ipfs将文件存储在block目录,且与config中的ID和Key无关

仓库的PeerID与ipfs链上存储的文件有何关系?丢失PeerID后如何恢复文件?

推导结论

  • 结论1:ipfs将文件存储在~/.ipfs/block文件中
  • 结论2:ipfs将文件存储在block目录,且与config中的ID和Key无关
    • 定期备份好block目录,即为备份ipfs
  • 结论3:存储文件本身的Hash值目录的CID最重要,不会因为PeerID变化而变化
  • 问题:该结论会导致本仓库的Block文件被任意权限访问、篡改,是否有办法给文件加密绑定唯一的PeerID?

测试过程

  • 存储一个test文件在当前仓库
    • echo 666 > test
    • ipfs add test
      • 获得文件Hash:added QmQiNx6otNyjowGrSYDRD4bw4sShX2SqnTf1L5r1USps6e test
    • ipfs add test -w
      • 获得目录Hash:Qme7aKg1QbsGgwKWJqqobUUa5iWLb4ihnvqx7RDjTqyfEC
  • 通过文件、目录,分别获取文件内容
    • ipfs ls /ipfs/Qme7aKg1QbsGgwKWJqqobUUa5iWLb4ihnvqx7RDjTqyfEC
    • ipfs cat QmQiNx6otNyjowGrSYDRD4bw4sShX2SqnTf1L5r1USps6e
  • 查看记录上次初始化ID与Key

    • 可以进入文件夹~/.ipfs/config直接查看,通过命令ipfs config show看不到Identity信息。 js { "Identity": { "PeerID": "QmNp61tANNHRmtQ73ajrS94CxPYPBHwNEm7FbuhaybugUv", "PrivKey": "CAASqAkwggSkAgEAAoIBAQCn+GsqaaMJVpNQImidVDueutwnmPwiyEwbr5lMQnshRAMCF9JhsmLwowd4diiq1dwa3MB+kgUkE7LsxQjT12aTRxxhn9TJU7nrfH9bu6lRREKOw5bAa18vpM5EJAv1Wazqkiw6TLHygPnwWO0eYBMy0krX9O/O54tk2QVv/qNF70EIah4crrjV7Z74um+NFg8ODxkOUx+9kSU/uLtw83MV6ujSs5ozqfGK8KDStVzYZbvIgCJ/sKVv1hzIZVsf4/77MWmd6I0MllUPIdTJnEJwpeec5rmLlBuL61E1/S/lhHUSIWi/23xpBZRKLNTy+5gmcsZmz3jMG17IZexNEJ3XAgMBAAECggEAWAXu4wMI1VPxTwU5HXmO5Ne3l2iseO3ONJQJGdWdAQnLKcWiEmCRSNmmiJIjLaN0/P7CQZHz77wC/+EhhyJSNswFK4O+1uJxg95yP3hQeq3y0y3cSmn6L9WF4l+hhKnB3AtN8h9PAW5ljHaNjGV8qh1Z62IIab0dZ3PzTYV7uqGVbwxtbX4EbpMvDh3EQsZdL89fYv2Svu8EllKFPzaVGqEc1cJE91rXg0gXSCpB2md0pKRzL5GOdpgLrA2Ym8o3ZODRiN4fQdRnimO1NGP0jlI7jULU/7eSPgcYzEH3lMEEQ0xeY2QibBReUaGtXfXQ/qXgqhoaZd6rupbzw0R+AQKBgQDMjNAehKoVfQxc5KC0avwS7Dy28o2TQNB2tXNgDd6z1X2EArGTPT4ZRgP5CDGUp9enJxw3oJ1prQLTM8zVXikO/eJ1GEzt88WA9ig4ltIsQh72izAOKg0TboGcvs6nDsLjPIZAKrnPZrRe/NA3HRSlNESbP0Gm6hdEaix+Wzj79wKBgQDSODQdGOqvD3nQeE5PBDTRzpnq8jsZqYXrBtlG+uAemBl+4U7QFs2Hx7NFN7B9rLLws5HlHeRRWMBOvOXFUGiP3pisDnc+u2egpOgzXVukJgI/IZZzi+RIDumQisezTm7aQUv0aAfuXTSRJntVn7uLc4fM76iAXb6PaoxUhmI1IQKBgQCrW1OGHXE26zkOIOGYAwAFAi6ivHNp5qQ8rilnUHc+hBzQGEmWpXl+Rq9RUlHmzOzWNOdomn8EZlG1iPGR1X3j90BdA+x+cvcD4DM1pPOQ7BtwQo4Rb5zgqHSgUSBhxvXw02VMH/7lBo8X/AaaBRykgTLwM3/WSskPITsA537HZQKBgQDMW/LdboGGmUbUUH/f9LjcVTnv2nd1pQUYy1mh1PTXCQmP/Lu/Msuu+YXe/hpGsgJqWEa2Mu7n3Z1lbeD4hgiAA+brLEzj4Q8GbgmFFXanBoQclyxJO286VbTc3Ozx9IdzCRMrj45WPKmDiaNQQ63wDOmxYjGuSHOdu/ibmuARwQKBgEiCMqjvqxS6hw11a+EBQHctc9tKb2wkpTwtFnTQtlWr32613U1s20RHPbZj/z7p73sxXwqW7mJRaV1QsRnJbUxICKUBmREZYv7Mb2TOK8WoahOgRsMw1/0FSFibNyWEs5ySglTt/ZySOTe6Xz7/ghextWZ6OwPNgA8/s+TqOm1u" } }
  • 备份并删除现有.ipfs/目录,重新执行ipfs init,再启动ipfs daemon

    • PeerID,变化了
    • readme文件的目录Hash还是同一个
# PS D:\workspace\ipfs\nova.ipfs> ipfs init
# initializing IPFS node at C:\Users\ipfsapp\.ipfs
# generating 2048-bit RSA keypair...done
# peer identity: QmUD5RRDiZLWzYu3FsTdFAhFpDeHJViPZonRFFV2KfNgm6
# to get started, enter:

    ipfs cat /ipfs/QmS4ustL54uo8FzR9455qaxZwuMiUhyvMcX9Ba8nUH4uVv/readme

  • 再次获取刚才存储过的test文件,已经无法获取
ipfs ls /ipfs/Qme7aKg1QbsGgwKWJqqobUUa5iWLb4ihnvqx7RDjTqyfEC

##==> Error: Post http://127.0.0.1:5001/api/v0/ls?arg=%2Fipfs%2FQme7aKg1QbsGgwKWJqqobUUa5iWLb4ihnvqx7RDjTqyfEC&encoding=json&resolve-type=true&size=true&stream-channels=true: context canceled

ipfs cat QmQiNx6otNyjowGrSYDRD4bw4sShX2SqnTf1L5r1USps6e

##==> 无响应
  • 尝试将Identity信息恢复,再尝试获取test文件【失败】
    • 进入文件夹~/.ipfs/config直接修改
    • 依然无法访问,无响应
  • 尝试恢复备份的.ipfs文件,再次获取test文件【成功】

  • ipfs daemon 过程中是否可篡改config和block?可以篡改

    • 运行时覆盖config文件,无法访问,再覆盖block目录,即可访问test
    • 运行时覆盖block文件,即可访问test