Issues digital certificates by creating a transaction from the issuing institution to the recipient on the Bitcoin blockchain that includes the hash of the certificate itself. See the schema
This uses bitcoind in regtest mode. This route makes many simplifications to allow a quick start, and is intended for experimenting only.
-
Install Docker Engine and Docker Compose
- If you are using Mac OSX or Windows, your installation includes both Engine and Compose, so you can skip to the #installation anchor for your OS.
- If you already have Docker installed, ensure your version is >= 1.10.0, and that you have both Engine and Compose
-
Clone the repo:
git clone https://github.com/digital-certificates/cert-issuer.git -
From a command line in cert-issuer dir, build your docker container:
cd cert-issuer docker build -t ml/cert-issuer:1.0 . -
Read before running!
-
Once you launch the docker container, you will make some changes using your personal issuing information. This flow mirrors what you would if you were issuing real certificates.
-
To avoid losing your work, you should create snapshots of your docker container. You can do this by running:
docker ps -l docker commit <container for your ml/cert-issuer> my_cert_issuer
-
-
When you're ready to run:
docker run -it ml/cert-issuer:1.0 bash -
Start bitcoind. This will use the bitcoin.conf from the docker container, which runs in regtest mode:
bitcoind -daemon
Important: this is a simplification to avoid using a USB, which needs to be inserted and removed during the standard certficate issuing process. Do not use these addresses or private keys for anything other than experimenting.
Ensure your docker image is running and bitcoind process is started
-
Create an 'issuing address' and save the output as follows:
issuer=`bitcoin-cli getnewaddress` sed -i.bak "s/<issuing-address>/$issuer/g" /etc/cert-issuer/conf.ini bitcoin-cli dumpprivkey $issuer > /etc/cert-issuer/pk_issuer.txt -
Create a 'revocation address' and save the output as follows. Note that we don't need to save this corresponding private key for testing issuing certificates:
revocation=`bitcoin-cli getnewaddress` sed -i.bak "s/<revocation-address>/$revocation/g" /etc/cert-issuer/conf.ini -
Don't forget to save snapshots so you don't lose your work (see step 3 of client setup)
-
Add your certificates to /etc/cert-issuer/data/unsigned_certs/
- To preview the certificate issuing workflow, you can add our sample unsigned certificate as follows. Note that we are renaming the file to the uid field in the unsigned certificate
cp /cert-issuer/docs/sample_unsigned_cert.json /etc/cert-issuer/data/unsigned_certs/68656c6c6f636f6d7077ffff.json -
Make sure you have enough BTC in your issuing address.
a. You're using bitcoind in regtest mode, so you can print money. This should give you 50 (fake) BTC:
bitcoin-cli generate 101 bitcoin-cli getbalanceb. Send the money to your issuing address -- note bitcoin-cli's standard denomination is bitcoins not satoshis! In our app, the standard unit is satoshis. This sends 5 bitcoins to the address
bitcoin-cli sendtoaddress $issuer 5 -
Run TODO: There is an cert-issuer the Dockerfile and/or setup.py. The pip install here shouldn't be required. For now, these get it running:
source /cert-issuer/env/bin/activate cd cert-issuer pip install . cert-issuer -c /etc/cert-issuer/conf.ini
Project documentation is under docs/ and summarized here: docs/index.md
http://cert-issuer.readthedocs.io/
MIT Media Lab Digital Certificates is an incubation project. We're looking for feedback, contributions, and general discussion. This is not currently intended for production release, but we are improving our approach for future releases.
Contact certs@media.mit.edu with questions