Upload immutability

miohtama · July 27, 2020, 7:51am

Can Storj / Tartigrade uploads created in a way that they are immutable? E.g. the network guarantees the admin cannot change the contents of the file afterwards.

syncamide · July 27, 2020, 8:17am

You probable need digital signature for that. Storj does not meet you requirement

kaloyan · July 27, 2020, 2:07pm

I was pretty sure you could achieve this using an access grant with disallowed deletes. But I’ve just tried it and I could still overwrite the file (delete was not possible). I will check with the team if we have a bug here.

kaloyan · July 27, 2020, 2:28pm

The team confirmed we have a bug. I also found confirmation in the API docs of the Uplink Library: uplink/access.go at c66d9eb21232758d5439aa1797dfef8c9170f75e · storj/uplink · GitHub

// AllowUpload gives permission to create buckets and upload new objects.
// It does not allow overwriting existing objects unless AllowDelete is
// granted too.

When we fix the bug, you would be able to generate such access grant with the uplink share command:

uplink share --readonly=false --disallow-deletes

The above would generate an access grant for the whole Tardigrade project. If you need it for a specific bucket, add it as an argument:

uplink share --readonly=false --disallow-deletes sj://mybucket

Then use the generated access grant in your application. If you want to test it with the Uplink CLI, passed it with --access argument, i.e.

uplink --access 12z...RR2 cp my-file.txt sj://mybucket/myfile.txt

@miohtama Would this solution satisfy you? As I mentioned we need to fix a bug first.

miohtama · July 27, 2020, 3:35pm

The goal is to have “blockchain hard” immutable files that nobody can overwrite them for auditing purpose. Would this work with Tartigrade - giving guarantees that even Storj team itself cannot manipulate them?

kaloyan · July 27, 2020, 3:52pm

“Blockchain hard” immutable files would require a real blockchain. Theoretically, we can integrate the satellite with a blockchain, so it stores a signed hash for each immutable object segment on the blockchain. These signed hashes would act as proof that the data has not been tempered since it was initially uploaded.

However, the performance and cost of such immutable objects would be completely different from the one of the general-purpose storage we have right now. This is because blockchain transactions are slow and expensive.

We have no plan to implement this right now, but theoretically, it should be possible.

Would you elaborate more on the use case? If you don’t want to share details in public, feel free to contact us on https://tardigrade.io/partner/