Re: CA keys and storing/sending them

Home Messages Hashtags Subgroups

Gari Singh <garis@...> #7153 Private keys are never sent anywhere. Only public keys are included with transactions. If you are using the fabric-ca-client or any of the SDKs, by default privates keys are created on the local file system of the host in which enroll. You can also choose to use the PKCS11 provider to have the private generated and stored in an HSM. If you do generate it on the local file system, then you should set the permissions to 0400 on *nix based OS’s. You should also encrypt the file system ( especially when running in a public cloud) Gari Singh garis@... 978-846-7499 toggle quoted message Show quoted text On Nov 7, 2019, at 11:32 AM, Trevor Lee Oakley <trevor@...> wrote: Hi I understand that HLF uses a client server CA and each member has its own CA. But txn approvals I have a question about securely storing and sending keys. Are there any guidelines for this? Trevor
More All Messages By This Member

Join fabric@lists.hyperledger.org to automatically receive all group messages.