MSP of hyperledger fabric 1.4

Time:2020-5-15

Introduction to MSP

MSP is a set of components to specify the authority authentication system for users to perform certain operations.
MSP can be set on each peer and order node, so that verification and signature operations can be realized. For video learning, please refer to the video tutorial.

The architecture of MSP

Self signed certificate as trusted root certificate
MSP can be generated by OpenSSL, cryptogen and fabric ca

MSP directory structure

Admincerts directory, used to store the admin certificate
Cacerts directory, the certificate directory of root ca.
Intermediate certs directory, optional directory of intermediate CA
Config.yaml file, optional organization unit configuration file.
CRLs optional directory URL for certificate revocation
Keystore the file directory where the private key is stored
Directory of tlscacerts optional TLS root certificate
Lsintermediatecerts directory of optional TLS intermediate certificates

MSP certificate format

The certificate of MSP in fabric is in the form of x509 certificate
X.509 Is a standard for defining the format of public key certificates. Used in many Internet protocols X.509 Certificates, including TLS / SSL, are the foundation of HTTPS, the secure protocol for browsing the web. They are also used for offline applications, such as electronic signatures. One X.509 A certificate contains a public key and an identity (host name, organization or individual). When a certificate is issued or self signed by a trusted certification authority, or verified by other methods, the holder of the certificate can rely on the public key it contains to establish secure communication with the other party, or verify the document digitally signed by the corresponding private key.
The x509 certificate can be viewed through the OpenSSL command, as follows:
openssl x509 -in ca.org1.example.com-cert.pem -noout -text
The content is as follows: This is a self signed certificate, i.e. sign for yourself
MSP of hyperledger fabric 1.4
Where: serial number means serial number

Signature algorithm: Signature Algorithm  
                    Issuer: who issues your UI  
                    Subject: issued subject  
                    Subject public key Info: public key information

Recommended Today

Fully listing the usage of dig command in Linux system

grammardig [@server] [-b address] [-c class] [-f filename] [-k filename] [ -n ][-p port#] [-t type] [-x addr] [-y name:key] [name] [type] [class] [queryopt…]dig [-h]dig [global-queryopt…] [query…] describeThe dig command is a flexible tool for querying DNS domain name servers. He performs a DNS search to display the responses returned from the requested domain name […]