crypto-config文件夹中的加密材料 [英] Cryptographic material inside crypto-config folder

问题描述

我在这里发现了类似的问题: 超级账本加密货币材料 Hyperledger Fabric加密材料的混淆

I found similar questions here : Hyperledger fabric Crypto materials Hyperledger Fabric cryptographic material confusion

我找不到所有材料的清晰定义吗? 以及什么时候使用材料-如在什么操作中使用了特定的材料? 如果有人可以解释整个文件夹树，那就太好了

I was not able to find a clear defination for all the material? and when is the material used - as in for what operations are a particular material used ? It would be great if someone could explain the entire folder tree

推荐答案

这里是我天真的为解释MSP结构而建立树的方法的链接.具有相同颜色的证书相同，但名称不同.您可以使用openssl命令openssl x509 -in certificate.crt -text -noout打开每个证书.

Here is the link to my naive approach of building a tree for the sole purpose of an explanation of the MSP structure. Certificates with the same colors are the same but with different names. You can open each certificate using openssl command openssl x509 -in certificate.crt -text -noout.

Google Exel工作表

因此，让我们从一个组织开始(组织和订购者的结构相同)

So let's start with one organization(Organization and orderer have same structure)

我们可以有多个同级，并且将具有遵循相同格式的文件夹.

We have can have multiple peers and will have folders that will follow same format.

在每个组织中，我们都有5个文件夹，

In Every organization we have 5 folders,

1. ca
2. msp
3. 对等
4. tlsca
5. 用户

---

1. CA文件夹有两个文件，一个是用于签署对等方和用户证书的根ca，另一个文件是其密钥.

1. CA Folder has two files, one is the root ca which signs peers and user certificates and other file is its key.

MSP文件夹是组织的msp文件夹，具有3个文件夹和一个config.yaml文件. admincerts文件夹将具有一个用户证书，该用户证书将是组织的管理员. cacerts将具有与我们在点1中看到的CA文件夹中的证书相同的证书.tlscacert将具有TLS根证书，该证书将在docker文件中启用tls时使用(说明点4). Config.yaml用于启用和禁用NodeOU.

MSP folder is the msp folder for the organization which has 3 folders and one config.yaml file. admincerts folder will have a user certificate which will be admin of the organization. cacerts will have the same certificate from the CA folder we just saw in point 1. tlscacert will have TLS root certificate which will be used when tls will be enabled in the docker file.(Explained point 4). Config.yaml is used to enable and disable NodeOUs.

Peer文件夹将具有该组织的每个对等方的文件夹.每个对等文件夹将有2个文件夹msp和tls. msp文件夹将包含5个文件夹和一个config.yaml文件. admincerts将拥有一个用户证书，该证书将是该 user 的管理员. cacerts从点1开始将具有相同的根证书.signcerts将具有从点1开始将由 ca ca根证书签名的对等证书.keystore文件夹将在signcert文件夹中显示证书的密钥. tlscacerts将具有根tls ca cert. Peer中的tls文件夹将具有2个证书和1个密钥. ca.crt是tlscacerts文件夹中随处可见的同一TLS根ca证书，将在第4点中出现.server.crt将是 peer证书，但由 tls根ca 证书，该证书在这里命名为ca.crt，在任何地方都命名为tlsca.org1.example.com-cert.pem.启用tls时使用. .

Peer folder will have folders for each peer of that organization. Every peer folder will have 2 folders msp and tls. msp folder will have 5 folders and one config.yaml file. admincerts will have a user certificate which will be the admin of this user. cacerts will have the same root certificate from point 1. signcerts will have the peer certificate which will be signed by ca root certificate from point 1. keystore folder will have the key of the certificate present in the signcert folder. tlscacerts will have the root tls ca cert. tls folder inside Peer will have 2 certificates and one key. The ca.crt is the same TLS root ca cert which was present everywhere in tlscacerts folder and will be present in point 4. server.crt will the peer certificate but signed by tls root ca certificate which was named as ca.crt here and tlsca.org1.example.com-cert.pem everywhere. This is used when tls is enabled. .

此文件夹与第1点的CA文件夹相似，但包含根证书及其密钥，将在启用tls时使用.

This folder is similar as CA folder from point 1, but it contains the root certificate and its key which will be used when tls will be enabled.

它包含与对等用户一样的所有用户.您将要创建admin的用户证书放入admincerts的唯一区别.您将在User1@org1.example.com/msp的admincerts文件夹中看到相同的用户证书，因为他是其自己用户的管理员.

It contains all the users like peers. The only difference you put the user certificate you want to create admin into admincerts. You will see the same user certificate in the admincerts folder of the User1@org1.example.com/msp because he is the admin of its own user.

这篇关于crypto-config文件夹中的加密材料的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！