🛡️ wFabricSecurity

Zero Trust Security System for Hyperledger Fabric.
Cryptographic identity verification, code integrity validation, and secure communication.

📚 Official Documentation:
https://wFabricSecurity.readthedocs.io/en/latest/

📚 Complete Documentation Available

For comprehensive tutorials, API reference, architecture diagrams, and FAQ,
visit the official documentation:

https://wFabricSecurity.readthedocs.io/en/latest/

📖 Open Official Documentation →

---

Overview

wFabricSecurity implements a comprehensive Zero Trust security model where no participant is automatically trusted. Every transaction must be cryptographically verified before processing.

In a Zero Trust architecture:

• Never Trust, Always Verify - Every request is authenticated and authorized

• Least Privilege Access - Users get minimum necessary permissions

• Assume Breach - Continuous validation and monitoring

Key Features

Feature	Description
Zero Trust Model	Every participant and transaction must be verified before processing
Code Integrity	SHA-256 hash verification of source code to detect tampering
ECDSA Signatures	Elliptic curve cryptography (secp256k1) for message signing and verification
Communication Permissions	Fine-grained access control with bidirectional, outbound, and inbound options
Message Integrity	Hash verification to detect transmission alterations
Rate Limiting	Token bucket algorithm for DoS protection with configurable rates
Retry Logic	Exponential backoff with jitter for resilient network communication
Certificate Caching	LRU cache with TTL for performance optimization
Hyperledger Fabric Integration	Seamless integration with Fabric Gateway API and network management

---

Architecture

wFabricSecurity follows a layered modular architecture with clear separation of concerns:

digraph Architecture { rankdir=LR; size="8,5"; node [shape=box, style="rounded,filled", fontname="Helvetica"]; User [fillcolor="#667eea", fontcolor="white"]; API [fillcolor="#764ba2", fontcolor="white"]; subgraph cluster_app { label="Application Layer"; style="rounded"; FS [label="FabricSecurity", fillcolor="#4CAF50", fontcolor="white"]; FSS [label="FabricSecuritySimple", fillcolor="#4CAF50", fontcolor="white"]; } subgraph cluster_security { label="Security Layer"; style="rounded"; IV [label="IntegrityVerifier", fillcolor="#FF9800", fontcolor="white"]; PM [label="PermissionManager", fillcolor="#FF9800", fontcolor="white"]; MM [label="MessageManager", fillcolor="#FF9800", fontcolor="white"]; RL [label="RateLimiter", fillcolor="#FF9800", fontcolor="white"]; } subgraph cluster_crypto { label="Cryptographic Layer"; style="rounded"; HS [label="HashingService", fillcolor="#2196F3", fontcolor="white"]; SS [label="SigningService", fillcolor="#2196F3", fontcolor="white"]; IM [label="IdentityManager", fillcolor="#2196F3", fontcolor="white"]; } subgraph cluster_fabric { label="Fabric Layer"; style="rounded"; GW [label="FabricGateway", fillcolor="#9C27B0", fontcolor="white"]; NW [label="FabricNetwork", fillcolor="#9C27B0", fontcolor="white"]; CT [label="FabricContract", fillcolor="#9C27B0", fontcolor="white"]; } subgraph cluster_storage { label="Storage Layer"; style="rounded"; LS [label="LocalStorage", fillcolor="#607D8B", fontcolor="white"]; FSs [label="FabricStorage", fillcolor="#607D8B", fontcolor="white"]; } User -> API; API -> FS; API -> FSS; FS -> IV -> HS; FS -> IV -> SS -> IM; FS -> PM; FS -> MM; FS -> RL; FS -> GW -> NW; FS -> GW -> CT; FS -> LS; FS -> FSs; }

---

Quick Start

Install wFabricSecurity:

pip install wFabricSecurity

Create a secure Fabric interaction:

from wFabricSecurity import FabricSecurity

# Initialize security system
security = FabricSecurity(
    me="Master",
    msp_path="/path/to/msp",
    gateway_path="/path/to/gateway"
)

