PHPackages phptek/verifiable - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. phptek/verifiable ActiveSilverstripe-vendormodule[Security](/categories/security) phptek/verifiable ================= Verify that data hasn't changed, by reference to a Blockchain or Merkle storage. 0.7.5(7y ago)9363[21 issues](https://github.com/phptek/silverstripe-verifiable/issues)BSD-3-ClausePHPPHP >=7.0 Since Jun 25Pushed 6y ago2 watchersCompare [ Source](https://github.com/phptek/silverstripe-verifiable)[ Packagist](https://packagist.org/packages/phptek/verifiable)[ RSS](/packages/phptek-verifiable/feed)WikiDiscussions master Synced 3w ago READMEChangelogDependencies (7)Versions (30)Used By (0) SilverStripe Verifiable ======================= [](#silverstripe-verifiable) [![Build Status](https://camo.githubusercontent.com/459bba05030515e075659f5a926c082ad13cba699c1eee57968873aa6f4a5183/68747470733a2f2f6170692e7472617669732d63692e6f72672f70687074656b2f73696c7665727374726970652d76657269666961626c652e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/phptek/silverstripe-verifiable)[![Scrutinizer Code Quality](https://camo.githubusercontent.com/687d51e89d5e38c2adb486661a71ec0cb2fd0df6b7dc3be1653ab30f979c3666/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f70687074656b2f73696c7665727374726970652d76657269666961626c652f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/phptek/silverstripe-verifiable/?branch=master)[![License](https://camo.githubusercontent.com/5bbe8bbd953fb9f51a16677d728287cd53316f6ff8429f70e11062141bc4a07d/68747470733a2f2f706f7365722e707567782e6f72672f70687074656b2f76657269666961626c652f6c6963656e73652e737667)](https://github.com/phptek/silverstripe-verifiable/blob/master/LICENSE.md) What is this? ------------- [](#what-is-this) SilverStripe content authors are able to verify whether or not their content has been tampered with. It is a configurable data and content verification module for SilverStripe applications. It provides independent and data-integrity verification to content authors and developers. Data can be verified independently of SilverStripe and its database, and at any time. The module can also be extended by means of a powerful API. Background ---------- [](#background) For decades users of software have taken it for granted that their data is safe from tampering. That developers, vendors and database administrators will not make unauthorised modifications to data or code, regardless of any mal-intent. Simply put: Users have put their faith into these entities for no reason other than they probably sounded like they knew what they were doing. No centralised I.T. can claim immutability. This module therefore offers verifiability; data who's integrity is mathematically provable at any point in time. If data changes when it shouldn't have, then those that need to know, can. The identification of unwarranted behaviour and negative outcomes is not the only application of verifiability. Verifiability is a research domain of its own that is closely aligned with those of the decentralisation movement, typified by cryptocurrencies and permissionless blockchain networks. Verifiability is also concerned with transparency and accountability in the context of public data and this module will help achieve this for SilverStripe applications. Without any configuration; the module's defaults offer a simple administrative interface that allows the content of a specific version of any [versioned](https://github.com/silverstripe/silverstripe-versioned) `DataObject`, to be verified as not having changed since it was published. How does it work? ----------------- [](#how-does-it-work) With the most basic configuration; on each database write-operation, a sha256 hash of selected field-data is created and submitted to a separate backend system that implements a [Merkle or Binary Hash Tree](https://en.wikipedia.org/wiki/Merkle_tree). This backend can be a local or remote immutable or semi-immutable data store, or a proxy data-store to either. The two systems that we are aware of that fit the bill as serviceable Merkle backends of this kind are; public blockchains (notably Bitcoin and Ethereum) and standalone or clustered Merkle Tree storage systems like [Trillian](https://github.com/google/trillian/). In addition to processing and persisting value-based transactions in their native cryptocurrencies, the Bitcoin and Ethereum blockchains are also capable of storing arbitrary data of a limited size, the former by means of its [OP\_RETURN](https://en.bitcoin.it/wiki/OP_RETURN) opcode. This makes them ideal for storing Merkle Root hashes from which individual "leaf" hashes can be mathematically derived. The module's default Chainpoint adaptor makes use of REST calls to the [Chainpoint](https://chainpoint.org/) Network. Chainpoint will periodically write Merkle Root hashes to the Bitcoin blockchain. Developers are also free and able to integrate with different backends using the module's pluggable API. See the "Extending" section below. [![alt text](doc/img/screenshot-asset-admin-ss4.2.png "Screenshot from SilverStripe 4.2 asset admin")](doc/img/screenshot-asset-admin-ss4.2.png) [![alt text](doc/img/screenshot-page-admin-ss4.2.png "Screenshot from SilverStripe 4.2 page admin")](doc/img/screenshot-page-admin-ss4.2.png) Requirements ------------ [](#requirements) - At least PHP7 and SilverStripe 4. - PHP setup with the following to decode binary format proofs returned from Chainpoint REST API calls - [Zlib](https://secure.php.net/manual/en/book.zlib.php) - [msgpack](https://msgpack.org/) - [allow\_url\_fopen](http://nz2.php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen) enabled in php.ini. Install ------- [](#install) ``` #> composer require phptek/verifiable ``` ### Verify the package [](#verify-the-package) The package comes with a `CHECKSUM` file which can be used to verify that the package contents have not altered since they were pushed to GitHub. Simply change into the "verifiable" directory, run the following command and compare its output with the `CHECKSUM` file. If for any reason, the `CHECKSUM` file is missing, you can still compare with the file for the equivalent build on GitHub itself: ``` #> diff CHECKSUM