Introduction to Corda

Corda network

Each node in Corda is a JVM runtime environment with a unique identity on the network. A Corda network comprises many such nodes that want to transact with each other to maintain and evolve a set of shared facts. Corda network is permissioned, which means nodes need to acquire an X.509 certificate from the network operator to be part of the network.

The component that issues X.509 certificates is referred to as the doorman. In this context, the doorman operates as a certificate authority for the nodes that are part of the network.

Public and private keys

Each node maintains a public and a private key.

• The private key is used to attest to facts by signing the associated data.
• The public key is used by other nodes to verify these signatures.

This X.509 certificate creates an association between the public key of the node and a human-readable X.500 name (e.g., O=MegaCorp, L=London, C=GB).

Map service

The network also contains a network map service, which provides some form of service discovery to the nodes part of the network. The nodes can query this service to discover other nodes that are part of the network in order to transact with them.

Interestingly, the nodes do not fully trust the network operator for the distribution of this information. So each entry of this map that contains the identifying data of a node (i.e., IP address, port, X.500 name, public key, X.509 certificate, etc.) is also signed by the corresponding node. In order to avoid censorship by the network operator, the nodes can even exchange the files that contain this information with each other out-of-band and install them locally.