# Register identity and code integrity
security.register_identity()
security.register_code(["master.py"], "1.0.0")

# Define communication permissions
security.register_communication("CN=Master", "CN=Slave")

# Create and send a signed message
message = security.create_message(
    recipient="CN=Slave",
    content='{"operation": "process_data", "data_id": "12345"}'
)

# Verify and process
if security.verify_message(message):
    print("✓ Message is authentic and unaltered")

Or use the simplified interface:

from wFabricSecurity import FabricSecuritySimple

security = FabricSecuritySimple(msp_path="/path/to/msp")

# One-line verification
result = security.verify_and_process(
    payload={"action": "update"},
    sender="CN=Master"
)

print(f"Verification result: {result}")

---

digraph SecurityFlow { rankdir=TB; size="10,12"; node [shape=box, style="rounded,filled", fontname="Helvetica", fontsize=11]; Start [label="Start", shape=ellipse, fillcolor="#4CAF50", fontcolor="white"]; CreateHash [label="1. Compute SHA-256 Hash", fillcolor="#E3F2FD"]; Sign [label="2. Sign with ECDSA", fillcolor="#E3F2FD"]; Send [label="3. Send {payload, hash, signature}", fillcolor="#FFF3E0"]; Receive [label="Receive Message", fillcolor="#E8F5E9"]; VerifySig [label="4. Verify Signature", fillcolor="#FFEBEE"]; CheckPerm [label="5. Check Permissions", fillcolor="#FFEBEE"]; QueryHash [label="6. Query Code Hash from Fabric", fillcolor="#F3E5F5"]; GetData [label="7. GetParticipant from Ledger", fillcolor="#F3E5F5"]; Compare [label="8. Compare Hashes", fillcolor="#E3F2FD"]; Invalid [label="❌ Code Integrity Error", shape=ellipse, fillcolor="#F44336", fontcolor="white"]; Process [label="9. Process Payload", fillcolor="#E8F5E9"]; Complete [label="10. Complete Transaction", shape=ellipse, fillcolor="#4CAF50", fontcolor="white"]; Start -> CreateHash -> Sign -> Send; Send -> Receive; Receive -> VerifySig; VerifySig -> CheckPerm; CheckPerm -> QueryHash; QueryHash -> GetData; GetData -> Compare; Compare -> Invalid [label="Hash mismatch"]; Compare -> Process [label="Hash match"]; Process -> Complete; }

---

Stats

83%+

Test Coverage

300+

Unit Tests

15+

Modules

50+

Functions

---

Use Cases

🏥 Healthcare

Secure patient data exchange between hospitals using Hyperledger Fabric with cryptographic identity verification.

🏦 Finance

Implement regulatory compliance with tamper-proof transaction logs and audit trails.

🌐 Supply Chain

Track products across supply chains with integrity-verified smart contracts.

🏛️ Government

Zero Trust architecture for citizen services with fine-grained access control.

