Setup Guide

RavenTag · Protocol RTP-1

System Architecture

RavenTag is fully self-hosted and brand-sovereign. Once deployed, your infrastructure is independent from RavenTag.io.

┌──────────────────────┐    ┌─────────────────────────────┐
│  RavenTag.io         │    │  Your Brand Infrastructure   │
│  • Public brand list │◄───│  Brand Backend (Docker)      │
│  • Docs / Downloads  │    │  • BRAND_MASTER_KEY (secret) │
└──────────────────────┘    │  • ADMIN_KEY / OPERATOR_KEY  │
                            └──────────┬──────────────────┘
                                       │
┌──────────────────────┐    ┌──────────▼──────────────────┐
│  Brand Manager App   │◄───│  Ravencoin Node              │
│  Admin / Operator    │    │  (asset issuance, wallet)    │
└──────────────────────┘    └─────────────────────────────┘
┌──────────────────────┐
│  Consumer Verify App │  ← your branded app
└──────────────────────┘

Once infrastructure is running, you are independent. RavenTag.io is used only for docs, app downloads, and the mandatory public brand registry (Apache 2.0 attribution).

1. Deploy Your Backend

The brand backend is Node.js + Express. Deploy it on any server or cloud.

git clone https://github.com/ALENOC/RavenTag.git && cd RavenTag
cp backend/.env.example backend/.env
# Edit .env , set BRAND_NAME, ADMIN_KEY, BRAND_MASTER_KEY, BRAND_SALT
docker compose up backend

Variable	Description
BRAND_NAME	Your brand name. Required. Auto-registered publicly.
ADMIN_KEY	Full access. Keep secret.
OPERATOR_KEY	Factory operator. Chip operations only. Optional.
BRAND_MASTER_KEY	AES-128 master key (32 hex). NEVER share.
BRAND_SALT	32 hex salt for nfc_pub_id. NEVER share.
RVN_RPC_HOST	Your Ravencoin node host.

Generate keys: openssl rand -hex 32

2. Brand Registry (Automatic)

When the backend starts with BRAND_NAME set, it automatically registers in the public RavenTag brand directory.

Apache 2.0 Attribution, Mandatory & Non-removable. Registration in the public brand registry is required by the RavenTag license. The list only shows: brand name + registration date. No private data is shared. This cannot be modified in derivative works.

# backend/.env
BRAND_NAME=Fashionx

# On startup:
# [Registry] Brand "Fashionx" registered in RavenTag public registry.

3. Fund the Ravencoin Wallet

500 RVN

Root asset

e.g. FASHIONX

100 RVN

Sub-asset

e.g. FASHIONX/BAG01

5 RVN

Unique token

e.g. BAG01#SN0001

Get the wallet address from the Brand App (Wallet → Receive) or admin dashboard. The app uses a local BIP44 HD wallet.

4. Roles & Permissions

Two access levels allow separation between brand managers and factory operators who program tags.

Admin

Brand manager, CEO, IT. Full access.

Issue assets (root/sub/unique)
Revoke / burn assets
Transfer tokens
Manage wallet
Register + view chips

ADMIN_KEY=secret-key
X-Admin-Key: secret-key

Operator

Factory worker, warehouse staff. Limited.

Register NFC chips
List chips
View chip details

✗ Cannot issue assets

✗ Cannot revoke

✗ No wallet

OPERATOR_KEY=op-key
X-Operator-Key: op-key

Configure the Operator Key in Brand Manager App Settings and distribute the app to factory workers. They can program chips without access to asset management.

5. Issue Assets on Ravencoin

Create your asset hierarchy. The typical structure for serialized products:

FASHIONX              ← Root asset (500 RVN)
FASHIONX/BAG01        ← Sub-asset (100 RVN)
FASHIONX/BAG01#SN0001 ← Unique token (5 RVN) , one per physical item

6. Program NFC Chips

Open Brand App → Brand → Program NFC Tag

Select asset from wallet or type asset name. Verify URL is shown.

Tap NTAG 424 DNA chip (Step 1 of 3)

App reads 7-byte UID. Calls POST /api/brand/derive-chip-key (HTTPS, operator auth), backend derives 3 per-chip AES-128 keys from BRAND_MASTER_KEY and returns nfc_pub_id = SHA-256(UID || BRAND_SALT).

Keys written to chip (Step 3 of 3)

AES keys + SUN URL written via ISO 7816-4 APDUs. Chip locked.

Auto-registration on backend

App calls POST /api/brand/register-chip. Backend recomputes nfc_pub_id using BRAND_SALT, consistent with the value stored in IPFS metadata.

The SUN URL written to the chip uses the Verification Server URL set in Settings. Change it to your own server before programming chips in production. BRAND_MASTER_KEY and BRAND_SALT must be set on the backend before programming any chip.

