PKI on multichain

+2 votes
hi, im building my PKI on multichain for certificate generation and revocation from CSR, i have used streams to do that and i want to know if its is possible to check certificate delivred (if it is valid or revocated) on streams for a server X (instead of using OCSP or CRL) is there any mecanisù to perform this task. thank you very much
asked Jan 28, 2019 by ashir

1 Answer

0 votes
You would have to use some external library for certificate verification since this is not functionality that is built into MultiChain. The stream is there as a storage/retrieval mechanism and will not automatically validate certificates for you. Although of course you could create a stream filter which performed this verification, if you can find the appropriate JavaScript libraries to build it out of.
answered Jan 28, 2019 by MultiChain
hi; thank you for the response, that's exactly what I'm doing, because I'm using a PKI tool and multichain to ditribute certificate and csr (using streams), what i want to know is how  to implement the revocation of certificates that was issued ?? and if there is a possibility to publish certificates and csr without encoding in hexadecimal
thank you
You can't undo a blockchain transaction, but you could represent revocation as another type of stream item saying "this certificate is revoked". Perhaps the key of that stream item would be the same as the key of the item in which the certificate was originally published – this would be your choice as the application developer.

As for the hexadecimal issue, that's only the way the data is represented in the APIs for publishing and retrieving items – on the blockchain itself it's raw binary. If you switch to MultiChain 2.0 you also have the option of storing a textual or JSON representation in a stream.