Comment on page
Setting up a Trustee
Trustees are a core component of PAD. PAD relies on sufficient number of Trustees acting honestly. This is a means of decentralising trust. Given their essential role, Trustees should be run by trusted individuals.
We recommend running a Trustee on a Raspberry Pi. The Trustee software will then run as a daemon and periodically queries the PAD server and responds accordingly. The procedure is simple: download the scripts; edit the configuration file; then start the Trustee daemon.
In the following sections, we assume access to the Raspberry Pi is already set up, either with a monitor and mouse or in headless mode via secure shell (SSH) (See this for a tutorial on setting up a headless Raspberry Pi).
pi@raspberry:~$ git clone https://github.com/sw7group/pad-trustee-node
The repository is currently private. Please email [email protected] with your GitHub account name and we will send you a licence to provide access to the repo.
The repository consists of the installer script
install.sh
, the NodeJS source code of the Trustee, a template configuration file config/pad-trustee.json
and a service file service/pad-trustee.service
that makes the Trustee a daemon.pi@raspberry:~$ sudo apt update
pi@raspberry:~$ sudo apt install nodejs npm
This will install Node.js and npm (Node Package Manager).
with the command
pi@raspberry:~/pad-trustee-node$ ./install.sh
where
~/pad-trustee-node
is the location of the downloaded repository.The script
- checks if nvm (Node Version Manager) is installed
- if not, prompts to install nvm. The user can also manually install nvm.
- generates a random ID for the Trustee
- generates the decryption key and signing key
- creates directories that sit the configuration files and Trustee private keys, the source code and the service file
- generates a configuration file with the Trustee's ID and private keys
- installs NodeJS 14 and installs dependencies
- most importantly, display the public details of the Trustee
Copy the last step's output of the installer. This information is
required to register the Trustee on the PAD server. This is a sample output of the installer:
Trustee ID:
trustee_3d552d143e0102e2
Trustee full name:
Trustee-3d552d143e0102e2
Trustee encryption key:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwvrAS7QgpRx7kWR/447
JY7UOZr7DdPRRuDN+zYE85kDh4EBgbgTTBbvk/5wSGg5x5QMR3coAy0HnEqT3Bxb
aDu/SH5ep+Ybn/Pfk6ddKjBoFt9j+nvVutprnskuBN5F+zb4YnQnGr9vygdhL74A
DLvp0njF3Ab6PZYtv990XrfsE7oBRaXZ+Lx4CV6KiyhDTaOHl7RI854G25O8IS3K
VLjjnNK1VTNttODXXJ5yOOk+zMhXHso7diz1fpbkUyg5Ez5Mwj7ksQ9PRFo7jn+P
HiAVFSIgd5jk5PSzxo3BozfGouigrjehmpp7HJRk7L5UWwUSUa8xYcPP40FxNZGp
YwIDAQAB
-----END PUBLIC KEY-----
Trustee verification key:
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENkqLf3tg3OkCOsVws9c5ImjpKDPj
MuKz6R/aQ2PSwSvAOAiPRHZDwApnyr/v74JrY1DwEeqbaIWn2mVp/euhzw==
-----END PUBLIC KEY-----
Send the information above (Trustee ID, name, and the public keys) to [email protected]. Until then, the PAD server will not process requests from the Trustee.
After registration, an Operator can nominate you to be a Trustee of their instance.
Reload the list of user services:
pi@raspberry:~/pad-trustee-node$ systemctl --user daemon-reload
Then, the Trustee daemon can be started:
pi@raspberry:~/pad-trustee-node$ systemctl --user start pad-trustee
The daemon should fail to start:
pi@raspberry:~/pad-trustee-node$ systemctl --user status pad-trustee
● pad-trustee.service - pad-trustee-node - Trustee service for Privacy-preserving Accountable Decryption (PAD)
Loaded: loaded (...; disabled; vendor preset: enabled)
Active: activating (auto-restart) since ...
Process: ...
Main PID: ...
start.sh[239579]: [Symbol(kCapture)]: false,
start.sh[239579]: [Symbol(kNeedDrain)]: false,
start.sh[239579]: [Symbol(corked)]: 0,
start.sh[239579]: [Symbol(kOutHeaders)]: [Object: null prototype]
start.sh[239579]: },
start.sh[239579]: data: { ok: false, message: 'Unauthorized' }
start.sh[239579]: },
start.sh[239579]: isAxiosError: true,
start.sh[239579]: toJSON: [Function: toJSON]
start.sh[239579]: }
This is because we are using the template API key. We should obtain at least one working Trustee API key to get the daemon running properly.
Whenever a PAD instance is created with you nominated as a Trustee, we will send you the instance name and a Trustee API key associated with the instance. You can choose to join and serve the instance or not.
To join a PAD instance as a Trustee, update the configuration file at
~/.pad-trustee/config/pad-trustee.yaml
. The instances
section shows the list of instances the Trustee is serving. It is a dictionary where the key is the instance name and the value contains the API key.Remove the template instance for the first time. Afterwards, add new entries in the dictionary with the corresponding instance name and API key.
For example, suppose two instances
my-pad-1.0
and my-pad-2.0
have been created by Operators, and the Trustees' API key for them are pad.api.key1
and pad.api.key2
. This is how instances
should look like in the configuration file:instances:
my-pad-1.0:
api_key: pad.api.key1
my-pad-2.0:
api_key: pad.api.key2
To apply the changes, restart the Trustee daemon:
pi@raspberry:~/pad-trustee-node$ systemctl --user restart pad-trustee
You can query the Trustee daemon's status using
systemctl
:pi@raspberry:~/pad-trustee-node$ systemctl --user status pad-trustee
● pad-trustee.service - pad-trustee-node - Trustee service for Privacy-preserving Accountable Decryption (PAD)
Loaded: loaded (...; disabled; vendor preset: enabled)
Active: active (running)
...
The status
Active: active (running)
shows that the daemon is running properly.For a more detailed log of the daemon, you may use
journalctl
:pi@raspberry:~/pad-trustee-node$ journalctl --user-unit pad-trustee
To see a live update of the log, use the
-f
flag. Press Ctrl + C
to exit monitoring.pi@raspberry:~/pad-trustee-node$ journalctl -f --user-unit pad-trustee
To update the Trustee code, download/clone the repository again. Then run
patch.sh
.The script will copy the up-to-date code over to the source directory of the Trustee daemon. It will then restart the daemon.
You may wish the Trustee daemon to start automatically on boot. To do this, simply use the
enable
command in systemctl
:pi@raspberry:~$ systemctl --user enable pad-trustee
- A PEM-encoded string may be used as the keys in the config file instead of specifying a path. For example, instead of having the section
trustee:
decryption_key_file: /path/to/decryption.pem
You may use a key directly like this:
trustee:
decryption_key: |-
-----BEGIN PRIVATE KEY-----
# ...
-----END PRIVATE KEY-----
- You may change the list of instances the Trustee references in the
instances
section. - You may change the
interval
in seconds in which the Trustee queries the PAD server.
Do not setinterval
too small, otherwise some requests may be blocked by the server because of rate-limiting.
- You may change the path in which the states of the Trustee is stored at
storage.path
.
Last modified 1yr ago