How to generate Hyperledger Fabric keystore offline
Question
I am using fabric-sdk-nodejs to enroll the user it works fine, but all the private key and msp will be created using fabric CA.
my questions
- How i can generate keypair for offline user and then generate the certificate using fabric CA for particular organisation?
- Is it possible to create keypair offline, which keypair generation is supported or fabric has own offline keypair generation?
- In production environment we cannot keep the user keypair, so how generation of keypair flow works?
1 answers
solution1
0 ACCPTED 2019-10-18 06:44:45
The way you are trying to do is wrong
generation of private key and certificate is a multi-step procedure
When you try to create a keypair(private key & certificate) root-ca or intermediate-ca has to sign it then only it will be valid, this is called signing by using the concept of PKI
Fabric supports x509 certificate & ecdsa private key, you can generate root-ca certificate and sign certs outside.
Coming to your question about security of user credentials: you can always use fabric-ca to generate the sign certs and you have three options
- store in the server as file-storage
- store it in couchdb as key-value store
- store it in hardware using hsm or so
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.