stackoom
  简体   繁体   中英

Where does user private key is stored in fabric-ca in user key generation process

 原文  2021-10-13 07:22:07       hyperledger-fabric/ hyperledger-fabric-ca

Question

I am using fabric ca-client to to register and enroll the "user" to interact with the chaincode. Registering the user using organization CA admin as follow :

export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org1/ca/admin
export FABRIC_CA_CLIENT_MSPDIR=msp

fabric-ca-client register -d --id.name userk2 --id.secret userk2PW --id.type user -u https://0.0.0.0:7054

And enrolled user without admin of org-ca as

fabric-ca-client enroll -u "https://userk2:userk2PW@0.0.0.0:7054"  --tls.certfiles /tmp/hyperledger/org1/admin/msp/cacerts/0-0-0-0-7054.pem

Now CA server should provide user certificates to the user (here userk2) that requires to interact with the chaincodes.

I received response from the CA server as :

2021/10/13 12:13:50 [INFO] TLS Enabled
2021/10/13 12:13:50 [INFO] generating key: &{A:ecdsa S:256}
2021/10/13 12:13:50 [INFO] encoded CSR
2021/10/13 12:13:51 [INFO] Stored client certificate at /root/.fabric-ca-client/msp/signcerts/cert.pem
2021/10/13 12:13:51 [INFO] Stored root CA certificate at /root/.fabric-ca-client/msp/cacerts/0-0-0-0-7054.pem
2021/10/13 12:13:51 [INFO] Stored Issuer public key at /root/.fabric-ca-client/msp/IssuerPublicKey
2021/10/13 12:13:51 [INFO] Stored Issuer revocation public key at /root/.fabric-ca-client/msp/IssuerRevocationPublicKey

Which are the user private/public key and root of trust for interacting with chaincode? Thank you!

1 answers

solution1
 2 ACCPTED  2021-10-13 08:11:07

The user private key is stored in the client, not in the Fabric-CA. The client never shares its private key (as it is expected to). The client generates a key pair, submits a CSR to the CA and receives the signed certificate. The client saves the received certificate (the CA saves a copy, too).

According to your logs, your client certificate is in:

  • /root/.fabric-ca-client/msp/signcerts/cert.pem .

And your private key must be under:

  • /root/.fabric-ca-client/msp/keystore/ .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Hyperledger fabric Private key using Fabric-CA -server Where does Hyperledger fabric store the public key and private key of the user? Store User Credentials and validate via Fabric-CA I can't register a user by fabric-ca Local saving user credentials after registration in fabric-ca Can I use Existing Certificate, private key, public key for my hyperledger fabric user rather than creating new from CA or cryptogen? How to check whether a user is registered and enrolled in fabric-ca server using cli commands? Unable to see the user in peer docker container that got created in fabric-ca container Hyperledger Fabric-ca connect to LDAP : admin does not exist why does fabric-ca start as self-signed certificate?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM