堆栈内存溢出
  简体   繁体   English

本机运行 Fabric CA - 找不到默认的“PKCS11”BCCSP

[英]Running Fabric CA natively - Could not find default `PKCS11` BCCSP

 原文  2020-01-06 21:13:23       hyperledger-fabric/ pkcs#11/ hyperledger-fabric-ca/ softhsm

问题描述

Attempting to configure HSM according to: https://hyperledger-fabric-ca.readthedocs.io/en/release-1.4/users-guide.html#configuring-an-hsm尝试根据以下内容配置 HSM: https : //hyperledger-fabric-ca.readthedocs.io/en/release-1.4/users-guide.html#configuring-an-hsm

but trying to do so running the Fabric CA Server as a systemd service according to: https://upcloud.com/community/tutorials/hyperledger-fabric-systemd/尝试将 Fabric CA 服务器作为系统服务运行,根据: https : //upcloud.com/community/tutorials/hyperledger-fabric-systemd/

I followed a combo of the above link and this link: https://gist.github.com/AkshayCHD/f7c96175dca1e5ab8d5785a3af0d5692我遵循了上述链接和此链接的组合: https : //gist.github.com/AkshayCHD/f7c96175dca1e5ab8d5785a3af0d5692

BUT I built it with "GO_TAGS=pkcs11 make fabric-ca-server" according to this: https://jira.hyperledger.org/browse/FAB-13458但是我根据以下内容使用“GO_TAGS=pkcs11 make fabric-ca-server”构建它: https ://jira.hyperledger.org/browse/FAB-13458

I installed SoftHSM according to the below link and can initialize the token: https://wiki.opendnssec.org/display/SoftHSMDOCS/SoftHSM+Documentation+v2#SoftHSMDocumentationv2-Download我根据以下链接安装了 SoftHSM 并可以初始化令牌: https ://wiki.opendnssec.org/display/SoftHSMDOCS/SoftHSM+Documentation+v2#SoftHSMDocumentationv2-Download

I initialize the server before starting so I can edit the fabric-ca-server-config.yaml with the appropriate PKCS11 data.我在开始之前初始化服务器,以便我可以使用适当的 PKCS11 数据编辑 fabric-ca-server-config.yaml。

I can start the server/service fine without PKCS11 but when I edit the fabric-ca-server-config.yaml file to the below it never works.我可以在没有 PKCS11 的情况下很好地启动服务器/服务,但是当我将 fabric-ca-server-config.yaml 文件编辑到下面时,它永远不会工作。

INTERESTINGLY when I switch the default to "SW" I receive: Error: Failed to initialize BCCSP Factories: Failed initializing PKCS11.BCCSP %!s(): Could not initialize BCCSP PKCS11 [Failed initializing PKCS11 library /home/ubuntu/softhsm/SoftHSMv2/src/lib/.libs/libsofthsm2.so ForFabric: Could not get Slot List [pkcs11: 0x190: CKR_CRYPTOKI_NOT_INITIALIZED]]有趣的是,当我将默认值切换为“SW”时,我收到:错误:无法初始化 BCCSP 工厂:无法初始化 PKCS11.BCCSP %!s():无法初始化 BCCSP PKCS11 [无法初始化 PKCS11 库 /home/ubuntu/softhsm/SoftHSMv2 /src/lib/.libs/libsofthsm2.so ForFabric:无法获取插槽列表 [pkcs11:0x190:CKR_CRYPTOKI_NOT_INITIALIZED]]

BUT when I have "default: PKCS11" I get this error: Could not find default PKCS11 BCCSP但是当我有“默认值:PKCS11”时,我收到这个错误:找不到默认的PKCS11 BCCSP

I have read this https://jira.hyperledger.org/browse/FAB-9595 but AGAIN I'm not using Docker.我已经阅读了这个https://jira.hyperledger.org/browse/FAB-9595但我再次没有使用 Docker。

Any help or pointers in the right direction would be appreciated.任何正确方向的帮助或指示将不胜感激。

Relevant output:相关输出:

bccsp: default: PKCS11 bccsp:默认:PKCS11
pkcs11: pkcs11:
Library: /home/ubuntu/softhsm/SoftHSMv2/src/lib/.libs/libsofthsm2.so库:/home/ubuntu/softhsm/SoftHSMv2/src/lib/.libs/libsofthsm2.so
Pin: 98765432引脚:98765432
Label: ForFabric标签:ForFabric
hash: SHA2哈希:SHA2
security: 256安全性:256
filekeystore:文件密钥库:
# The directory used for the software file-based keystore # 用于基于软件文件的密钥库的目录
keystore: msp/keystore密钥库:msp/密钥库
sw:开关:
hash: SHA2哈希:SHA2
security: 256安全性:256
filekeystore:文件密钥库:
# The directory used for the software file-based keystore # 用于基于软件文件的密钥库的目录
keystore: msp/keystore密钥库:msp/密钥库

fabric-ca-server:结构 CA 服务器:

Version: 2.0.0-snapshot-d780eb0版本:2.0.0-snapshot-d780eb0

Go version: go1.13.5 Go 版本:go1.13.5

OS/Arch: linux/amd64操作系统/架构:linux/amd64

2 个解决方案

解决方案1
 1  2020-05-21 04:11:06

执行GO_TAGS=pkcs11 make fabric-ca-server ,记得把原来的fabric-ca-server 二进制文件去掉,把新建的二进制文件放到path/to/go/bin

