在 Hyperledger Fabric 中使用的外部 x509 证书签名和密钥算法的要求

Posted 2023-03-09

【中文标题】在 Hyperledger Fabric 中使用的外部 x509 证书签名和密钥算法的要求

【英文标题】：Requirement for external x509 certificates signature and key algorithms to be used in Hyperledger Fabric

【发布时间】：2020-10-16 16:49:13

【问题描述】：

我们正在尝试使用组织提供的证书（即不是由cryptogen 或fabric-ca-server 生成）来设置测试网络。 通过将所有提到的证书和密钥放在相应的文件夹中，我为 peer0 重新创建了 MSP。 peer0启动时，出现如下错误：

2020-10-16 14:33:34.269 UTC [bccsp] GetDefault -> DEBU 001 Before using BCCSP, please call InitFactories(). Falling back to bootBCCSP.
2020-10-16 14:33:34.314 UTC [bccsp] GetDefault -> DEBU 002 Before using BCCSP, please call InitFactories(). Falling back to bootBCCSP.
2020-10-16 14:33:34.325 UTC [bccsp_sw] openKeyStore -> DEBU 003 KeyStore opened at [/etc/hyperledger/fabric/msp/keystore]...done
2020-10-16 14:33:34.325 UTC [msp] getPemMaterialFromDir -> DEBU 004 Reading directory /etc/hyperledger/fabric/msp/signcerts
2020-10-16 14:33:34.326 UTC [msp] getPemMaterialFromDir -> DEBU 005 Inspecting file /etc/hyperledger/fabric/msp/signcerts/peer0.supplier.dlt.ericsson.com.cer
2020-10-16 14:33:34.326 UTC [msp] getPemMaterialFromDir -> DEBU 006 Reading directory /etc/hyperledger/fabric/msp/cacerts
2020-10-16 14:33:34.326 UTC [msp] getPemMaterialFromDir -> DEBU 007 Inspecting file /etc/hyperledger/fabric/msp/cacerts/root-ca.pem
2020-10-16 14:33:34.326 UTC [msp] getPemMaterialFromDir -> DEBU 008 Reading directory /etc/hyperledger/fabric/msp/admincerts
2020-10-16 14:33:34.326 UTC [msp] getPemMaterialFromDir -> DEBU 009 Reading directory /etc/hyperledger/fabric/msp/intermediatecerts
2020-10-16 14:33:34.326 UTC [msp] getPemMaterialFromDir -> DEBU 00a Inspecting file /etc/hyperledger/fabric/msp/intermediatecerts/intermediate-issuing-ca.pem
2020-10-16 14:33:34.326 UTC [msp] getPemMaterialFromDir -> DEBU 00b Reading directory /etc/hyperledger/fabric/msp/tlscacerts
2020-10-16 14:33:34.326 UTC [msp] getMspConfig -> DEBU 00c TLS CA certs folder at [/etc/hyperledger/fabric/msp/tlsintermediatecerts] is empty. Skipping.
2020-10-16 14:33:34.326 UTC [msp] getPemMaterialFromDir -> DEBU 00d Reading directory /etc/hyperledger/fabric/msp/crls
2020-10-16 14:33:34.326 UTC [msp] getMspConfig -> DEBU 00e crls folder not found at [/etc/hyperledger/fabric/msp/crls]. Skipping. [stat /etc/hyperledger/fabric/msp/crls: no such file or directory]
2020-10-16 14:33:34.326 UTC [msp] getMspConfig -> DEBU 00f Loading NodeOUs
2020-10-16 14:33:34.326 UTC [msp] newBccspMsp -> DEBU 010 Creating BCCSP-based MSP instance
2020-10-16 14:33:34.326 UTC [msp] New -> DEBU 011 Creating Cache-MSP instance
2020-10-16 14:33:34.326 UTC [msp] loadLocalMSP -> DEBU 012 Created new local MSP
2020-10-16 14:33:34.327 UTC [msp] Setup -> DEBU 013 Setting up MSP instance Org1MSP
2020-10-16 14:33:34.329 UTC [main] InitCmd -> ERRO 014 Cannot run peer because error when setting up MSP of type bccsp from directory /etc/hyperledger/fabric/msp: Failed importing key with opts [&true]: Certificate's public key type not recognized. Supported keys: [ECDSA]

Fabric 似乎不支持提供的证书。关于在 Fabric 中有效的证书格式是否有任何建议/指南？

使用的证书说：

Signature Algorithm: sha256WithRSAEncryption

Subject Public Key Info: Public Key Algorithm: id-ecPublicKey

【参考方案1】：

在 Hyperledger Fabric 中，仅支持使用 ECDSA 算法生成的证书和签名。您可以通过以下link of Hyperledger Fabric CA获得更多信息。