本文深入讲解Hyperledger Fabric的cryptogen工具,它用于生成网络实体的加密材料,包括公私钥和证书,支持网络通信和身份验证。文章详细介绍cryptogen的工作原理、配置文件crypto-config.yaml的结构,以及如何在Hyperledger Fabric环境中编译和使用cryptogen。
参考:http://baijiahao.baidu.com/s?id=1596614770784685300&wfr=spider&for=pc
cryptogen是Hyperledger Fabric提供的为网络实体生成加密材料(公私钥、证书等)的实用程序。这些证书代表一个身份,并允许在网络实体间通信和交易时进行签名和身份认证。
cryptogen使用一个包含网络拓扑的crypto-config.yaml文件,为文件中定义的组织和属于这些组织的实体生成一组证书和密钥。每个组织都配置了唯一的根证书(ca-cert),并包含了特定实体(peers和orders),这就形成了一种典型的网络结构——每个成员都有所属的CA。在hyperledger中文文档学习-4-构建第一个fabric网络这个例子中就有一个crypto-config.yaml文件,如下:
# Copyright IBM Corp. All Rights Reserved. # # SPDX-License-Identifier: Apache-2.0 # # --------------------------------------------------------------------------- # "OrdererOrgs" - Definition of organizations managing orderer nodes # --------------------------------------------------------------------------- OrdererOrgs: # --------------------------------------------------------------------------- # Orderer # --------------------------------------------------------------------------- - Name: Orderer Domain: example.com # --------------------------------------------------------------------------- # "Specs" - See PeerOrgs below for complete description # --------------------------------------------------------------------------- Specs: - Hostname: orderer # --------------------------------------------------------------------------- # "PeerOrgs" - Definition of organizations managing peer nodes # --------------------------------------------------------------------------- PeerOrgs: # --------------------------------------------------------------------------- # Org1 # --------------------------------------------------------------------------- - Name: Org1 Domain: org1.example.com EnableNodeOUs: true # --------------------------------------------------------------------------- # "Specs" # --------------------------------------------------------------------------- # Uncomment this section to enable the explicit definition of hosts in your # configuration. Most users will want to use Template, below # # Specs is an array of Spec entries. Each Spec entry consists of two fields: # - Hostname: (Required) The desired hostname, sans the domain. # - CommonName: (Optional) Specifies the template or explicit override for # the CN. By default, this is the template: # # "{{.Hostname}}.{{.Domain}}" # # which obtains its values from the Spec.Hostname and # Org.Domain, respectively. # --------------------------------------------------------------------------- # Specs: # - Hostname: foo # implicitly "foo.org1.example.com" # CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above # - Hostname: bar # - Hostname: baz # --------------------------------------------------------------------------- # "Template" # --------------------------------------------------------------------------- # Allows for the definition of 1 or more hosts that are created sequentially # from a template. By default, this looks like "peer%d" from 0 to Count-1. # You may override the number of nodes (Count), the starting index (Start) # or the template used to construct the name (Hostname). # # Note: Template and Specs are not mutually exclusive. You may define both # sections and the aggregate nodes will be created for you. Take care with # name collisions # --------------------------------------------------------------------------- Template: Count: 2 # Start: 5 # Hostname: {{.Prefix}}{{.Index}} # default # --------------------------------------------------------------------------- # "Users" # --------------------------------------------------------------------------- # Count: The number of user accounts _in addition_ to Admin # --------------------------------------------------------------------------- Users: Count: 1 # --------------------------------------------------------------------------- # Org2: See "Org1" for full specification # --------------------------------------------------------------------------- - Name: Org2 Domain: org2.example.com EnableNodeOUs: true Template: Count: 2 Users: Count: 1
声明了一个排序组织,两个节点组织,节点组织中分别一个用户带着有两个节点。在这里会为每个组织都配置一个根证书。
crypto-config.yaml是cryptogen工具使用的配置文件,cryptogen工具根据该配置文件生成加密材料。
⚠️但该文件名字并非固定,也可自定义,只需在cryptogen generate命令中指定对应文件即可。
由上面可知cryptogen是一个独立的可执行程序,源码能够在github.com/hyperledger/fabric/common/tools/cryptogen/上找到,首先在构建好的虚拟机上面查看是否成功运行了cryptogen:
vagrant@ubuntu-xenial:~/fabric-samples/first-network$ cryptogen --help
cryptogen: command not found
可见并没有
那么首先我们就要编译生成该可执行文件,有两种办法:
1)在下载的hyperledger/fabric路径下运行命令:
然后就能够看见生成了文件夹./build/bin,并在该文件夹下生成了可执行文件cryptogen:
vagrant@ubuntu-xenial:/opt/gopath/src/github.com/hyperledger/fabric$ make cryptogen .build/bin/cryptogen CGO_CFLAGS=" " GOBIN=/opt/gopath/src/github.com/hyperledger/fabric/.build/bin go install -tags "" -ldflags "-X github.com/hyperledger/fabric/common/tools/cryptogen/metadata.CommitSHA=325999f" github.com/hyperledger/fabric/common/tools/cryptogen Binary available as .build/bin/cryptogen
然后运行:
vagrant@ubuntu-xenial:/opt/gopath/src/github.com/hyperledger/fabric$ cryptogen --help usage: cryptogen [<flags>] <command> [<args> ...] 用于生成Hyperledger Fabric密钥文件 Flags: --help 显示帮助信息 --help-long 显示详细帮助信息 --help-man Commands: help [<command>...] 显示下面命令的帮助信息. generate [<flags>] 生成密钥文件 showtemplate 显示默认的配置模版 version 显示版本信息 extend [<flags>] 扩展现存网络
由上面可见成功编译成功
里面的命令中最重要的是generate命令:
vagrant@ubuntu-xenial:/opt/gopath/src/github.com/hyperledger/fabric$ cryptogen help generate usage: cryptogen generate [<flags>] 生成密钥证书 Flags: --help Show context-sensitive help (also try --help-long and --help-man). --output="crypto-config" 指定放置证书的输出目录 --config=CONFIG 指定使用的配置模版,不指定则使用cryptogen showtemplate中指定的默认模版,一般为crypto-config.yaml
最常见的命令为:
cryptogen generate --config=./crypto-config.yaml
即根据crypto-config.yaml文件的配置,生成组织信息及其密钥证书等,保存在crypto-config目录下。
2)另一种方法是直接在fabric/common/tools/cryptogen/下执行go build命令
扫一扫
1253
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
