stackoom
  简体   繁体   中英

What Admin peer can do in hyperledger composer?

 原文  2018-04-22 02:51:51       hyperledger-fabric/ hyperledger/ hyperledger-composer

Question

I am following the tutorials of hyperledger composer at composer playground . In defining a business network, at some point after starting fabric, a PeerAdminCard is created by 

./createPeerAdminCard.sh

After that it can be seen in the card name and when imported for a specific business network, it can be seen to what Business Network it has been assigned.

Based on my undestanding this peer is the admin of the network, and when you run composer-playground, this is what you see in ID Registry on top right which has access to everything (all participants, assets and transactions.) And it seems that this Admin (PeerAdminCard) can also issue other identities. If these assumption are correct (please correct me if I am wrong), the following questions rise for me:

1- Is it safe to have such a peer in network?

2- Doesn't it make things more centralized?

3- If it can add peers to the network, can't it save the secret key of the peers and later use that to impersonate that peer or just simply read the content of transactions which are made by that peer?

4- Regarding question number 3, are transactions made in a channel already encrypted so that only members of the channel can somehow decrypt them by their private key or if Admin adds itself to a channel at some point in time can simply read those transactions without difficulty?

I appreciate any help. Thank you in advance.

1 answers

solution1
 0 ACCPTED  2018-04-22 12:58:47

A PeerAdmin is a user role with administrative privileges for the organization from which the certificate was generated. This role has the ability to add/remove peers, deploy chaincode, create and join channels, etc. on behalf of that organization. This section of the Hyperledger Fabric documentation may be of help in understanding.

To be clear, this is not a peer node , it is an identity . The peers themselves also have identity, but they don't have administrative rights, that identity is used to sign/endorse transaction proposals and to interact securely with other nodes/services in the network (via TLS).

In a multi-organization consortium, each organization would have its own administrator role, and hence the overall governance is decentralized.

1) yes

2) no

3) the samples leverage a cryptogen tool to generate certificates and the associated public and private keys for a network. This is purely provided as a means of simplifying the setup. It would not be used in a production context for the very reason you cite. Rather, more traditional approaches for interacting with a certificate authority (eg via the fabric-ca-client if the fabric-ca is being used) would be used and the private keys would only be accessible to the individual for which they were generated.

4) transactions in a channel are not encrypted by default. There is, however, a new encryption capability that can be leveraged in chaincode.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Hyperledger Composer add a new peer Hyperledger composer peer to peer connection not establishing What is peer in hyperledger fabric? Hyperledger Composer Fail to Update unless Peer is restarted Using more than one peer in Hyperledger Composer Hyperledger fabric & Composer - multi peer deployment How can I renew an admin certificate for a Hyperledger Fabric orderer / peer while the admin certificate nearly expire in Hyperledger Fabric, What is an Organization and Peer? What does condition tag do in hyperledger composer for .cto? How do the different MSP roles (member, admin, peer, client) affect Hyperledger Fabric Endorsement policies?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM