This repository implements the manufacturer backend of a blockchain-based secure software update platform. The manufacturer prepares and encrypts software updates, publishes update metadata and purchase information to a blockchain smart contract, and stores encrypted update packages on IPFS. Devices then discover updates, purchase them, download the encrypted packages from IPFS, verify integrity, and decrypt them using CP-ABE-managed keys.
- Prepare the update package and encrypt the file with a generated symmetric key (AES-256).
- Encrypt the symmetric key under a CP-ABE policy (producing Ec) so only compliant devices can decrypt it.
- Upload the encrypted update file to IPFS and obtain the CID (Es).
- Compute hashes (e.g., SHA3-256) of the encrypted file for integrity reference.
- Sign metadata (version, price, CID, file hash, description) with the manufacturer's ECDSA private key.
- Register the update metadata and purchase conditions on the blockchain smart contract.
- Optionally monitor purchase events and deliver post-purchase actions (e.g., revoke, update policies).
- OS: macOS (development recommended)
- Shell: zsh
- Python: 3.10 or newer
- Dependencies: listed in
requirements.txt - Entry point:
main.py - Containerization: Docker & Docker Compose supported
-
Web framework used for the backend API and admin endpoints (imports in
main.pyandapi/routes.py). -
API documentation and request parsing (used in
api/routes.py). -
Ethereum/compatible blockchain interactions (used in
blockchain/contract.py). -
IPFS client (
ipfshttpclient) for uploading encrypted update files (ipfs/upload.py). -
CP-ABE implementation (used in
crypto/cpabe/cpabe.py). -
AES-256 symmetric encryption utilities (
crypto/symmetric/symmetric.py). -
File integrity hashing (uses
hashlib.sha3_256incrypto/hash/hash.py). -
Signature creation/verification utilities (see
crypto/ecdsa/ecdsa.py). -
Project language and runtime environment.
-
Containerization support (see
Dockerfile).
See install.md for installation and usage instructions.
Blocker_Manufacturer_Backend/
│
├── main.py # Application entry point
├── README.md # Project description (this file)
├── install.md # Installation and run guide
├── requirements.txt # Python dependencies
│
├── api/ # API endpoints (Flask Blueprint)
│ └── routes.py
│
├── blockchain/ # Blockchain integration modules
│ ├── contract.py # Smart contract interface class
│ ├── utils.py
│ └── registry_address.json
│
├── crypto/ # Crypto and hashing modules
│ ├── cpabe/ # CP-ABE implementation
│ │ └── cpabe.py
│ ├── ecdsa/ # ECDSA sign/verify
│ │ └── ecdsa.py
│ ├── hash/ # Hash utilities (SHA3, etc.)
│ │ └── hash.py
│ ├── symmetric/ # Symmetric encryption/decryption (AES-256)
│ │ └── symmetric.py
│ └── keys/ # Key files (PEM, master key, etc.)
│ ├── device_secret_key_file.bin
│ ├── ecdsa_private_key.pem
│ ├── ecdsa_public_key.pem
│ ├── master_key.bin
│ └── public_key.bin
│
├── ipfs/ # IPFS upload utilities
│ └── upload.py
│
├── services/ # Business logic (service layer)
│ └── update_service.py
│
└── utils/ # Common utilities
└── logger.py
This project is licensed under the MIT License. See LICENSE for details.
Contributions and questions are welcome via Issues and Pull Requests. For more information about the overall project, visit the organization repository or open an issue on this repository.
