Skip to content

Smart Policy GuideΒΆ

This is a short tutorial intended to familiarize you with how to write a Smart Policy with the fileHash validator. fileHash is a basic precondition that checks that a given file's md5 hash is equal to a predefined hash set by the policy writer. There are a variety of scenarios in which you might want to use fileHash: for instance, you agree to allow a user access to your data under the circumstances that the code used to process your data is revealed to you for auditing beforehand. You would then be using the COVA platform for transacting and processing the data, as you can be sure that only the enclave running COVA policy-enforcing software can act on your data.

  • Review the code that was sent to you. Code that runs inside CovaVM include some COVA-specific directives, like raising __COVA__.ReturnData() exceptions, which signal to CovaVM to treat the argument as return data to be packaged back to data user, and __data__, which represent the data passed in.
def function_on_data(d):
   # do stuff
   x = do_stuff(d)
   return x

raise __COVA__.ReturnData(function_on_data(__data__))
  • Calculate the file hash. FileHashValidator uses md5 hash, so you can use Python's builtin hashlib to calculate it.
  import hashlib

  with open("") as f:
     program_text =
     hashed = hashlib.md5(program_text.encode()).hexdigest()
  • Use the calculated file hash to write the following Smart Policy.
   "meta": {
       "name": "MyFirstPolicy",
       "author": "James Johnson",
       "version": "0.0.1",
       "description": "Only allowed the audited version of a program to run against my data."

   "pre": {
       "fileHash": {
           "equalTo": "<INSERT FILE HASH>"