---

Documentation

Contents

• 1. Getting Started
• 2. Prerequisites
• 3. Installation
• 4. Verification
  • 4.1. Quick Start
    • 4.1.1. Step 1: Basic Initialization
    • 4.1.2. Step 2: Verify a Message
    • 4.1.3. Step 3: Create Secure Communication
• 5. Complete Example
  • 5.1. Next Steps
• 6. Installation
• 7. Requirements
  • 7.1. Python
  • 7.2. Operating System
  • 7.3. Optional Dependencies
• 8. Installation via pip
  • 8.1. Virtual Environment (Recommended)
• 9. Installation from Source
  • 9.1. Clone the Repository
  • 9.2. Editable Install
  • 9.3. Development Install
• 10. Docker Installation
• 11. Verification
• 12. Configuration
  • 12.1. MSP Configuration
  • 12.2. Gateway Configuration
• 13. Troubleshooting
  • 13.1. Import Errors
  • 13.2. Cryptography Errors
  • 13.3. Permission Errors
• 14. Uninstallation
• 15. Usage Examples
  • 15.1. Basic Zero Trust System
    • 15.1.1. Complete Security Workflow
  • 15.2. Code Integrity
    • 15.2.1. Registering and Verifying Code
  • 15.3. Digital Signatures
    • 15.3.1. ECDSA Signing and Verification
  • 15.4. Communication Permissions
    • 15.4.1. Permission Management
  • 15.5. Rate Limiting
    • 15.5.1. Token Bucket Rate Limiter
  • 15.6. Retry Logic
    • 15.6.1. Exponential Backoff
  • 15.7. Message Management
    • 15.7.1. Creating and Verifying Messages
  • 15.8. Master-Slave Decorators
    • 15.8.1. Audited Task Delegation
• 16. API Reference
• 17. Main Classes
  • 17.1. FabricSecurity
  • 17.2. FabricSecuritySimple
• 18. Security Services
  • 18.1. IntegrityVerifier
  • 18.2. PermissionManager
  • 18.3. MessageManager
  • 18.4. RateLimiter
  • 18.5. RetryLogic
• 19. Cryptographic Services
  • 19.1. HashingService
    • HashingService
  • 19.2. SigningService
  • 19.3. IdentityManager
• 20. Fabric Classes
  • 20.1. FabricGateway
  • 20.2. FabricContract
  • 20.3. FabricNetwork
• 21. Storage Classes
  • 21.1. LocalStorage
  • 21.2. FabricStorage
• 22. Data Models
  • 22.1. Message
    • Message
  • 22.2. Participant
    • Participant
  • 22.3. Task
    • Task
• 23. Exceptions
  • SecurityError
    • SecurityError.__init__()
    • SecurityError.__new__()
    • SecurityError.add_note()
    • SecurityError.args
    • SecurityError.with_traceback()
  • CodeIntegrityError
    • CodeIntegrityError.__init__()
    • CodeIntegrityError.__new__()
    • CodeIntegrityError.add_note()
    • CodeIntegrityError.args
    • CodeIntegrityError.with_traceback()
  • PermissionDeniedError
    • PermissionDeniedError.__init__()
    • PermissionDeniedError.__new__()
    • PermissionDeniedError.add_note()
    • PermissionDeniedError.args
    • PermissionDeniedError.with_traceback()
  • MessageIntegrityError
    • MessageIntegrityError.__init__()
    • MessageIntegrityError.__new__()
    • MessageIntegrityError.add_note()
    • MessageIntegrityError.args
    • MessageIntegrityError.with_traceback()
  • SignatureError
    • SignatureError.__init__()
    • SignatureError.__new__()
    • SignatureError.add_note()
    • SignatureError.args
    • SignatureError.with_traceback()
  • RateLimitError
    • RateLimitError.__init__()
    • RateLimitError.__new__()
    • RateLimitError.add_note()
    • RateLimitError.args
    • RateLimitError.with_traceback()
  • RevocationError
    • RevocationError.__init__()
    • RevocationError.__new__()
    • RevocationError.add_note()
    • RevocationError.args
    • RevocationError.with_traceback()
  • ConfigurationError
    • ConfigurationError.__init__()
    • ConfigurationError.__new__()
    • ConfigurationError.add_note()
    • ConfigurationError.args
    • ConfigurationError.with_traceback()
• 24. Enumerations
  • 24.1. CommunicationDirection
    • CommunicationDirection
  • 24.2. DataType
    • DataType
  • 24.3. ParticipantStatus
