Re: CA keys and storing/sending them
Gari Singh <garis@...>
Private keys are never sent anywhere. Only public keys are included with transactions.toggle quoted message Show quoted text
If you are using the fabric-ca-client or any of the SDKs, by default privates keys are created on the local file system of the host in which enroll. You can also choose to use the PKCS11 provider to have the private generated and stored in an HSM.
If you do generate it on the local file system, then you should set the permissions to 0400 on *nix based OS’s. You should also encrypt the file system ( especially when running in a public cloud)
On Nov 7, 2019, at 11:32 AM, Trevor Lee Oakley <trevor@...> wrote: