Search code examples
hyperledger-fabrichyperledger-chaincode

Hyperledger Fabric, how to share private data with another peer node?

I am exploring a bit more about Hyperledger Fabric, and have become interested in private data. From what I understand, when a peer node creates private data, it is stored on that node, together with the hash of that private data. Unauthorized nodes will only store the hash of the private data so they can verify its existence.

I am working with a 4 nodes (three peers, one ordered), Where Org1 (peer node) has unique privilidges to create value which has to be made visible to Org2 (peer node) but must not be made visible to Org3 (peer node). Is there a way this can be done. This is a Typescript chaincode sample taken from the IBM Blockchain Platform vscode extension tutorials to create private data.

    @Transaction()
    public async createMyPrivateAsset(ctx: Context, myPrivateAssetId: string): Promise<void> {
        const exists: boolean = await this.myPrivateAssetExists(ctx, myPrivateAssetId);
        if (exists) {
            throw new Error(`The asset my private asset ${myPrivateAssetId} already exists`);
        }

        const privateAsset: MyPrivateAsset = new MyPrivateAsset();

        const transientData: Map<string, Uint8Array> = ctx.stub.getTransient();
        if (transientData.size === 0 || !transientData.has('privateValue')) {
            throw new Error('The privateValue key was not specified in transient data. Please try again.');
        }
        privateAsset.privateValue = transientData.get('privateValue').toString();

        const collectionName: string = await getCollectionName(ctx);
        await ctx.stub.putPrivateData(collectionName, myPrivateAssetId, Buffer.from(JSON.stringify(privateAsset)));
    }

Would I have to change something here for it?

Thanks in advance!

Solution

  • Yes, private data is a good fit for this scenario. There are two basic approaches.

    1. Use a static collection - Create a collection with Org1 and Org2 as members and putPrivateData to that collection.
    2. Use implicit collections - putPrivateData to Org1 implicit collection and putPrivateData to Org2 implicit collection.

    With the latter approach, you do not need to create a static collection ahead of time. It also allows you to share the private data with Org3 implicit collection at a later time if Org3 gets authorized for the data in the future.

    See the private data documentation and private data tutorial and sample for more details.

    Note that with this approach Org3 will know that Org1 and Org2 are sharing some data, but will not see the private data itself. If you don't want Org3 to have any knowledge that the transaction occurred, then you would use a channel for Org1 and Org2 instead of using private data.