Hyperledger fabric Private key using Fabric-CA -server
Question
I am new to Hyperledger fabric, i am using the hyperledger fabric ca server to register the admin,user,peer. I have few doubts
1. when i create the admin, using fabric-ca-client start --id admin:adminpw its create the config file and msp folder in home directory, does msp contain the private key of admin.
2. if msp contain the private key, when we host the fabric-server into live do we still keep the msp folder in live/production,does the private key will be exposed. how its works.
Please it would be helpful someone clarify my doubts.
1 answers
solution1
0 ACCPTED 2019-09-28 12:23:47
1) When you use fabric-ca-client to enroll ( fabric-ca-client enroll ), it will create the private key in the map/keystore directory.
2) If you do not want to expose the private key on the filesystem, you can store the private key in an HSM (Hardware Security Module) using via PKCS11. See https://hyperledger-fabric-ca.readthedocs.io/en/release-1.4/users-guide.html?highlight=pkcs11#hsm for more details. If you don't have access to an HSM, then you should minimally encrypt the file system (if running in a cloud) and ensure that you set the file permissions to 0400 for the user you use to start your fabric processes.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.