Initialize SDK
Get Needed Resources
Ant Group's engineering team will provide you with DataHub SDK, API Documentation, DataHub Toolkit and Other Configuration values.
DataHub SDK
Ant Group's engineering team will provide you with an DataHub SDK (java supported), which you can integrate into your Java application to upload data (data will be encrypted and uploaded in your application).
You can upload it to your central repository, so that applications deployed in different environments can fetch this SDK. The Maven dependency configuration is as follows:
<dependency>
<groupId>com.alipay.idatahub</groupId>
<artifactId>idatahubtee-sdk-integration</artifactId>
<version>1.0.0</version>
</dependency>API Documentation
DataHub Toolkit
Ant team will provide you with an Datahub-toolkit, there are 3 shells that can help generate keys.
ant-idatahub-toolkit-1.0.0.tar.gz
-ant-idatahub-toolkit #ant data toolkit
--genrsa.sh #generate rsa private and public keys
--auth.sh #auth to ant
--gendk.sh #generate data keys
--conf
---inst.conf #configurations
--lib
---lib.sh #shell libConfiguration values
Ant Group's engineering team will provide you these configuration values for each development environment offline.
Name | Description | Example |
Institution id | An unique identity of your wallet, generated by ant server, used to manage permissions. | bfaa0186c7914119bf23ed0f30b4542a |
Ant Institution id | An unique identity of ant, generated by ant server. You can use this value to grant privileges for access your data to ant. | bea2575316587d1gh695baqfkb4787l |
Client id | An unique identity of your application client, generated by ant server. | 5J5Y373E2Y0SJ436328 |
Client pk | A public key of your application client, generated by ant server, used to signature HTTP request. | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxVfIu1OEkJYy1WnVtaj+uc8zaCopgPh3emowW+tcFMb73yBL+L+PkPkUiHAJemKNKUHDUlzAJJNyWZm4IE8tJTgnQYKLplvEJo91UTxKtI44OjqPODP1D+RvSEHNnKhQ0T2LmnYDzhTH8TDhySbwyIjt4mi5LTcynJ8ZZ9mFVcPocWTNmZTVSd+JvB3SQCFaSQpm61DXdHqRz56F5OBYjoTPEAsuFFcE6VufNqpHReKf8M3z4g0OTUiGbCnSO2xPL9sZW7unJOfMRCfLow0a1BiaWUtxOZ+Csfo/uw1VwC2i8nVSOZlKrOk/SU4eRUPjshGvsBacPP1XLYqgYUJB4QIDAQAB |