7. Customize the Consumer App

Fully white-label the Consumer App for your brand. Edit one file, replace logos, compile.

Step 1, Edit AppConfig.kt

// android/app/src/consumer/java/io/raventag/app/config/AppConfig.kt
object AppConfig {
    const val IS_BRAND_APP = false
    const val BRAND_NAME = "Fashionx"
    const val DEFAULT_VERIFY_URL = "https://verify.fashionx.com"
    const val PRIMARY_COLOR_HEX = "#C9622D"
    const val LOGO_DRAWABLE = "raven_logo"
}

Step 2, Replace logos

android/app/src/main/res/drawable/raven_logo.jpg   # In-app header logo
android/app/src/main/res/drawable/ic_app_logo.jpg  # App icon source

Step 3, Build & distribute

./gradlew assembleConsumerRelease
# APK: app/build/outputs/apk/consumer/release/app-consumer-release.apk

The consumer app shows your brand name, logo, colors. The RavenTag attribution appears in Settings → About (required by Apache 2.0).

8. Consumer Verification

Consumer taps NFC chip
  → Consumer App reads URL: https://verify.yourbrand.com/verify?asset=...&e=...&m=...
  → Backend decrypts e → UID + counter
  → Verifies MAC: CMAC(sdmMacKey, e)[even_bytes][:4] == m
  → Checks counter > stored (anti-replay)
  → Ravencoin → IPFS → nfc_pub_id match
  → Revocation check
  → Returns: { authentic: true/false, revoked: false }

9. Revoke Counterfeits

# Via API (immediate, reversible):
POST /api/brand/revoke
X-Admin-Key: your-key
{ "asset_name": "FASHIONX/BAG01#SN0001", "reason": "Stolen", "burn_on_chain": false }

# Un-revoke: DELETE /api/brand/revoke/FASHIONX%2FBAG01%23SN0001
# Burn on-chain (IRREVERSIBLE): { ..., "burn_on_chain": true }

Use burn on-chain only for confirmed counterfeits. Backend-only revocation is instant and reversible. Both available in Brand App and admin dashboard.

IPFS Image Upload

Attach a product image to an asset by tapping the image picker in the Issue Asset screen. The image is uploaded to your IPFS node and the CID is stored in the Ravencoin asset metadata.

// In Brand App → Issue Asset screen:
// 1. Tap image picker → select photo from gallery or camera
// 2. App uploads to IPFS node: POST http://127.0.0.1:5001/api/v0/add
// 3. CID stored in asset metadata: { "image": "ipfs://QmXxx..." }
// 4. Ravencoin asset metadata includes IPFS hash on-chain

Images are uploaded to your own IPFS node and pinned. The CID is embedded in the Ravencoin asset metadata. Consumers see the image when verifying.

Wallet Backup & Recovery

After creating a wallet, the app displays the 12-word mnemonic phrase exactly once on a mandatory backup screen. Write it down offline and keep it safe, it is the only way to recover your wallet.

// BIP44 derivation path: m/44'/175'/0'/0/0
// Coin type 175 = Ravencoin (SLIP-0044)
// 12-word BIP39 mnemonic → deterministic private key + address
// Private key encrypted in Android Keystore (StrongBox/TEE)

// Restore: Brand App → Create/Restore Wallet → Restore
// Enter 12 words → same address generated on any BIP39 wallet

There is no cloud backup. The mnemonic is the only way to recover your wallet and all associated assets. Store it in multiple secure offline locations.

Troubleshooting

Common issues and solutions.

NFC tag is not detected

Check that NFC is enabled in phone settings. For NTAG 424 DNA, ensure the phone supports ISO 14443-4 (ISO-DEP). On some phones, the NFC antenna is at the top, try different tag placement.

WriteData / ChangeFileSettings fails

The tag must be a factory-fresh NTAG 424 DNA. A previously programmed tag needs to be reset (not possible without the original keys). Check that the app has the correct current master key (default: 16 zero bytes for factory tags).

Verification returns "MAC failed"

The backend AES keys (BRAND_MASTER_KEY) must match the keys programmed on the chip. If you changed BRAND_MASTER_KEY after programming chips, those chips cannot be verified. Keys are derived per-chip at verify time, regenerating with the same master key always gives the same chip key.

Asset issuance fails with 502

The Ravencoin node wallet has insufficient balance. Check with GET /api/brand/wallet. Ensure the node is fully synced (ravend getblockchaininfo). Allow 30+ minutes for initial sync on testnet.

IPFS upload fails

Ensure a Kubo IPFS node is running and IPFS_API_URL is set correctly (default: http://127.0.0.1:5001). Run 'ipfs daemon' or use 'docker compose up ipfs'. The backend needs API access to the IPFS node (not gateway, but the write API port).