{"id":13519155,"url":"https://github.com/paragonie/chronicle","last_synced_at":"2025-04-04T20:13:33.008Z","repository":{"id":44932610,"uuid":"95419861","full_name":"paragonie/chronicle","owner":"paragonie","description":"Public append-only ledger microservice built with Slim Framework","archived":false,"fork":false,"pushed_at":"2022-01-17T21:35:17.000Z","size":308,"stargazers_count":469,"open_issues_count":4,"forks_count":25,"subscribers_count":26,"default_branch":"master","last_synced_at":"2025-03-28T19:08:58.596Z","etag":null,"topics":["append-only","blake2b","chain","cryptography","hash","hash-chain","knowledge","php","proof","sapient","security","security-tools"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/paragonie.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-06-26T07:23:16.000Z","updated_at":"2025-02-07T11:12:40.000Z","dependencies_parsed_at":"2022-09-11T21:53:20.736Z","dependency_job_id":null,"html_url":"https://github.com/paragonie/chronicle","commit_stats":null,"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paragonie%2Fchronicle","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paragonie%2Fchronicle/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paragonie%2Fchronicle/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paragonie%2Fchronicle/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/paragonie","download_url":"https://codeload.github.com/paragonie/chronicle/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247242680,"owners_count":20907134,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["append-only","blake2b","chain","cryptography","hash","hash-chain","knowledge","php","proof","sapient","security","security-tools"],"created_at":"2024-08-01T05:01:54.756Z","updated_at":"2025-04-04T20:13:32.986Z","avatar_url":"https://github.com/paragonie.png","language":"PHP","funding_links":[],"categories":["PHP"],"sub_categories":[],"readme":"\u003ch1 id=\"chronicle\"\u003e\u003cimg src=\"https://paragonie.com/static/images/chronicle-logo.svg\" width=\"50\" /\u003e Chronicle\u003c/h1\u003e\n\n[![Build Status](https://github.com/paragonie/chronicle/actions/workflows/ci.yml/badge.svg)](https://github.com/paragonie/chronicle/actions)\n[![Latest Stable Version](https://poser.pugx.org/paragonie/chronicle/v/stable)](https://packagist.org/packages/paragonie/chronicle)\n[![Latest Unstable Version](https://poser.pugx.org/paragonie/chronicle/v/unstable)](https://packagist.org/packages/paragonie/chronicle)\n[![License](https://poser.pugx.org/paragonie/chronicle/license)](https://packagist.org/packages/paragonie/chronicle)\n\n**Chronicle** is a self-hostable microservice, built with [Slim Framework](https://www.slimframework.com),\nwhich enables authorized users to commit arbitrary data to an immutable,\nappend-only public ledger.\n\nChronicle is superior to \"blockchain\" solutions for most real-world\ntechnical problems that don't involve proofs-of-work or Byzantine fault\ntolerance.\n\nMore precisely, Chronicle is a self-hostable microservice exposing an append-only,\ncryptographically-secure hash chain data structure that accepts arbitrary\ndata from authorized clients through an HTTP API, secured by [Sapient](https://github.com/paragonie/sapient),\nthat can be used as a building block for building a cryptographic audit trail\nsimilar to [Certificate Transparency](https://www.certificate-transparency.org/).\n\n\u003e [Chronicle will make you question the need for blockchain technology](https://paragonie.com/blog/2017/07/chronicle-will-make-you-question-need-for-blockchain-technology).\n\nChronicle was developed by [Paragon Initiative Enterprises](https://paragonie.com)\nas part of our continued efforts to make the Internet more secure.\n\n## Getting Started with Chronicle (Documentation)\n\n* [Instructions for Installing Chronicle](docs/01-setup.md)\n* [How to write (publish) to your  Chronicle](docs/02-publish.md)\n* [How to setup cross-signing to other Chronicles](docs/03-cross-signing.md)\n* [How to replicate other Chronicles](docs/04-replication.md)\n* [Concurrent Instances](docs/05-instances.md)\n* [Configuration](docs/06-config.md)\n* [Internal Developer Documentation](docs/internals)\n    * [Design Philosophy](docs/internals/01-design-philosophy.md)\n    * [SQL Tables](docs/internals/02-sql-tables.md)\n\n### Client-Side Software that Interacts with Chronicle\n\n#### PHP\n\n* [Gossamer](https://gossamer.tools) - PIE\n  * [gossamer-server](https://github.com/paragonie/gossamer-server)\n  * [libgossamer](https://github.com/paragonie/libgossamer) \n* [Herd](https://github.com/paragonie/herd) - PIE\n* [Quill](https://github.com/paragonie/quill) - PIE\n  * [Monolog-Quill](https://github.com/paragonie/monolog-quill) - PIE\n* [Chronicle-API](https://github.com/lookyman/chronicle-api) - \n  [Lukáš Unger (@lookyman)](https://github.com/lookyman) \n\n## What does Chronicle do?\n\nChronicle allows trusted clients to send data to be included in an immutable,\nauditable, cryptographic permanent record.\n\nFurthermore, Chronicle has cross-signing and many-to-one replication built-in,\nwhich, when used, greatly enhances the auditability and availability of the\ndata written to your local Chronicle instance.\n\n## What problems do Chronicle solve?\n\n### Chain of Custody\n\nIf you have sensitive information, you can write metadata about client access\ntimes to a private Chronicle in order to have verifiable, tamper-resistant\nproof that specific records were accessed by specific user accounts at a\nspecific time.\n\n### Proof of Knowledge\n\nBy inserting an encrypted message and then revealing the key at a later date,\nyou can provide strong evidence of prior knowledge.\n\n### Userbase Consistency Verification\n\nFor building a [secure code delivery](https://defuse.ca/triangle-of-secure-code-delivery.htm) system,\ncommitting some metadata and a SHA256 or BLAKE2 hash of each update file to\na publicly verifiable Chronicle allows users to compile a whitelist of known\nupdate files to help block trojan horse malware (in the event of a compromised\nupdate server).\n\nFor best results, combine with cryptographic signatures (which may also be\nregistered in the Chronicle) and reproducible builds.\n\n### Auditable Security Event Logging\n\nBecause of Chronicle's cryptographically assured append-only properties, and\nits use of [modern elliptic curve digital signatures](https://ed25519.cr.yp.to/),\nChronicle is a good fit for integrating with SIEM solutions and internal SOCs.\n\n## How does it work?\n\nAll communications are secured with [Sapient](https://github.com/paragonie/sapient).\nSapient ensures that all published messages are signed with Ed25519. All messages\nare committed to a hash chain data structure backed by BLAKE2b, which we call\n[Blakechain](https://github.com/paragonie/blakechain) for short.\n\nThere are two hashes for each message:\n\n1. The hash of the current message, whose BLAKE2b key is the previous message's\n   block. This is just called `currhash` internally.\n2. The summary hash, which is a BLAKE2b hash of all message hashes to date,\n   concatenated together in order. This is called `summaryhash` internally.\n\nThe rationale for using the previous message's hash was to add a degree of domain\nseparation in the event that a BLAKE2b collision attack is ever discovered. The\nkeying should reduce the likelihood of any practical attacks, especially if the\nchain is updated rapidly.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fparagonie%2Fchronicle","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fparagonie%2Fchronicle","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fparagonie%2Fchronicle/lists"}