    • ParticipantStatus
  • 24.4. TaskStatus
    • TaskStatus
  • 24.5. VerificationLevel
    • VerificationLevel
• 25. Tutorials
• 26. Prerequisites
• 27. Tutorial 1: Basic Setup
• 28. Tutorial 2: Identity Management
• 29. Tutorial 3: Code Integrity
• 30. Tutorial 4: Communication Permissions
• 31. Tutorial 5: Rate Limiting
• 32. Tutorial 6: Fabric Integration
• 33. Best Practices
• 34. FAQ
• 35. General
• 36. Installation
• 37. Security
• 38. Hyperledger Fabric
• 39. Performance
• 40. Troubleshooting
• 41. Development
• 42. Licensing
• 43. Support
• 44. Architecture
  • 44.1. Overview
  • 44.2. Components
    • 44.2.1. FabricSecurity (Main Class)
    • 44.2.2. Cryptographic Layer
    • 44.2.3. Security Services
    • 44.2.4. Fabric Integration
    • 44.2.5. Storage Layer
  • 44.3. Design Patterns
    • 44.3.1. Singleton Pattern
    • 44.3.2. Factory Pattern
    • 44.3.3. Strategy Pattern
  • 44.4. Security Model
    • 44.4.1. Zero Trust Principles
    • 44.4.2. Threat Mitigation
    • 44.4.3. Audit & Compliance
  • 44.5. Performance
    • 44.5.1. Caching Strategy
    • 44.5.2. Optimizations
  • 44.6. Scalability
  • 44.7. Deployment
• 45. Glossary
  • 45.1. Fundamentals
    • 45.1.1. Zero Trust
    • 45.1.2. Identity
    • 45.1.3. MSP (Membership Service Provider)
  • 45.2. Cryptography
    • 45.2.1. Hashing
    • 45.2.2. ECDSA (Elliptic Curve Digital Signature Algorithm)
    • 45.2.3. Digital Signature
    • 45.2.4. X.509 Certificate
  • 45.3. Security
    • 45.3.1. Integrity
    • 45.3.2. Authenticity
    • 45.3.3. Availability
    • 45.3.4. Confidentiality
    • 45.3.5. Non-Repudiation
  • 45.4. Hyperledger Fabric
    • 45.4.1. Channel
    • 45.4.2. Chaincode
    • 45.4.3. Endorsement
    • 45.4.4. Ledger
    • 45.4.5. Peer
    • 45.4.6. Orderer
  • 45.5. Messages
    • 45.5.1. SignedMessage
    • 45.5.2. CommunicationDirection
  • 45.6. Storage
    • 45.6.1. LocalStorage
    • 45.6.2. FabricStorage
  • 45.7. Algorithms
    • 45.7.1. Token Bucket Algorithm
    • 45.7.2. Exponential Backoff
    • 45.7.3. LRU Cache (Least Recently Used)
  • 45.8. Errors
• 46. Changelog
  • 46.1. [1.0.0] - 2026-03-21
    • 46.1.1. Added
    • 46.1.2. Changed
    • 46.1.3. Fixed
    • 46.1.4. Deprecated
  • 46.2. [0.1.0] - 2026-01-15
    • 46.2.1. Added
  • 46.3. Version Types
  • 46.4. Branch Strategy
  • 46.5. Contributing
• 47. Bibliography and Source Resources
  • 47.1. Official Documentation
    • 47.1.1. Hyperledger Fabric
    • 47.1.2. Python Documentation
  • 47.2. Cryptography
  • 47.3. Security Standards
  • 47.4. Code Quality Tools
  • 47.5. Related Projects
  • 47.6. Research Papers
  • 47.7. Author’s Resources
  • 47.8. License

---

Additional Resources

Resource	Link
PyPI Package	https://pypi.org/project/wFabricSecurity/
GitHub Repository	https://github.com/wisrovi/wFabricSecurity
Issue Tracker	https://github.com/wisrovi/wFabricSecurity/issues
Hyperledger Fabric	https://hyperledger-fabric.readthedocs.io/

---

Citation

If you use wFabricSecurity in your research or project, please cite:

@software{wFabricSecurity,
  author = {William Rodriguez},
  title = {wFabricSecurity: Zero Trust Security System for Hyperledger Fabric},
  url = {https://github.com/wisrovi/wFabricSecurity},
  version = {1.0.0},
  year = {2026},
}

Rodriguez, W. (2026). wFabricSecurity: Zero Trust Security System
for Hyperledger Fabric. https://github.com/wisrovi/wFabricSecurity

---

Author

William Rodriguez

Research Engineer & Software Architect

eCaptured Technologies

GitHub: https://github.com/wisrovi

LinkedIn: https://es.linkedin.com/in/wisrovi-rodriguez

Email: william.rodriguez@ecapturedtech.com

---

License

MIT License

Copyright (c) 2026 William Rodriguez

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

---

Last updated: |today|