![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2023--5-22
介紹
Browser v.s. Uplink.exe
- Browser: Server-side encrypted
- Uplink CLI: End-to-end encrypted
Satellites
Users have accounts on and trust specific Satellites.
Any user can run their own Satellite. (OpenSource)
功能
- node discovery system
- node address information caching
- per-object metadata storage
- storage node reputation management
- billing data aggregation
- storage node payment
- data audit and repair
- account and authorization management
Up / Down 過程
Up
1. break large files into 64MB Segments
2. encrypted by the Uplink client
3. breaking each segment into 80 pieces (erasure-coded)
(any 29 are required to reconstitute a file)
4. The Uplink Client uploads pieces peer-to-peer
(in parallel 80 Storage Nodes)
The Uplink Client attempts a few more than 80 during the upload process to eliminate any long-tail effect and the related latency from the slowest Storage Nodes.
過程
Stripe
A stripe is a further subdivision of a segment.
A stripe is a fixed amount of bytes that is used as an encryption and erasure encoding boundary size.
Erasure encoding happens on stripes individually,
whereas encryption may happen on a small multiple of stripes at a time.
A stripe is the unit on which audits are performed.
Erasure Share
When a stripe is erasure encoded, it generates multiple pieces called erasure shares.
Only a subset of the erasure shares is needed to recover the original stripe.
Pieces
When a remote segment’s stripes are erasure encoded into erasure shares,
the erasure shares for that remote segment with the same index are concatenated together,
and that concatenated group of erasure shares is called a piece.
The _i_th piece is the concatenation of all of the _i_th erasure shares from that segment’s stripes.
Down
Client requests a file from the Satellite and the Satellite returns a list of 35 Storage Nodes
stopping once it has retrieved the 29 pieces needed to reconstitute the file
加密過程
Root secret:
A private string defined by the client that is used to derive keys for encrypting and decrypting data stored on the network.
Derived key:
A key derived from the path key for the lowest level path element.
The derived key is used to encrypt the "random key" before it is stored in a segment’s metadata.
Random key:
A randomly generated key used to encrypt segment content and metadata.
Object key:
A key derived from the root secret and the file path.
There is a different path key for every element in the path,
and a path key is used to derive new path keys for lower level path items.
Root -> Object -> Derived -> Random
Access Grant
Gives access through native clients (i.e. uplink)
An Access Grant is a bearer token that enables applications to interact with Storj DCS
to access objects stored on the service and decrypt them client-side.
uplink.exe
# asked for your API Key
uplink.exe setup
# create bucket
uplink.exe mb sj://cakes
# upload / download
uplink.exe cp <FILE_PATH> sj://cakes
# list file
uplink.exe ls sj://cakes
# Retrieving all metadata
uplink.exe meta get sj://cakes/cheesecake.jpg
# Delete our object
uplink rm sj://cakes/cheesecake.jpg
# generate a shareable URL
uplink share --url --not-after=+2h sj://cakes/cheesecake.jpg
# By default, the access is read-only.
uplink share --readonly=false --not-before=+2h --not-after=+10h sj://cakes/
進階功能
# Check list of Access grants
uplink access list
# Import access grant from a file / key
uplink.exe import cheesecake cheesecake.access
uplink.exe import cheesecake 13df....
# switch the current access
uplink.exe access use <access>
# Set default access to use
uplink.exe access use <access>
# more information on an access
uplink access inspect NAME
# Revoke an Access
uplink access revoke NAME
# If you chose an access name, you'll need to specify it in the following command as --access=name
Node
Graceful Exit
Without impacting the availability of pieces
a command that allows a Storage Node to upload the pieces it is holding peer-to-peer to other Storage Nodes.
If, through the failure, loss or unavailability of Storage Nodes,
the number of available pieces of a segment reaches the Repair Threshold,
Repair Workers download 29 pieces of that object, re-encode the object, regenerate the missing pieces,
then upload pieces to healthy storage nodes so that sufficient pieces are available to guarantee the availability of the object.
