Search code examples
hyperledger-fabrichyperledger-chaincode

What to put inside wallet for hyperledger fabric application, if crypto material is generted using cryptogen?

Scenario:

Hyperledger Fabric: v2.2.x

What is done?

*Note: Docker based development is followed

  1. Generated crypto material using "cryptogen"
    • 1 Orderer
    • 1 Peer Org
      • 2 Peers & 2 Users (admin, normal)
  2. Created Channel
  3. Peers joined channel
  4. Deployed chaincode & tested using "cli"

What's next?

  • Now, I want to build a web app and for that, I have to use node.js sdk to execute transactions (query, invoke).

  • So, for doing that I need to use a File system "wallet", but I don't understand what to put inside the wallet folder or which files(crypto material) to provide?.

  • As per documentation

The wallet holds a set of identities – X.509 digital certificates

You can see my crypto material at the end of the question, please tell me in that what is X.509 digital certificates that the documentation is suggesting here?

  • In this tutorial they are talking about a identity "Isabella", is it similar to Admin/User I have generated crypto material for? If yes then what to put inside the wallet folder?

Crypto material for the users of Org1

(Other folders of generated crypto material are not provided to avoid confusion)

users
    ├── Admin@org1.example.com
    │   ├── msp
    │   │   ├── admincerts
    │   │   ├── cacerts
    │   │   │   └── ca.org1.example.com-cert.pem
    │   │   ├── config.yaml
    │   │   ├── keystore
    │   │   │   └── priv_sk
    │   │   ├── signcerts
    │   │   │   └── Admin@org1.example.com-cert.pem
    │   │   └── tlscacerts
    │   │       └── tlsca.org1.example.com-cert.pem
    │   └── tls
    │       ├── ca.crt
    │       ├── client.crt
    │       └── client.key
    └── User1@org1.example.com
        ├── msp
        │   ├── admincerts
        │   ├── cacerts
        │   │   └── ca.org1.example.com-cert.pem
        │   ├── config.yaml
        │   ├── keystore
        │   │   └── priv_sk
        │   ├── signcerts
        │   │   └── User1@org1.example.com-cert.pem
        │   └── tlscacerts
        │       └── tlsca.org1.example.com-cert.pem
        └── tls
            ├── ca.crt
            ├── client.crt
            └── client.key
Solution

  • You should use the client APIs to populate your wallet, not just copy files to the wallet directory.

    The credentials required for a client identity that you want to use to transact with a Fabric network are typically an X.509 certificate (which is effectively the identity's public key, signed by a trusted certificate authority), and associated private key (for signing messages). In the files you listed as output from crytogen, the credentials for the Org1 admin identity are:

    • Certificate: users/Admin@org1.example.com/msp/signcerts/Admin@org1.example.com-cert.pem
    • Private key: users/Admin@org1.example.com/msp/keystore/priv_sk

    For the Org1 user identity, the credentials are:

    • Certificate: users/User1@org1.example.com/msp/signcerts/User1@org1.example.com-cert.pem
    • Private key: users/User1@org1.example.com/msp/keystore/priv_sk

    However, the sample application referred to in the tutorial you've linked uses the Certificate Authority to create new user identities (and corresponding credentials) programmatically for use by the application. I suggest you read carefully through both the tutorial, and the sample application code it refers to, to understand how this is done.