Sharing encrypted files on a private IPFS network in Java
If you’re going through this article, I assume you’re already familiar with IPFS and are looking for a way to share files publicly or privately over the IPFS network. If you aren’t familiar with IPFS yet, I highly recommend you to go through it once and play around with their desktop client for a while to get a better understanding of how it works. There are numerous well-written articles written on the topic, hence decided not to cover IPFS basics in this post. You can start with their official website, and then this article.
I was working on a blockchain project based upon Corda Framework by R3, wherein it was required to share trade attachment documents privately only with the participating parties. At the time of writing this article, Corda provides the capability of sharing files as attachments but with a limitation (total size of attachments cannot exceed 20MB). Trying to find a workaround to this limitation, I stumbled upon the InterPlanetary File System (IPFS).
Now let’s see how do we encrypt the files and share it with other parties. We’ll use asymmetric encryption along with symmetric encryption for the purpose. Here are steps to be followed for sharing an encrypted file over the IPFS network:
- Generate a symmetric key and encrypt the desired file/files using this symmetric key.
- Share this encrypted file on the IPFS network.
- Now encrypt this symmetric key (that’s generated in step 1) using the public key of the receiver and send it over using a secure medium.
- The receiver gets this encrypted key and decrypts it using its private key and get the symmetric key.
- Retrieve the file from the IPFS network and decrypt it using the symmetric key obtained in step 4. Now you’ll be able to view the file.
Below is a schematic from this article.
Currently, even if the file is encrypted, we’re sharing it with everyone on the public IPFS network. Though nobody would be able to see the contents of the file without having the correct symmetric key, can we also employ a method using which we only share files in a private network where the participants are already verified?
This is achieved by creating a private IPFS network by creating a swarm key and distributing the key across nodes that you want to be a part of your private network. I’ve already created IPFS and Encryption Utility classes in Java, which consists of functions used for encrypting files and sharing them onto the IPFS network. The codes can be directly imported and used in your project. Here’s a link to the gist.
Let me know what you think of this article on twitter @utkarshgpta or leave a comment below!