如何在Hyperledger v1.0中获取和使用用户的公钥/私钥?
[英]How do I get and use the public/private keys of users in Hyperledger v1.0?
问题描述
I read that in Hyperledger v1, encryption and channels can be used to enforce privacy. 
我了解到在Hyperledger v1中,可以使用加密和通道来加强隐私。
I want to try the encryption approach to accomplish this. 我想尝试使用加密方法来完成此任务。 Since all registered users have private/public keys, I plan to use the public keys of users to encrypt some data (later I plan to combine this with symmetric cryptography to make it more efficient). 由于所有注册用户都具有私钥/公钥,因此我计划使用用户的公钥来加密某些数据(后来我计划将其与对称密码术结合起来以提高效率)。
In addition, I plan to use the private key of the invoker of a function to perform decryption. 另外,我计划使用函数调用者的私钥来执行解密。
How do I get the public/private keys inside the chaincode? 如何在链码中获取公钥/私钥? In addition, I also plan to perform encryption/decryption in NodeJS (outside the chaincode) since I'm using the NodeJS SDK for Hyperledger v1. 此外,由于我正在使用适用于Hyperledger v1的NodeJS SDK,因此我还计划在NodeJS(链代码之外)中执行加密/解密。 How do I get the public/private keys through NodeJS? 如何通过NodeJS获取公钥/私钥?
2 个解决方案
解决方案1
2 2017-07-10 08:28:16
While using NodeSDK you simply load keys from theirs location on disk and to obtain signer (client) certificate you can use API from ChaincodeStubInterface interface which provided you while chaincode is invoked: 使用NodeSDK时,您只需从密钥在磁盘上的位置加载密钥并获得签署者(客户端)证书,就可以使用ChaincodeStubInterface接口中的API, ChaincodeStubInterface接口在调用chaincode时为您提供:
// GetCreator returns `SignatureHeader.Creator` (e.g. an identity)
// of the `SignedProposal`. This is the identity of the agent (or user)
// submitting the transaction.
GetCreator() ([]byte, error)
解决方案2
2 2017-07-11 06:31:50
First of all, I think that you should know how are those keys created. 首先,我认为您应该知道这些密钥是如何创建的。 There are different ways for it, but Hyperledger Fabric gives you two tools to create these keys: 可以使用不同的方法,但是Hyperledger Fabric为您提供了两个工具来创建这些密钥:
- Cryptogen: this tool is used to generate the cryptographic material (x509 certs) for your network entities. Cryptogen:此工具用于为您的网络实体生成加密材料(x509证书)。 These certificates are representative of identities, and they allow for sign/verify authentication to take place as our entities communicate and transact. 这些证书代表身份,它们允许在我们的实体进行通信和交易时进行签名/验证身份验证。
- Fabric CA: a component of the Fabric, ie the CA that will issue certificates for each member. Fabric CA:Fabric的组件,即将为每个成员颁发证书的CA。
Then, once you have the keys, you should manage them. 然后,一旦有了密钥,就应该对其进行管理。 The Fabric project makes it easier thanks to the MSP . MSP使Fabric项目变得更加容易。 When you create a channel, you define the public keys of the peers and the keys of the issuers of those certificates. 创建通道时,您定义对等方的公共密钥和这些证书的发行者的密钥。 Then, Fabric manages them to verify the transactions. 然后,Fabric管理它们以验证交易。
The Membership service provider (MSP) offers us the possibility of abstracting from all the cryptographic mechanisms and protocols of validation, authentication verification and signature. 成员资格服务提供商(MSP)为我们提供了从验证,身份验证和签名的所有加密机制和协议中抽象出来的可能性。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.