解决方案2
 0  2020-01-10 18:24:14

The issue encountered was a combination of creating the tokens as one user and starting the service as another (sudo).遇到的问题是作为一个用户创建令牌并作为另一个用户启动服务 (sudo) 的组合。 Creating the token and starting the Fabric CA server as root (sudo -i) solved this issue.创建令牌并以 root 身份启动 Fabric CA 服务器 (sudo -i) 解决了这个问题。

root@ip-172-31-85-208:~/fab-ca/server# fabric-ca-server start -b admin:adminpw 2020/01/10 17:57:31 [INFO] Configuration file location: /root/fab-ca/server/fabric-ca-server-config.yaml 2020/01/10 17:57:31 [INFO] Starting server in home directory: /root/fab-ca/server 2020/01/10 17:57:31 [INFO] Server Version: 2.0.0-snapshot-d780eb0 2020/01/10 17:57:31 [INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1} 2020/01/10 17:57:31 [INFO] The CA key and certificate already exist 2020/01/10 17:57:31 [INFO] The key is stored by BCCSP provider 'PKCS11' 2020/01/10 17:57:31 [INFO] The certificate is at: /root/fab-ca/server/ca-cert.pem 2020/01/10 17:57:31 [INFO] Initialized sqlite3 database at /root/fab-ca/server/fabric-ca-server.db 2020/01/10 17:57:31 [INFO] The Idemix issuer public and secret key files already exist 2020/01/10 17:57:31 [INFO] secret key file location: /root/fab-ca/server/msp/keystore/IssuerSecretKey 2020/01/10 17:57:31 [INFO] public key file l root@ip-172-31-85-208:~/fab-ca/server# fabric-ca-server start -b admin:adminpw 2020/01/10 17:57:31 [INFO] 配置文件位置:/root /fab-ca/server/fabric-ca-server-config.yaml 2020/01/10 17:57:31 [INFO] 在主目录中启动服务器:/root/fab-ca/server 2020/01/10 17: 57:31 [INFO] 服务器版本:2.0.0-snapshot-d780eb0 2020/01/10 17:57:31 [INFO] 服务器级别:&{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce :1} 2020/01/10 17:57:31 [INFO] CA 密钥和证书已经存在 2020/01/10 17:57:31 [INFO] 密钥由 BCCSP 提供商 'PKCS11' 存储 2020/01/ 10 17:57:31 [INFO] 证书位于:/root/fab-ca/server/ca-cert.pem 2020/01/10 17:57:31 [INFO] 初始化 sqlite3 数据库位于 /root/fab- ca/server/fabric-ca-server.db 2020/01/10 17:57:31 [INFO] Idemix 发行者公钥和密钥文件已经存在 2020/01/10 17:57:31 [INFO] 密钥文件位置:/root/fab-ca/server/msp/keystore/IssuerSecretKey 2020/01/10 17:57:31 [INFO] 公钥文件 l ocation: /root/fab-ca/server/IssuerPublicKey 2020/01/10 17:57:31 [INFO] The Idemix issuer revocation public and secret key files already exist 2020/01/10 17:57:31 [INFO] private key file location: /root/fab-ca/server/msp/keystore/IssuerRevocationPrivateKey 2020/01/10 17:57:31 [INFO] public key file location: /root/fab-ca/server/IssuerRevocationPublicKey 2020/01/10 17:57:31 [INFO] Home directory for default CA: /root/fab-ca/server 2020/01/10 17:57:31 [INFO] Operation Server Listening on 127.0.0.1:9443 2020/01/10 17:57:31 [INFO] Listening on http://0.0.0.0:7054位置:/root/fab-ca/server/IssuerPublicKey 2020/01/10 17:57:31 [INFO] Idemix 发行者撤销公钥和私钥文件已经存在 2020/01/10 17:57:31 [INFO] private密钥文件位置:/root/fab-ca/server/msp/keystore/IssuerRevocationPrivateKey 2020/01/10 17:57:31 [INFO] 公钥文件位置:/root/fab-ca/server/IssuerRevocationPublicKey 2020/01/ 10 17:57:31 [INFO] 默认 CA 的主目录:/root/fab-ca/server 2020/01/10 17:57:31 [INFO] 操作服务器侦听 127.0.0.1:9443 2020/01/10 17:57:31 [INFO] 收听http://0.0.0.0:7054

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 带有 SoftHSM 的 Fabric-CA:无法初始化 BCCSP PKCS11:配置无效。 不能为零 - Fabric-CA with SoftHSM: Could not initialize BCCSP PKCS11: Invalid config. It must not be nil 对等节点开始抛出找不到默认的 pkcs11 BCCSP 错误 - peer node start throwing Could not find default pkcs11 BCCSP error Hyperledger Fabric CA 服务器 - 初始化 BCCSP PKCS11 库时出错 - Hyperledger Fabric CA server - getting error while initializing BCCSP PKCS11 library 无法本地启动Fabric-CA服务器 - Cannot start fabric-ca server natively 无法使用Fabric中的ca服务器生成的ca文件启动订购程序 - Could not start orderer with ca file generated by ca server in fabric 找不到Fabric CA的特定SDK功能 - Cannot find specific SDK function for Fabric CA 如何访问默认的hyperledger fabric-ca数据库 - How to access default hyperledger fabric-ca database 检查 Hyperledger Fabric CA 服务器是否已启动并运行的最佳方法是什么? - What is the best way to check if a Hyperledger Fabric CA server is up and running? Hyperledger Fabric CA:在哪里可以找到环境变量列表? - Hyperledger Fabric CA: Where can we find list of environment variables? fabric-ca-client 找不到./utils.js - fabric-ca-client cannot find ./utils.js
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM