ATE Database is a distributed redo log server that the ATE projects can use to remotely store their redo logs. ATE is designed to connect to remotely hosted repositories of state for to meet integrity and availability non-functional requirements.
ATE Database runs a server daemon that listens for connections from clients and serves as a distributed redo log.
Other projects use this backend for persistent storage - projects such as
By default all wire messages are clear text but the events that are confidential are encrypted thus giving a good balance between security and speed however you may also increase the security of databases by using double-encryption. For instance if you specify --wire-encryption 128 then AteDB will negotiate AES 128bit symetric keys using a quantum resistant key exchange that supports perfect forward secrecy symentics.
There are two modes that AteDB can run in which have very different characteristics of trust and speed.
Repreresents a centralized trust model meaning that the communication link itself with a central server becomes a trusted conversation. When the server or client sends its events it will only provide proof of ownership of authorization to write 'once' per connection. This means that writes will be much faster as they only need to compute an asymetric signature once for each key that is used however it also means that you are trusting that the server is doing its job properly and has not been compromised by an attacker who has added their own events.
When running in centralized mode it is highly recommended you use wire-encryption to prevent an attacker from injecting fake events into your communication channel. Use the --wire-encryption parameter to enable this. For this reason AteDB will default to using 128bit wire encryption when running in centralized mode which can be disabled using the --no-wire-encryption parameter.
Represents distributed trust model where the only thing clients and servers really trust is the signatures of each individual event. In the scenario that a server is compromised it is not possible for an attacker to inject their own events into the chains as they do not have ownership of the signing private keys. This mode has a fairly significant impact on write operations as it means events need a asynmetric signature computed on all writes, batching attempts to minimize this cost however if writes are individually committed then a worst case scenario of every IO equals a signature will eventulate.
In this mode it is not nessasary to also run wire encryption as all events that require confidentiallity and integrity are protected individually however one can reduce the changes of side channel attacks and denial of service risks through double-encryption.
When running in 'distributed' mode the database will not make an authentication server requests as there is nothing to gain from this or to validate using. All integrity is provided as a part of the events themselves. Hence in this mode the --auth setting has no effect
```sh
apt install cargo make pkg-config openssl libssl-dev cargo install atedb cargo install auth-server ```
```sh
atedb solo ```
```sh
atedb --trust distributed solo ```
```sh
atedb --wire-encryption 256 --trust distributed solo ```
```sh
atedb solo ~/another-path/ ```
```sh
atedb --no-auth --no-wire-encryption solo -l 127.0.0.1 ```
```sh
auth-server run -l 0.0.0.0 -p 5555 atedb --dns 8.8.4.4 --auth tcp://127.0.0.1:5555/auth solo -l 0.0.0.0 ```
```sh
RUST_LOG=info atedb solo ```
```
USAGE:
atedb [FLAGS] [OPTIONS]
FLAGS: -d, --debug Logs debug info to the console --dns-sec Determines if ATE will use DNSSec or just plain DNS -h, --help Prints help information --no-auth Indicates no authentication server will be used meaning all new chains created by clients allow anyone to write new root nodes --no-wire-encryption Disbles wire encryption which would otherwise be turned on when running in 'centralized' mode -v, --verbose Sets the level of log verbosity, can be used multiple times -V, --version Prints version information
OPTIONS:
-a, --auth
--dns-server <dns-server>
Address that DNS queries will be sent to [default: 8.8.8.8]
-t, --trust <trust>
Trust mode that the database server will run under - valid values are either
'distributed' or 'centralized'. When running in 'distributed' mode the server itself
does not need to be trusted in order to trust the data it holds however it has a
significant performance impact on write operations while the 'centralized' mode gives
much higher performance but the server needs to be protected [default: centralized]
--wire-encryption <wire-encryption>
Indicates if ATE will use quantum resistant wire encryption (possible values are 128,
192, 256). When running in 'centralized' mode wire encryption will default to 128bit
however when running in 'distributed' mode wire encryption will default to off unless
explicitly turned on
SUBCOMMANDS: help Prints this message or the help of the given subcommand(s) solo Runs a solo ATE database and listens for connections from clients
USAGE: atedb solo [OPTIONS] [logs-path]
ARGS:
FLAGS: -h, --help Prints help information -V, --version Prints version information
OPTIONS:
-l, --listen
If you would like to help setup a community to continue to develop this project then please contact me at johnathan.sharratt@gmail.com