you can call the following endpoint after adding the first file to test the verification mechanism after that.

For now you need to call the API endpoint: /api/mine


$ curl --location --request GET "http://localhost:6000/api/mine"

Clean up

Once you are done close the application with Ctrl + C and run the ./ script and finally, to exit the virtual environment:

(.venv) $ deactivate

API Reference


A file verification system which checks a file's integrity and ownership using Blockchain and OpenPGP





No releases published


No packages published