Background

I am studying the hyperledger fabic tutorial: Building Your First Network (BYFN), and studying the details of the scripts. The source codes can be found here.

Question

The commandbyfn.sh generate runs cryptogen generate ./config=./crypto-config.yaml and then generates certificates. A directory crypto-config/ is produced with sub-directories ordererOrganization/ and peerOrganizations/.

In the path crypto-config/peerOrganizations/org1.example.com/. It consists of

1. ca/
2. msp/
3. peers
4. tlsca/
5. users/

I have difficulties in understanding the structures in this directory.

Q1: There are certs and private keys in ca/, msp/ and tlsa/. But what are they representing? and why do we need them? It confuses me because inside directory of peer/, there are also msp/ and tls/.

Q2: What is the purpose of users/ directory? (I only know the network has peers and orderers). Are user and admin representing the end-users for this organization? and what is the difference between user and admin? Take this network picture for example, where are user and admin?

Many Thanks

So, public channel configuration is loaded only with what is found under msp/. This is used to verify certificates of clients, and network nodes (peers, orderers).

The ca/ folder just represents what a CA would have had it exited. The tlsca/ folder is basically used to define the same thing the ca/ folder, only for TLS certificates. In fabric, there is a different certificate chain for TLS and for enrollment certificates.

Now, the peers, orderers , users contain the material for the local MSP of the node, as well as its signing identity (certificate, and private key).

The user is basically anyone that can authenticate to fabric as a client, and an admin is a special type of users who is authorized to sign transactions that have administrative changes on the organization it belongs to, like - adding anchor peers when sending a configuration transaction to the orderer, or - instantiating chaincode.