Client sk | A private key of your application client, generated by ant server, used to signature HTTP request. | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCblaO3Wku9/KNS PTkyAPfn7x87Yg8fjohuV8bAX2V/Jz2e135GeFTB59Qmr5Up3ZtMdJaBBNJX9/a4 md9N9xV3OhOkK12PTACM1g0DGMcWQFvXNpH0xCRNsvplRhE1HD84x9pcEqGdDxgY LbqXAGkcG+bwnpxCJ0QrW25atbkFA7NTTjpsZRzLGINJZEJNo4a6+RkV/goQ6YDL SFxPb2HY5V98HEm/SgYTnTvOiGSqw1sBjjuhTcCeQqyF4/QIPKsrVTYLdlFpoDlR oS+ZPKHzWa4+/OSp+I4AcXYEp+/Zuviym2+2K0cjuRkNWuVzKoyy87kzi0cNI1T3 e9EaU6rVAgMBAAECggEAORUs7P+fHISNs4Ws73C1hA4Sqmnu3Igh/EIONNSLW5yd GiM8PES37DDPgKYZFzQsX1/DPHD1b7sVdWNXL7bA1G6leC1E9WdQKFv8iC9WFA7m 404tPN2d6DgLcI7Fj3PeqkmBDxjy3LoGABD/DZnj9qEyGQRIlmjrtPCly3gy+uhr bOCnMEILO5I1qBuP+8lK1z3Tc1bMBJ7YpVxwgsf27qrmpWlw3oeSIb+05c2wGO7N xN3dW0L0d7YvuopKDuHPf0Td5uF2kmtblISIMFlp3AgQXGXkUjAjfUpyyMVH8z04 EZVDjOojWV4LZ4gjRcTMetK+2XgR0IUz8hhmcskzQQKBgQD6c3qYUdDswY7auBG6 VroDEJu6Ri6PVvTqbYjfY2jv4hNapqbASbbbLYitjYKF271b0ZJeYp0zlf7Xko9v mGmurMuzdzykx/D2SFVO5KqcHroLsQU/ACrHK0gmpCbMohtJHY6lU92ckDlMMmBP Ib8+TcyZfUxHzwsaFWBAF0MGhQKBgQCfCBd5Kw63IHHZml6oH936Lc1FP0zUc85E XPLWoPX6T0vYhNdjR8+G//7/90yF3sKjZ9yU89GXK+c2IvPhqFPfC26Hjb+KisYO dB0T9bjJAwiLHcJSHiVnCilMcmErIgUSNyR6Yfy/oUWY3IRQpaJDCgO/lJ0vd0Gx p5mxMeoMEQKBgQDRaWlin1aAAEAAZdR86DNUiLiNgk1AEUdsFPZTQv3lRjVEoP/g 3EIG9gXIiABRCLFGau9l+DLVhV+2xJcmilwjb9xLTTHp3jx+0XBzLQPy0kZhrDxk tzENpAUKOksu44TJF+vEFWHBnV4rdhvNTrxnzgl7dacoi9gOkT0PmeOzOQKBgQCR KUSr4GadN6tUUjkmw3fOPfKJy97oahCUjDdJPEFqyujTaWZlhA3lD1UG9gfOhmgp 2csZ13ivwW5aFwuAJjLwfDHW38c/wa5JUSmdp4SVTwSEX5SZelTvufG6iwkw4uu4 FcdhQoH/tUie4GKSbq4u/TwwqonT4sp/TBnZCVO20QKBgGaCPNoHKLFreJaH0zbg xk63EMoa4/HYRNDZb6ZIHUleHioPDaAXzE7NW+RHbzdQNvjZHD4cYfJw3Fx85yHm 6ZlkD9S+zT6+xNhda98lQuii5JDuuem81l0m7eC8/dySbN3GQvmIolucNoOfNBM/ 1dUVo5GBhcU4PQfn0yoPTQ6E |
Mrsigner | A digital signature used in Intel SGX technology to verify the trustworthiness and integrity of an SGX application. | 8C4F5775D796503E96137F77C68A829A0056AC8DED70140B081B094490C57BFF |
TEE pk | A public key of all applications running in TEE, used to encrypt keys. | MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4nh2Ztvn1hGy2aCFU2GYj4TP4 PADwODJI13GlwHpytmEDuBFRAsvfrkZbq6Sf+CTye9Jn5DG8fCHFO0kcbRT4TXsh hKPduDkJo5wpfMCC+tIdbfNxphqkacuucptchLrcoW0jOTopiLqfRj9u3zMdfbx/ GMB1xel2SgP7th/TqwIDAQAB |
Setup SDK
step 1: unzip ant-idatahub-toolkit.tar.gz
tar -zxvf ant-idatahub-toolkit.tar.gzstep 2: configure some values in ant-idatahub-toolkit/conf/inst.conf
vi ant-idatahub-toolkit/conf/inst.confset values as guided in Chapter 1.4:
client_id=<Client id>
client_sk=<Client sk>
inst_id=<Institution id>
ant_id=<Ant Institution id>
mrsigner=<Mrsigner>
tee_pk=<TEE pk>step 3: generate public key and private key.
./genrsa.shresult will be stored in local file, which will be used in step 4, step 5. step 6, please don't modify these files.
