Re: Hyperledger fabric orderer with AWS cloud HSM #orderer #hsm


Kumar Shantanu
 

Hi Dave,

Thanks for your reply. I am currently using version 

Version: 2.2.1

 Commit SHA: 344fda6


And I tried changing the case of AltID but it's still not working. Complete logs are attached for your reference.


Thanks

Shantanu



On Mon, Sep 27, 2021 at 5:01 PM Dave <d_kelsey@...> wrote:
You don't say which version of fabric you are using (would be good to know), but try using `AltID` instead of `AltId` (ie capital D)


- Dave
 
 
 
----- Original message -----
From: "Kumar Shantanu" <km.shantanu@...>
Sent by: fabric@...
To: fabric@...
Cc:
Subject: [EXTERNAL] [Hyperledger Fabric] Hyperledger fabric orderer with AWS cloud HSM #orderer #hsm
Date: Mon, Sep 27, 2021 3:58 PM
 
Hello Team, I am trying to configure ordered to use AWS cloud HSM. I have my fabric CA running with AWS cloud HSM with the same PKCS11 block and it seems to be okay. However, I am not able to run my orderer. This is what I am doing 1.) configure ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside your organization.
ZjQcmQRYFpfptBannerEnd
Hello Team,

I am trying to configure ordered to use AWS cloud HSM. I have my fabric CA running with AWS cloud HSM with the same PKCS11 block and it seems to be okay. However, I am not able to run my orderer. This is what I am doing

1.) configure CA server to use AWS clouds HSM - Working
2.) Use fabric ca client to generate cert fir ordered and store the private key in AWS clouds HSM - Working
The fabric ca client pkcs11 block looks like this,
#######
pkcs11:
        Library: /opt/cloudhsm/lib/libcloudhsm_pkcs11.so
        Label: cavium
        Pin: "fabricorderer:xxxxxx
        AltId: orderer1
        hash: SHA2
        security: 256
        filekeystore:
           keystore: msp/keystore

3.) Start ordered with same pkcs11 block as fabric-ca-client- Not Working
This is the error I am getting, 
 

2021-09-27 14:57:03.281 UTC [bccsp_p11] getECKey -> DEBU 0f6 Private key not found [Key not found [00000000  0b f6 4a c2 d0 fe 43 10  8b e6 c8 c8 89 49 3d d8  |..J...C......I=.|

00000010  e8 92 6f 8d 56 8a 49 74  41 e3 27 eb ae 39 b0 2a  |..o.V.ItA.'..9.*|

]] for SKI [0bf64ac2d0fe43108be6c8c889493dd8e8926f8d568a497441e327ebae39b02a], looking for Public key

2021-09-27 14:57:03.290 UTC [bccsp_p11] GetKey -> DEBU 0f7 Key not found using PKCS11: Public key not found [Key not found [00000000  0b f6 4a c2 d0 fe 43 10  8b e6 c8 c8 89 49 3d d8  |..J...C......I=.|

00000010  e8 92 6f 8d 56 8a 49 74  41 e3 27 eb ae 39 b0 2a  |..o.V.ItA.'..9.*|

]] for SKI [0bf64ac2d0fe43108be6c8c889493dd8e8926f8d568a497441e327ebae39b02a]

2021-09-27 14:57:03.290 UTC [msp] getSigningIdentityFromConf -> DEBU 0f8 Could not find SKI [0bf64ac2d0fe43108be6c8c889493dd8e8926f8d568a497441e327ebae39b02a], trying KeyMaterial field: Key not found. This is a dummy KeyStore

Failed getting key for SKI [[11 246 74 194 208 254 67 16 139 230 200 200 137 73 61 216 232 146 111 141 86 138 73 116 65 227 39 235 174 57 176 42]]

github.com/hyperledger/fabric/bccsp/sw.(*CSP).GetKey

/fabric/bccsp/sw/impl.go:170

github.com/hyperledger/fabric/bccsp/pkcs11.(*impl).GetKey

/fabric/bccsp/pkcs11/pkcs11.go:230

github.com/hyperledger/fabric/msp.(*bccspmsp).getSigningIdentityFromConf

/fabric/msp/mspimpl.go:218

github.com/hyperledger/fabric/msp.(*bccspmsp).setupSigningIdentity

/fabric/msp/mspimplsetup.go:369

github.com/hyperledger/fabric/msp.(*bccspmsp).preSetupV142

/fabric/msp/mspimplsetup.go:554

github.com/hyperledger/fabric/msp.(*bccspmsp).setupV142

/fabric/msp/mspimplsetup.go:615

github.com/hyperledger/fabric/msp.(*bccspmsp).Setup

/fabric/msp/mspimpl.go:265

github.com/hyperledger/fabric/orderer/common/server.loadLocalMSP

/fabric/orderer/common/server/main.go:689

github.com/hyperledger/fabric/orderer/common/server.Main

/fabric/orderer/common/server/main.go:91

main.main

/fabric/cmd/orderer/main.go:15

runtime.main

/usr/lib/golang/src/runtime/proc.go:204

runtime.goexit

/usr/lib/golang/src/runtime/asm_amd64.s:1374

2021-09-27 14:57:03.291 UTC [orderer.common.server] loadLocalMSP -> PANI 0f9 Failed to setup local msp with config: KeyMaterial not found in SigningIdentityInfo

panic: Failed to setup local msp with config: KeyMaterial not found in SigningIdentityInfo



Can someone please help here? 

Thanks
Shantanu
 

Unless stated otherwise above:

IBM United Kingdom Limited - Registered in England and Wales with number 741598.

Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU


Join fabric@lists.hyperledger.org to automatically receive all group messages.