# How it works

Download immudb short research paper (opens new window) to have a conceptual understanding of the technical foundations of immudb.

This section is not yet ready for immudb 0.9. We are working on it in order to improve it and we are close to deliver. Stay tuned!

# Adding data

This section is not yet ready for immudb 0.9. We are working on it in order to improve it and we are close to deliver. Stay tuned!

# Checking data consistency

This section is not yet ready for immudb 0.9. We are working on it in order to improve it and we are close to deliver. Stay tuned!

# State signature

Providing immudb with a signing key enables the cryptographic state signature. That means that an auditor or a third party client, for instance, could verify the authenticity of the returned current state after calling the currentState gRPC method. Here are the gRPC message definitions:

message ImmutableState {
	uint64 txId = 3;
	bytes txHash = 4;
	Signature signature = 5;
}

message Signature {
	bytes signature = 1;
	bytes publicKey = 2;
}

Check state signature and verify state signature paragraphs for additional details.

Immuclient and immugw (opens new window) are shipped with auditor capabilities. To get the signed state in combination with the auditor, launch...

  • ...immuclient with auditor capabilities:
immuclient audit-mode --audit-username {immudb-username} --audit-password {immudb-pw} --audit-signature validate
./immugw --audit --audit-username {immudb-username} --audit-password {immudb-pw} --audit-signature validate

# Item References

Enables the insertion of a special entry which references to another item.

# Primary Index

Index enables queries and search based on the data key.

# Secondary Index

Index enables queries and search based on the data value.

# Streams

Allows client server communication with streams of “delimited” []byte messages.

# Cryptographic signatures

A signature (PKI) provided by the client can be became part of the insertion process.

# Authentication (transport)

Integrated mTLS offers the best approach for machine-to-machine authentication, also providing communications security (entryption) over the transport channel.

# immugw communication

immugw can be found in its own repository (opens new window)

immugw proxies REST client communication and gRPC server interface. For security reasons, immugw should not run on the same server as immudb. The following diagram shows how the communication works:

immugw communication explained