Tamper-proof operations

    The component in charge of state handling is the . To set up the stateService 3 interfaces need to be implemented and provided to the StateService constructor:

    • Cache interface in the cache package. Standard cache.NewFileCache provides a file state store solution.
    • StateProvider in the stateService package. It provides a fresh state from immudb server when the client is being initialized for the first time. Standard StateProvider provides a service that retrieve immudb first state hash from a gRPC endpoint.
    • UUIDProvider in the stateService package. It provides the immudb identifier. This is needed to allow the client to safely connect to multiple immudb instances. Standard UUIDProvider provides the immudb server identifier from a gRPC endpoint.

    Following an example how to obtain a client instance with a custom state service.

    Any immudb server has its own UUID. This is exposed as part of the login response. Java SDK can use any implementation of the ImmuStateHolder interface, which specifies two methods:

    • ImmuState getState(String serverUuid, String database) for getting a state.
    • void setState(String serverUuid, ImmuState state) for setting a state.

    Note that a state is related to a specific database (identified by its name) and a server (identified by the UUID). Currently, Java SDK offers two implementations of this interface for storing and retriving a state:

    • FileImmuStateHolder that uses a disk file based store.
    • SerializableImmuStateHolder that uses an in-memory store.

    As most of the code snippets include FileImmuStateHolder, please find below an example using the in-memory alternative:

    1. SerializableImmuStateHolder stateHolder = new SerializableImmuStateHolder();
    3. ImmuClient immuClient = ImmuClient.newBuilder()
    4.                 .withStateHolder(stateHolder)
    5.                 .withServerUrl("localhost")
    6.                 .withServerPort(3322)
    7.                 .build();
    9. immuClient.login("immudb", "immudb");
    10. immuClient.useDatabase("defaultdb");
    11. // ...
    12. immuClient.logout();

    This feature is not yet supported or not documented. Do you want to make a feature request or help out? Open an issue on Node.js sdk github project (opens new window)

    This feature is not yet supported or not documented. Do you want to make a feature request or help out? Open an issue on

    If you’re using another development language, please read up on our immugw (opens new window) option.

    If immudb is launched with a private signing key, each signed request can be verified with the public key. In this way the identity of the server can be proven. Check to see how to generate a valid key.

    1. // Having immudb server running with state signature enabled
    3. // we provision the client with the public key file, and this implies that
    4. // state signature verification is done on the client side
    6. File publicKeyFile = new File("path/to/public_key.pem");
    8. immuClient = ImmuClient.newBuilder()
    9.                     .withServerUrl("localhost")
    10.                     .withServerPort(3322)
    11.                     .withServerSigningKey(publicKeyFile.getAbsolutePath())
    12.                     .build();
    14. try {
    15.     ImmuState state = immuClient.currentState();
    16.     // It should all be ok as long as the immudb server has been started with
    17.     // state signature feature enabled, otherwise, this verification will fail.
    19. } catch (RuntimeException e) {
    20.     // State signature failed.
    21. }

    This feature is not yet supported or not documented. Do you want to make a feature request or help out? Open an issue on Python sdk github projectTamper-proof operations - 图5 (opens new window)

    If you’re using another development language, please read up on our option.

    Tamperproof reading and writing

    You can read and write records securely using a built-in cryptographic verification.

    Verified get and set

    The client implements the mathematical validations, while your application uses a traditional read or write function.

    1.     tx, err := client.VerifiedSet(ctx, []byte(`hello`), []byte(`immutable world`))
    2.     if  err != nil {
    3.         log.Fatal(err)
    4.     }
    6.     fmt.Printf("Successfully committed and verified tx %d\n", tx.Id)
    8.     entry, err := client.VerifiedGet(ctx, []byte(`hello`))
    10.         log.Fatal(err)
    12.     fmt.Printf("Successfully retrieved and verified entry: %v\n", entry)

    This feature is not yet supported or not documented. Do you want to make a feature request or help out? Open an issue on Python sdk github projectTamper-proof operations - 图8 (opens new window)

    1. import ImmudbClient from 'immudb-node'
    2. import Parameters from 'immudb-node/types/parameters'
    4. const IMMUDB_HOST = '127.0.0.1'
    5. const IMMUDB_PORT = '3322'
    6. const IMMUDB_USER = 'immudb'
    7. const IMMUDB_PWD = 'immudb'
    9. const cl = new ImmudbClient({ host: IMMUDB_HOST, port: IMMUDB_PORT });
    11. (async () => {
    12.     await cl.login({ user: IMMUDB_USER, password: IMMUDB_PWD })
    14.     const verifiedSetReq: Parameters.VerifiedSet = {
    15.         key: 'hello',
    16.         value: 'world',
    17.     }
    18.     const verifiedSetRes = await cl.verifiedSet(verifiedSetReq)
    19.     console.log('success: verifiedSet', verifiedSetRes)
    21.     const verifiedGetReq: Parameters.VerifiedGet = {
    22.         key: 'hello',
    23.     }
    24.     const verifiedGetRes = await cl.verifiedGet(verifiedGetReq)

    This feature is not yet supported or not documented. Do you want to make a feature request or help out? Open an issue on