Introduction to MSP
MSP is a set of components to specify the authority authentication system for users to perform certain operations.
MSP can be set on each peer and order node, so that verification and signature operations can be realized. For video learning, please refer to the video tutorial.
The architecture of MSP
Self signed certificate as trusted root certificate
MSP can be generated by OpenSSL, cryptogen and fabric ca
MSP directory structure
Admincerts directory, used to store the admin certificate
Cacerts directory, the certificate directory of root ca.
Intermediate certs directory, optional directory of intermediate CA
Config.yaml file, optional organization unit configuration file.
CRLs optional directory URL for certificate revocation
Keystore the file directory where the private key is stored
Directory of tlscacerts optional TLS root certificate
Lsintermediatecerts directory of optional TLS intermediate certificates
MSP certificate format
The certificate of MSP in fabric is in the form of x509 certificate
X.509 Is a standard for defining the format of public key certificates. Used in many Internet protocols X.509 Certificates, including TLS / SSL, are the foundation of HTTPS, the secure protocol for browsing the web. They are also used for offline applications, such as electronic signatures. One X.509 A certificate contains a public key and an identity (host name, organization or individual). When a certificate is issued or self signed by a trusted certification authority, or verified by other methods, the holder of the certificate can rely on the public key it contains to establish secure communication with the other party, or verify the document digitally signed by the corresponding private key.
The x509 certificate can be viewed through the OpenSSL command, as follows:
openssl x509 -in ca.org1.example.com-cert.pem -noout -text
The content is as follows: This is a self signed certificate, i.e. sign for yourself
Where: serial number means serial number
Signature algorithm: Signature Algorithm Issuer: who issues your UI Subject: issued subject Subject public key Info: public key information