Blockchain Registry

Every signed asset's SHA-256 hash is written to a smart contract on Ethereum Sepolia testnet. This creates a public, permanent audit trail that exists independently of Tauth.

Why on-chain?

• Immutability: once a hash is recorded, no one (including Tauth) can remove or alter it.
• Auditability: anyone can verify a file's existence and signing time without trusting Tauth.
• Longevity: even if Tauth is shut down, the on-chain record remains verifiable.

Smart contract

The registry contract is deployed on Sepolia. It exposes a single write function:

function registerAsset(bytes32 fileHash, string calldata metadataURI) external

And a view function to check registration:

function isRegistered(bytes32 fileHash) external view returns (bool, uint256 timestamp)

The contract address is stored in .env as CONTRACT_ADDRESS.

Viewing a registration

After signing, the API response includes a tx_hash. You can view it on Etherscan:

https://sepolia.etherscan.io/tx/{tx_hash}

The Media Library in the web app links directly to Etherscan for each asset.

Verifying independently

Given a file, compute its SHA-256 hash and query the contract:

import hashlib, json
from web3 import Web3

w3 = Web3(Web3.HTTPProvider("https://sepolia.infura.io/v3/YOUR_KEY"))

with open("signed-photo.jpg", "rb") as f:
    file_hash = hashlib.sha256(f.read()).hexdigest()

# Call isRegistered(bytes32)
# ... using your contract ABI

Configuration

SEPOLIA_RPC_URL=https://sepolia.infura.io/v3/your-project-id
DEPLOYER_PRIVATE_KEY=0x...
CONTRACT_ADDRESS=0x...

TIP

Use a dedicated deployer wallet with minimal funds. Only keep enough ETH to cover gas for registration transactions (~0.001 ETH per signing operation on Sepolia).