Download the PHP package phptek/verifiable without Composer

On this page you can find all versions of the php package phptek/verifiable. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package verifiable

SilverStripe Verifiable

Build Status Scrutinizer Code Quality License

What is this?

SilverStripe content authors are able to verify whether or not their content has been tampered with.

It is a configurable data and content verification module for SilverStripe applications. It provides independent and data-integrity verification to content authors and developers. Data can be verified independently of SilverStripe and its database, and at any time. The module can also be extended by means of a powerful API.

Background

For decades users of software have taken it for granted that their data is safe from tampering. That developers, vendors and database administrators will not make unauthorised modifications to data or code, regardless of any mal-intent. Simply put: Users have put their faith into these entities for no reason other than they probably sounded like they knew what they were doing.

No centralised I.T. can claim immutability. This module therefore offers verifiability; data who's integrity is mathematically provable at any point in time. If data changes when it shouldn't have, then those that need to know, can.

The identification of unwarranted behaviour and negative outcomes is not the only application of verifiability. Verifiability is a research domain of its own that is closely aligned with those of the decentralisation movement, typified by cryptocurrencies and permissionless blockchain networks. Verifiability is also concerned with transparency and accountability in the context of public data and this module will help achieve this for SilverStripe applications.

Without any configuration; the module's defaults offer a simple administrative interface that allows the content of a specific version of any versioned DataObject, to be verified as not having changed since it was published.

How does it work?

With the most basic configuration; on each database write-operation, a sha256 hash of selected field-data is created and submitted to a separate backend system that implements a Merkle or Binary Hash Tree. This backend can be a local or remote immutable or semi-immutable data store, or a proxy data-store to either.

The two systems that we are aware of that fit the bill as serviceable Merkle backends of this kind are; public blockchains (notably Bitcoin and Ethereum) and standalone or clustered Merkle Tree storage systems like Trillian.

In addition to processing and persisting value-based transactions in their native cryptocurrencies, the Bitcoin and Ethereum blockchains are also capable of storing arbitrary data of a limited size, the former by means of its OP_RETURN opcode. This makes them ideal for storing Merkle Root hashes from which individual "leaf" hashes can be mathematically derived.

The module's default Chainpoint adaptor makes use of REST calls to the Chainpoint Network. Chainpoint will periodically write Merkle Root hashes to the Bitcoin blockchain.

Developers are also free and able to integrate with different backends using the module's pluggable API. See the "Extending" section below.

Requirements

Install

#> composer require phptek/verifiable

Verify the package

The package comes with a CHECKSUM file which can be used to verify that the package contents have not altered since they were pushed to GitHub. Simply change into the "verifiable" directory, run the following command and compare its output with the CHECKSUM file. If for any reason, the CHECKSUM file is missing, you can still compare with the file for the equivalent build on GitHub itself:

Configuration

Configure the desired backend via SilverStripe's YML config API e.g in a custom app/_config/verifiable.yml file:

Add the VerifiableExtension to each data-model that you'd like to be "Verifiable":

And for SilverStripe 4 File classes:

By default, any fields on your decorated model(s) that you define in the verifiable_fields array, will be hashed and submitted to the backend thus:

When verifiable_fields are declared on File classes and subclasses, then content of the file itself is also taken into account and will comprise the generated hash, as well as the values of each DB field.

Developers can also supply their own data to be hashed and submitted. Simply declare a verify() method on any DataObject subclass that is decorated with VerifiableExtension and its return value will be hashed and submitted to the backend. E.g:

Be sure to run flush=all via your browser or the CLI, in order to refresh SilverStripe's YML config cache.

You'll also need to install a simple cron job on your hosting environment which invokes UpdateProofController. This will do the job of periodically querying the backend for a full-proof (Chainpoint backend only).

./vendor/bin/sake verifiable/tools/update

Extending

Developers can extend the module by means of a powerful API.

  1. Developers can customise the data to be hashed and submitted to a backend.

Developers can alter a DataObject's verifiable_fields (see above) to hash a greater number of fields or; by declaring a verify() method on any decorated and versioned DataObject subclass, the module will call it on every write. Uses of this method might be to notarise uploaded File objects or to use SilverStripe to become the next NewsDiffs. See the configuration section above.

  1. Developers can build alternative backend adaptors.

The module comes pre-configured with a backend for the Chainpoint network. But should you wish to use something else as an immutible data store, or simple an alternative Merkle-to-Bitcoin system, then this can be done. Have a look at the GatewayProvider and ServiceProvider interfaces in the "src/Backend" directory, as well as BackendServiceFactory to see how backends are instantiated. Once you've developed your backend, refer to the "Configuration" section above, for how to override the module's default "Chainpoint" backend.

Known Issues and Caveats

Version 1.x

Background Reading

Support Me

If you like what you see, support me! I accept Bitcoin:

Bitcoin
3KxmqFeVWoigjvXZoLGnoNzvEwnDq3dZ8Q

 

 


All versions of verifiable with dependencies

PHP Build Version
Package Version
Requires php Version >=7.0
ext-msgpack Version *
ext-zlib Version *
silverstripe/versioned Version ^1.1
silverstripe/admin Version ^1.1
phptek/jsontext Version ^2.0.0
dcentrica/chainpoint-receiptviz-php Version ^0.1
guzzlehttp/guzzle Version ^6.3.3
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package phptek/verifiable contains the following files

Loading the files please wait ....