Using attachments

Attachments are ZIP/JAR files referenced from transaction by hash, but not included in the transaction itself. These files are automatically requested from the node sending the transaction when needed and cached locally so they are not re-requested if encountered again. Attachments typically contain:

  • Contract executable code
  • Metadata about a transaction, such as PDF version of an invoice being settled
  • Shared information to be permanently recorded on the ledger

To add attachments the file must first be added to uploaded to the node, which returns a unique ID that can be added using TransactionBuilder.addAttachment(). Attachments can be uploaded and downloaded via RPC and the Corda Shell.

It is encouraged that where possible attachments are reusable data, so that nodes can meaningfully cache them.

Uploading and downloading

To upload an attachment to the node, or download an attachment named by its hash, you use Client RPC. This is also available for interactive use via the shell. To upload run:

>>> run uploadAttachment jar: /path/to/the/file.jar

The file is uploaded, checked and if successful the hash of the file is returned. This is how the attachment is identified inside the node.

To download an attachment, you can do:

>>> run openAttachment id: AB7FED7663A3F195A59A0F01091932B15C22405CB727A1518418BF53C6E6663A

which will then ask you to provide a path to save the file to. To do the same thing programmatically, you can pass a simple InputStream or SecureHash to the uploadAttachment/openAttachment RPCs from a JVM client.


Normally attachments on transactions are fetched automatically via the ResolveTransactionsFlow. Attachments are needed in order to validate a transaction (they include, for example, the contract code), so must be fetched before the validation process can run. ResolveTransactionsFlow calls FetchTransactionsFlow to perform the actual retrieval.


Future versions of Corda may support non-critical attachments that are not used for transaction verification and which are shared explicitly. These are useful for attaching and signing auditing data with a transaction that isn’t used as part of the contract logic.

Attachments demo

There is a worked example of attachments, which relays a simple document from one node to another. The “two party trade flow” also includes an attachment, however it is a significantly more complex demo, and less well suited for a tutorial.

The demo code is in the file samples/attachment-demo/src/main/kotlin/net/corda/attachmentdemo/AttachmentDemo.kt, with the core logic contained within the two functions recipient() and sender(). The first thing it does is set up an RPC connection to node B using a demo user account (this is all configured in the gradle build script for the demo and the nodes will be created using the deployNodes gradle task as normal). The CordaRPCClient.use method is a convenience helper intended for small tools that sets up an RPC connection scoped to the provided block, and brings all the RPCs into scope. Once connected the sender/recipient functions are run with the RPC proxy as a parameter.

We’ll look at the recipient function first.

The first thing it does is wait to receive a notification of a new transaction by calling the verifiedTransactions RPC, which returns both a snapshot and an observable of changes. The observable is made blocking and the next transaction the node verifies is retrieved. That transaction is checked to see if it has the expected attachment and if so, printed out.

fun recipient(rpc: CordaRPCOps) {
    println("Waiting to receive transaction ...")
    val stx = rpc.verifiedTransactions().second.toBlocking().first()
    val wtx = stx.tx
    if (wtx.attachments.isNotEmpty()) {
        assertEquals(PROSPECTUS_HASH, wtx.attachments.first())
        println("File received - we're happy!\n\nFinal transaction is:\n\n${Emoji.renderIfSupported(wtx)}")
    } else {
        println("Error: no attachments found in ${}")

The sender correspondingly builds a transaction with the attachment, then calls FinalityFlow to complete the transaction and send it to the recipient node:

fun sender(rpc: CordaRPCOps) {
    // Get the identity key of the other side (the recipient).
    val otherSide: Party = rpc.partyFromName("Bank B")!!

    // Make sure we have the file in storage
    // TODO: We should have our own demo file, not share the trader demo file
    if (!rpc.attachmentExists(PROSPECTUS_HASH)) {
        Thread.currentThread().contextClassLoader.getResourceAsStream("bank-of-london-cp.jar").use {
            val id = rpc.uploadAttachment(it)
            assertEquals(PROSPECTUS_HASH, id)

    // Create a trivial transaction that just passes across the attachment - in normal cases there would be
    // inputs, outputs and commands that refer to this attachment.
    val ptx = TransactionType.General.Builder(notary = null)
    // TODO: Add a dummy state and specify a notary, so that the tx hash is randomised each time and the demo can be repeated.

    // Despite not having any states, we have to have at least one signature on the transaction

    // Send the transaction to the other recipient
    val stx = ptx.toSignedTransaction()
    println("Sending ${}")
    val protocolHandle = rpc.startFlow(::FinalityFlow, stx, setOf(otherSide))

This side is a bit more complex. Firstly it looks up its counterparty by name in the network map. Then, if the node doesn’t already have the attachment in its storage, we upload it from a JAR resource and check the hash was what we expected. Then a trivial transaction is built that has the attachment and a single signature and it’s sent to the other side using the FinalityFlow. The result of starting the flow is a stream of progress messages and a returnValue observable that can be used to watch out for the flow completing successfully.