iText & Blockchain

With iText & Blockchain you are able to integrate the blockchain technology into iText, enabling you to store digital signatures in a blockchain instead of in the PDF document.

Features & Benefits

Click the arrow to expand features and benefits.

iText & Blockchain tutorial video

Core capabilities

Data in a blockchain

  • Can be signed using known PKI-infrastructure.
  • Is automatically validated and timestamped.
  • Can be viewed by everyone
  • Can live separately from the physical (real world) data it references.

Relation to PDF:

  • Pdf documents can be digitally signed.
    • Requires Certificate Authority (centralized).
    • Requires timeserver (centralized).
    • Cannot be signed in parallel.
    • Signatures live in the document.
  • Web of trust
  • Integrity: “The document has this exact content.”
  • Authentication: “I created this document. And I can prove it.”
  • Non-repudiation: “He created this document. And I can prove it.”
  • Timestamp

pdfChain

Why should you use iText & Blockchain

A blockchain holds data. It collects this data in units called 'blocks'. There is a mechanism to prove a block has not been tampered with. And over time, blocks get chained together. This chaining organically enables a kind of 'history'.

Blockchain technology

A blockchain supersedes older technology that deals with authentication and nonrepudiation. First, there are many ways you can digitally sign a document. Typically by "signing" we mean creating a hash of a document, creating a signature from that hash with a private key, and storing the signature. This has two effects:

  1. the signature identifies the person who signed the document.
  2. the signature, when decrypted, identifies the file from which it was computed.

    Once such a signature is stored in a blockchain, it can not be changed or deleted. This gives you an extra advantage:

  3. the fact that your signature is in the blockchain gives you a point in time when the operation was done.

Later you can say: "Hey, I've created this hash on 10 Oct 2016: here is the transaction in the blockchain which contains the hash. I've created it according to this formula from this file. " Now any person can take your file and compute the hash again and verify that it matches the one stored in the blockchain. All this works because:

  1. it is very easy to compute the hash from a file but very difficult to craft a similar file which will produce exactly the same hash.
  2. it is practically impossible to change the data stored inside blockchain.
  3. every transaction in the blockchain has a timestamp, so having the transaction we know exactly when it was done.

Theoretical usecase - high level

On a high level, the idea is to separate the functionality of signing and integrity from a pdf, and bring those into the blockchain. Imagine an example use case.

  1. The document is created, and the document ID (along with its hash, and the name of the hashing algorithm) gets put on a public blockchain. This does not cause any problems, since the hash typically does not allow you to rebuild the entire document. We put the hashing algorithm on the chain as well to ensure long term validation.
  2. Now imagine that this document is an invoice. Bob has had some work done on his house, and the renovation company sends him an invoice.
  3. Bob wants to sign the invoice to indicate he agrees with the price and will pay. Bob's private key is then used to encrypt the hash-value of the document. This signature (comprising the ID of the document, the original hash-value, the signed hash-value, as well as the names of the hashing algorithm and signing algorithm) are stored on the blockchain.
  4. Alice, who works for the renovation company wants to check whether Bob has signed already. She can easily look up all records on the blockchain for a given ID (the document ID). One of these records ought to be the record Bob created earlier. Since the record contains the original hash, and the names of all the algorithms involved, Alice can verify 2 things:
    • it was Bob that signed, using the hash, the signed hash, and Bob's public key.
    • Bob signed the exact document she sent him, using the document ID and the hash.

High level idea blockchain

Theoretical usecase - low level

Implementation

The interfaces we impose on blockchain implementations are minimal, yet they provide us with the needed abstraction to enable us to build complex applications and workflows on top of them. We abstract a blockchain as a multimap, allowing end-users to store an object (represented by Record, which is HashMap) and tying it to a key (String).

public interface IBlockChain {
 
    /**
     * Put data on the blockchain
     *
     * @param key  the key being used to put the data on the blockchain
     * @param data the data being put on the blockchain
     */
    public boolean put(String key, Record data);
 
    /**
     * Get data from the blockchain
     *
     * @param key the key being queried
     * @return
     */
    public List<Record> get(String key);
 
    /**
     * Get all data from the blockchain
     * @return
     */
    public List<Record> all();
}


Concrete implementation using JSON-RPC and MultiChain

As a proof of concept we have provided an implementation of the interface IBlockchain using JSON-RPC (remote procedure call) and MultiChain.

If you want to learn more about setting up a blockchain instance with MultiChain, check out their website for more resources, in particular the getting started guide here.


An example of iText & Blockchain

In this example, we will show you how to put a document on the blockchain, with signature:

       IBlockChain mc = new MultiChain(
                "http://127.0.0.1",
                4352,
                "chain1",
                "stream1",
                "multichainrpc",
                "BHcXLKwR218R883P6pjiWdBffdMx398im4R8BEwfAxMm");
 
        InputStream keystoreInputStream = BasicFunctionalityTest.class.getClassLoader().getResourceAsStream("ks");
        InputStream inputFileStream = BasicFunctionalityTest.class.getClassLoader().getResourceAsStream("input.pdf");
 
        AbstractExternalSignature sgn = new DefaultExternalSignature(keystoreInputStream, "demo", "password");
 
        PdfChain chain = new PdfChain(mc, sgn);
 
        // put a document on the chain
        boolean wasAdded = chain.put(inputFileStream);
        Assert.assertTrue(wasAdded);
 
        // check whether the chain now contains this value
        boolean isEmpty = chain.get("z�L{�Wd=��\u007F\u0010��G�").isEmpty();


You can retrieve information about a document from the blockchain like this:

  IBlockChain mc = new MultiChain(
                "http://127.0.0.1",
                4352,
                "chain1",
                "stream1",
                "multichainrpc",
                "BHcXLKwR218R883P6pjiWdBffdMx398im4R8BEwfAxMm");
 
        PdfChain chain = new PdfChain(mc);
 
        for(Record record : chain.get(new File("example_file.pdf")))
        {
            for(Map.Entry<String,Object> en : record.entrySet())
            {
                System.out.println(en.getKey() + "\t" + en.getValue().toString());
            }
            System.out.println("");
        }


Discover our resources

Webinar

Talks

 

Tutorial

Tutorial

 

Ebook

eBook

 

Blog

Blog

 

White paper

DZone Refcard #264

 

Documentation

Other