-ant-idatahub-toolkit #ant data toolkit
--public_key.pem #Institution Public key
--private_key.pem #Institution Private keyName | Description | Example |
Institution Public key | The public key is sent to ant server, and will be used for verify signature and decryption. | -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4nh2Ztvn1hGy2aCFU2GYj4TP4 PADwODJI13GlwHpytmEDuBFRAsvfrkZbq6Sf+CTye9Jn5DG8fCHFO0kcbRT4TXsh hKPduDkJo5wpfMCC+tIdbfNxphqkacuucptchLrcoW0jOTopiLqfRj9u3zMdfbx/ GMB1xel2SgP7th/TqwIDAQAB -----END PUBLIC KEY----- |
Institution Private key | The private key is kept in your server, and will be used for signature and encryption. | -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQC4nh2Ztvn1hGy2aCFU2GYj4TP4PADwODJI13GlwHpytmEDuBFR AsvfrkZbq6Sf+CTye9Jn5DG8fCHFO0kcbRT4TXshhKPduDkJo5wpfMCC+tIdbfNx phqkacuucptchLrcoW0jOTopiLqfRj9u3zMdfbx/GMB1xel2SgP7th/TqwIDAQAB AoGACdqWpd+4U7xvuQSx0r+CJCQfC/7X5fp55J1rOXeekYTehL5MXlCR5Sx+IOJ2 dPtfrXmib10ksnTFsKtLabMAzXDPmduE9KcoXxa4v9UR9zdmaSYSiF61hX0e7wwJ sm+aeyFY14grFaa1CGLCYEMoxzPH52rWd0qA3HHq8q8eBBECQQDcbednTi5J1/nu 3dSd/NIcn8rXf4i3FFCXny2KgZ5UkQ82cQe8oRQrN/unQnJP9JfRXXluQsO9O7Q6 yx3KNsVHAkEA1mjOKIuu1l9u6Zg8JZ85VKL8oi+F5ao/Isrc5uAJ6YvQ8YARdaxq 3DdTR4zK+W6mtj5LSJQUnavupSYWalKAfQJBAKSVNvNOT4d5SDcO0KLJ04Pl14lB wy2XcHlVM6a4EyTnTmmCyZkQ2ENQwIhpN3r1kKmVVoZ6OTZArtg7Mln6vR8CQAaj VgahVHdkmv12bh5IELFTHnky+XVD0RKVr0Mimov1fTGM4n1/KgvJVrW3YS1ZxKWN xizoEL9U7F2GkVkXVs0CQQCPsyFbYaU4DriQ4wqTqG9EPB/HXKsaBxuACelWt1CS Kx/eHPMSFdwMHT4okJRHXB2vzW6jO7+oFyh6l2OUa3bI -----END RSA PRIVATE KEY----- |
step 4: auth to ant, using <Institution Private key> in step 3.
./auth.shstep 5: generate data key, using <Institution Private key> in step 3.
./gendk.shresult will be stored in local file, which will be used in step 6, please don't move or modify this file.
-ant-idatahub-toolkit #ant data toolkit
--dk.txt #Data keyName | Description | Example |
Data key | The data key is used to encrypt raw data. | GJR0V982qzTvSzCbCD1RcQ== |
step 6: configure in your own application which will integrate with the SDK.
file path: <Classpath of your application>://tee/keys.properties
1) move .pem files (generated at step3) to <Classpath of your application>://tee/, make sure that .pem file and keys.properties are in the same directory.
2) configure value
client_id=<Client id> #from Chapter 1.4 "Configuration values"
client_sk=<Client sk> #from Chapter 1.4 "Configuration values"
inst_id=<Institution id> #from Chapter 1.4 "Configuration values"
ant_id=<Ant Institution id> #from Chapter 1.4 "Configuration values"
mrsigner=<Mrsigner> #from Chapter 1.4 "Configuration values"
tee_pk=<TEE pk> #from Chapter 1.4 "Configuration values"
inst_pk=<Public key file name> #from step 3, such as public_key.pem
inst_sk=<Private key file name> #from step 3, such as private_key.pem
dk=<Data key> #from step 5