在 Hyperledger Fabric 中使用的外部 x509 证书签名和密钥算法的要求
Posted
技术标签:
【中文标题】在 Hyperledger Fabric 中使用的外部 x509 证书签名和密钥算法的要求【英文标题】:Requirement for external x509 certificates signature and key algorithms to be used in Hyperledger Fabric 【发布时间】:2020-10-16 16:49:13 【问题描述】:我们正在尝试使用组织提供的证书(即不是由cryptogen
或fabric-ca-server
生成)来设置测试网络。
通过将所有提到的证书和密钥放在相应的文件夹中,我为 peer0 重新创建了 MSP。
peer0启动时,出现如下错误:
2020-10-16 14:33:34.269 UTC [bccsp] GetDefault -> DEBU 001 Before using BCCSP, please call InitFactories(). Falling back to bootBCCSP.
2020-10-16 14:33:34.314 UTC [bccsp] GetDefault -> DEBU 002 Before using BCCSP, please call InitFactories(). Falling back to bootBCCSP.
2020-10-16 14:33:34.325 UTC [bccsp_sw] openKeyStore -> DEBU 003 KeyStore opened at [/etc/hyperledger/fabric/msp/keystore]...done
2020-10-16 14:33:34.325 UTC [msp] getPemMaterialFromDir -> DEBU 004 Reading directory /etc/hyperledger/fabric/msp/signcerts
2020-10-16 14:33:34.326 UTC [msp] getPemMaterialFromDir -> DEBU 005 Inspecting file /etc/hyperledger/fabric/msp/signcerts/peer0.supplier.dlt.ericsson.com.cer
2020-10-16 14:33:34.326 UTC [msp] getPemMaterialFromDir -> DEBU 006 Reading directory /etc/hyperledger/fabric/msp/cacerts
2020-10-16 14:33:34.326 UTC [msp] getPemMaterialFromDir -> DEBU 007 Inspecting file /etc/hyperledger/fabric/msp/cacerts/root-ca.pem
2020-10-16 14:33:34.326 UTC [msp] getPemMaterialFromDir -> DEBU 008 Reading directory /etc/hyperledger/fabric/msp/admincerts
2020-10-16 14:33:34.326 UTC [msp] getPemMaterialFromDir -> DEBU 009 Reading directory /etc/hyperledger/fabric/msp/intermediatecerts
2020-10-16 14:33:34.326 UTC [msp] getPemMaterialFromDir -> DEBU 00a Inspecting file /etc/hyperledger/fabric/msp/intermediatecerts/intermediate-issuing-ca.pem
2020-10-16 14:33:34.326 UTC [msp] getPemMaterialFromDir -> DEBU 00b Reading directory /etc/hyperledger/fabric/msp/tlscacerts
2020-10-16 14:33:34.326 UTC [msp] getMspConfig -> DEBU 00c TLS CA certs folder at [/etc/hyperledger/fabric/msp/tlsintermediatecerts] is empty. Skipping.
2020-10-16 14:33:34.326 UTC [msp] getPemMaterialFromDir -> DEBU 00d Reading directory /etc/hyperledger/fabric/msp/crls
2020-10-16 14:33:34.326 UTC [msp] getMspConfig -> DEBU 00e crls folder not found at [/etc/hyperledger/fabric/msp/crls]. Skipping. [stat /etc/hyperledger/fabric/msp/crls: no such file or directory]
2020-10-16 14:33:34.326 UTC [msp] getMspConfig -> DEBU 00f Loading NodeOUs
2020-10-16 14:33:34.326 UTC [msp] newBccspMsp -> DEBU 010 Creating BCCSP-based MSP instance
2020-10-16 14:33:34.326 UTC [msp] New -> DEBU 011 Creating Cache-MSP instance
2020-10-16 14:33:34.326 UTC [msp] loadLocalMSP -> DEBU 012 Created new local MSP
2020-10-16 14:33:34.327 UTC [msp] Setup -> DEBU 013 Setting up MSP instance Org1MSP
2020-10-16 14:33:34.329 UTC [main] InitCmd -> ERRO 014 Cannot run peer because error when setting up MSP of type bccsp from directory /etc/hyperledger/fabric/msp: Failed importing key with opts [&true]: Certificate's public key type not recognized. Supported keys: [ECDSA]
Fabric 似乎不支持提供的证书。关于在 Fabric 中有效的证书格式是否有任何建议/指南?
使用的证书说:
Signature Algorithm: sha256WithRSAEncryption
Subject Public Key Info: Public Key Algorithm: id-ecPublicKey
【问题讨论】:
【参考方案1】:在 Hyperledger Fabric 中,仅支持使用 ECDSA 算法生成的证书和签名。您可以通过以下link of Hyperledger Fabric CA获得更多信息。
【讨论】:
以上是关于在 Hyperledger Fabric 中使用的外部 x509 证书签名和密钥算法的要求的主要内容,如果未能解决你的问题,请参考以下文章
HyperLedger Fabric安装在中间并且在MacOS中没有进展?
Hyperledger Fabric教程--部署Fabric智能合约
Hyperledger Fabric:在运行 raft 网络中添加 Orderer