Hyperledger织物加密材料 [英] Hyperledger fabric Crypto materials
问题描述
如果我们在 fabric-sample 的 basic-network 中看到 crypto-config 文件夹,则我们有各种类型的证书材料:
If we see the crypto-config folder in basic-network of fabric-sample, we have various certificate materials with various types:
└── example.com
├── ca
│ ├── 0d46ccf0e9436c1bc3b6e2bf80cdb202c4943604f95c72ee0ff839d3ec300719_sk
│ └── ca.example.com-cert.pem
├── msp
│ ├── admincerts
│ │ └── Admin@example.com-cert.pem
│ ├── cacerts
│ │ └── ca.example.com-cert.pem
│ └── tlscacerts
│ └── tlsca.example.com-cert.pem
├── orderers
│ └── orderer.example.com
│ ├── msp
│ │ ├── admincerts
│ │ │ └── Admin@example.com-cert.pem
│ │ ├── cacerts
│ │ │ └── ca.example.com-cert.pem
│ │ ├── keystore
│ │ │ └── 2fb065725bf1b7e2811c0e8ca8d37f5a951fc4cd1162a47aad8accf9ddd10291_sk
│ │ ├── signcerts
│ │ │ └── orderer.example.com-cert.pem
│ │ └── tlscacerts
│ │ └── tlsca.example.com-cert.pem
│ └── tls
│ ├── ca.crt
│ ├── server.crt
│ └── server.key
├── tlsca
│ ├── 6a211ed18880b4db3867831c977809902713b8e321a5ab55ecc104dafc2eec49_sk
│ └── tlsca.example.com-cert.pem
└── users
└── Admin@example.com
├── msp
│ ├── admincerts
│ │ └── Admin@example.com-cert.pem
│ ├── cacerts
│ │ └── ca.example.com-cert.pem
│ ├── keystore
│ │ └── db670eed8487a93c35ae448b9f84c2f241a7a8c87df0544fc1dc08baf7832aa0_sk
│ ├── signcerts
│ │ └── Admin@example.com-cert.pem
│ └── tlscacerts
│ └── tlsca.example.com-cert.pem
└── tls
├── ca.crt
├── server.crt
└── server.key
谁能解释为什么这些文件太多了,为什么其中一些文件重复(例如 ca.example.com-cert.pem 有很多副本)并且有目的.
.pem 文件有什么用途?
.crt 文件有什么用途?
.key 文件有什么用途?
** ...._ sk **文件有什么用途?
Can anyone explain why there are so too many of these files why are some of these files duplicated(such as ca.example.com-cert.pem have many copies) and there purpose.
What are .pem files used for?
What are .crt files used for?
What are .key files used for?
What are ** ...._sk** files used for?
为什么 fabcar 示例仅通过使用3个文件来对其进行管理??
And why the fabcar example manage it only by using 3 files.??
fabcar/creds
├── 5890f0061619c06fb29dea8cb304edecc020fe63f41a6db109f1e227cc1cb2a8-priv
├── 5890f0061619c06fb29dea8cb304edecc020fe63f41a6db109f1e227cc1cb2a8-pub
└── PeerAdmin
感谢您的帮助
推荐答案
每个组织都需要一个唯一的根证书(ca-cert),该证书将特定组件(对等和订购者)绑定到该组织.
Each Organization requires a unique root certificate (ca-cert), that binds specific components (peers and orderers) to that organization.
Fabric中的事务和通信由实体的私钥(密钥库)签名,然后通过公钥(signcerts)进行验证.
Transactions and communications within Fabric are signed by an entity's private key (keystore), and then verified by means of a public key (signcerts).
由于其他组织也需要交流或共享其分类帐,因此在组织级别需要CA或MSP.在每个组织中,我们可以有多个同级,因此我们也需要这些同级的认证.甚至来自不同组织的同行也可以互相加入,因此signcerts(用于身份验证)和TLScerts(用于安全握手).
As different organization also required to communicate or share their ledger so there is need of CA or MSP on organization level. Within each organization we can have multiple peers so we need certification for these peers too. Even peers from different organizations can join each other so signcerts(for authenticating) and TLScerts(for a secure handshake).
要查看它们是如何生成的,建议您手动生成工件
To have a look how these are generate i suggest you to Manually generate the artifacts
http://hyperledger-fabric.readthedocs.io/en/latest /build_network.html
,然后在创建它们时查看其中的文件夹中的不同证书.
and see the different certs in the folders inside as you created them.
这些是fabcar用于生成上述证书的密钥.
These are keys used by fabcar to generate the above mentioned certificates.
这篇关于Hyperledger织物加密材料的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
