Awesome questions—let’s tackle them step by step, like we would on a real dev thread.

To pull off a digital signature between two participants while keeping signature details hidden from others, focus on these key practices:

• Isolate sensitive signature data: Store raw signature materials (like the payload being signed, private key operations) in private participant-specific storage—only the two signing parties (say, A and B) have access to this. Other nodes (like C) should never get read permissions for this data.
• Limit ledger data to verification-only artifacts: Instead of writing full signature data to the public ledger, only add a cryptographically secure hash of the signature or a verification token. This lets other nodes confirm the transaction is valid without exposing the actual signature content.
• Enforce granular access controls: In your smart contract/chaincode logic, restrict the signature-initiation functions to only A and B. Other nodes should only be able to call read-only functions that query the public ledger, not the private signing logic.
• Encrypt peer-to-peer signature exchanges: When A and B communicate during the signing process, encrypt all payloads using each other's public keys. This ensures even intermediary consensus nodes can't decrypt or access the signature details—only the two parties can unpack and process the data.

A subflow is perfect here because it lets you encapsulate the sensitive signing logic separately from the public ledger update flow. Here’s how to structure it:

Step 1: Define the Main Flow #

The main flow is accessible to all nodes (A, B, C) but only executes public actions:

• It triggers the signing subflow (only A/B can run this part).
• It receives a verification token from the subflow.
• It writes the transaction details + verification token to the public ledger (visible to C).

Step 2: Build the Restricted Signature Subflow #

This subflow is locked down to only A and B:

• Add a permission guard at the subflow entry: Use a check to block any participant that isn’t A or B. Example pseudocode:

  // Example permission check (adjust to your framework)
  func (s *SignatureSubflow) Init(ctx context.Context) error {
      currentParticipant := ctx.Value("participant").(string)
      if currentParticipant != "A" && currentParticipant != "B" {
          return fmt.Errorf("access denied: only A and B can use this subflow")
      }
      return nil
  }
  

• Subflow internal logic:
  1. A initiates the subflow, sends the transaction payload (encrypted for B) to B.
  2. B validates the payload’s integrity, signs it with their private key, and sends the encrypted signature back to A.
  3. A verifies B’s signature, generates a unique verification hash (combining payload + valid signature), and passes this hash back to the main flow.

Step 3: Finalize Ledger Visibility #

Ensure the public ledger entry only includes:

• Transaction ID
• Identifiers for A and B
• The verification hash (from the subflow)
• Timestamp of completion

C can query this ledger entry to confirm the transaction happened, but has no way to access the subflow’s internal signing data or raw signatures.

内容的提问来源于stack exchange，提问作者viswa