While doing Hyperledger fabric setup, we create crypto material and mention users for organizations and and correspondingly user crypto material gets generated which is used to invoke chaincode while logging through CLI. Also, when we try to connect network through SDK we also need to enroll and register user to connect to network. So, what is the difference between these two users?
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
Cryptogen utility used for generating Hyperledger Fabric key material is mainly meant to be used for testing environment only.
It generates the CA certificate before the Fabric CA Server is up. {This won't be the case in production env.}
This certificate is mounted to fabric-ca in docker-compose.yaml file. This is done via volumes keyword as in the below snippet:
ca.example.com:
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.example.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/4239aa0dcd76daeeb8ba0cda701851d14504d31aad1b2ddddbac6a57365e497c_sk
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca.example.com
networks:
- basic
The command 'fabric-ca-server start -b admin:adminpw -d' in above script registers a bootstrap identity. This bootstrap identity is used by the application to enroll the 'admin' user. During this enrollment, fabric-ca-server gives the app a ecert, users private key and cacert chain PEM files.
From the above reference, the users certs generated by cryptogen and via application will be issued using the same root CA Cert.
When using CLI to execute commands such install chaincode, instantiate chaincode etc. you will be using the user certs generated by the cryptogen as these are mounted into the corresponding peer. Again refer to the volumes section of peer in docker-compose.yaml for this:
volumes:
- /var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/msp/peer
- ./crypto-config/peerOrganizations/org1.example.com/users:/etc/hyperledger/msp/users
- ./config:/etc/hyperledger/configtx
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 爷、活的狠高调 的文章《Difference between users created through cryptogen》','https://www.manongdao.com/article-838089.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}