Developers Forum for XinFin XDC Network

Cover image for Access Control with Encrypted NFT Documents — #BuildItOnXDC
Anna Dsouza
Anna Dsouza

Posted on

Access Control with Encrypted NFT Documents — #BuildItOnXDC

Non-fungible Tokens (NFTs) have been a hot topic in blockchain. Many observers don’t realize that NFTs are simply tools to associate tokens with a smart contract. On the XDC Network, the standard for NFTs are the XRC721 & XRC1155 contracts.

These standards can be used to associate properties of a smart contract onto a token. The holder of said token can inherit the properties and utilize the contract. This might involve using the token as a key, where the holder can unlock access to a contract, or use a token to represent the accounting of an item that can be tracked and traded on the blockchain and even represent intellectual property and contracts themselves.

These tokens are non-fungible in part due to their inability to being split up into smaller pieces, as in the XRC20, which typically can have up to 18 decimal places. Furthermore, there is no consistent equitable exchange value with other items and assets, as each token is an individual unit with an individual usage independent of that of any other token.

NFTs have 3 parts:

The Token
The Uniform Resource Identifier (URI)
The Contract Code

Image description

The token is a means for a user to possess or access the attributes of a given contract. For instance, if a user holds a NFT with the attributes of a key, they can access lock contents inside the contract. If a user holds an NFT with the intellectual property or licensing attributes to a given piece of work like art, song or even another contract, the holder of the token is entitled to those rights.

The Uniform Resource Identifier (URI) is a piece of metadata describing the token.As most NFTs on the market are centered around art, so their URIs will describe the collection, the artist and a link to the image on a interplanetary file system (IPFS) along with whatever information the minter would like to include to describe the token to users on what the token is.

The smart contract code is the way the token is able to hold all the information about the token itself as well as automate the engagement of the token and run the dApp the token will be used in.

While most see NFT’s as modern art, they still understand that the concept can be used for documents like titles for your home, intellectual property and licensing rights, identification, and contracts.. The question is, how would you secure such documents?

Encryption Algorithms. That’s how!

Image description

In this example I use safedun-server for my image scrambling coupled with the contract to store the encryption key. safedun-server is a responsive web application for server-side image scrambling. Built with a very specific purpose of maintaining image privacy over web sharing.

Encryption is a means of taking a created source key generated by the user with an algorithm that scrambles the original data to encode a file. That same concept can be used to decrypt NFT’s. With the XDC network, you can have NFT’s with sensitive information stored in a document that can be encrypted. This encryption key is stored in the contract, and only the holder of the token is able to access said key to decrypt the document. This allows for secure access control over any valuable information.

Image description

A user can take their document and encrypt in with an image encryption algorithm and store it on an IPFS before minting their token with the encryption key stored in the contract with the URI stating the name of the document, the documents original hash, and the url pointing to their document on the IPFS. To prove authenticity, this user can share the token to retrieve the encryption key, decrypt and show contents of the document and can confirm validity by comparing the hash in the URI with the decrypted document.

NFT Document Contract

Pragma solidity ^0.8.10;
// SPDX-License-Identifier: MIT
Import “@openzeppelin/contracts/token/ERC1155/ERC1155.sol”;

Contract Documents is ERC1155 {
    Unit256 public constant Doc = 0;
//key remain private in XDC contract and only the holder of the token can get the key to decrypt IMG 
string private EncryptionKEY;
//launch contract
Constructor (string memory _EncryptionKEY, string memory IPFS_link) public ERC1155(IPFS_link) {EncryptionKEY = _EncryptionKEY;
-mint (msg.sender, Doc, 1, “”);
//only NFT holder can access the functions
Modifier onlyOwner{
Require(balanceof(msg.sender,0) == 1, “You must be holder of the token to view it”);
//view EncryptionKey
Function viewKey () public view onlyOwner returns (string memory){
Return EncryptionKey;
Enter fullscreen mode Exit fullscreen mode

NFT Uniform Resource Identifier (URI)

“Document”: “Encrypted File”,
“Document_Hash”: “2f9cc5904219eeb7851b51fca0f3b857081a1380ad792251f11”,
Enter fullscreen mode Exit fullscreen mode

The XDC Network can provide a strong layer of security for sensitive documents and images through encryption keys that allow access to these NFT’s only to authorized parties.

This means that cloud storage networks, like S3 on AWS or blob storage in Azure, can have an additional, secure means of authorized access control simply using the methods shown above.

About the Author: R Quincy Jones XDC Foundation developer, who on behalf of the XDC Network is building new standards and applications for the XDC Network. With over four years in cloud development, and a growing following on YouTube: CoinClubCrypto, is well-suited to break down the fundamentals of blockchain-based technologies for general audiences.


Github :

The content above represents my own individual perspective as an XDC community member and does not reflect the official stance of XDC Foundation.

Originally written by Quincy :

Discussion (0)