Re: #hsm #fabric-sdk-node #fabric Admin user and HSM #hsm #fabric-sdk-node #fabric

Gari Singh <garis@...>

The peer CLI currently uses the same config as the peer.
If you point the peer CLI at a core.yaml file which uses PKCS11 for the BCCSP (same as you would do for the peer), then things should work.
If you want to enroll an ID using the fabric-ca-client, same basic concept ... in the fabric-ca-client config file you can set the BCCSP to use PKCS11 as well.

Gari Singh
Distinguished Engineer, CTO - IBM Blockchain
IBM Middleware
550 King St
Littleton, MA 01460
Cell: 978-846-7499

-----fabric@... wrote: -----
To: fabric@...
From: "Jean-Gaël Dominé"
Sent by: fabric@...
Date: 12/12/2019 07:32AM
Subject: [EXTERNAL] [Hyperledger Fabric] #hsm #fabric-sdk-node #fabric Admin user and HSM

Hi all,

I've been trying to plug fabric to an HSM to avoid having the private keys stored in the file system of the components (except the TLS ones since it is currently not possible to do the same for them).

My question is that in order to create the channel, join the peers, ... I need the admin user private key to sign the transaction but how am I suppose to provide to the peer CLI command or SDK (Node in my case)?
Is it possible to plug them on the HSM too so that they ask the HSM to sign the transaction? I saw it was possible to plug the SDK to the HSM because I tried it to enroll the components using the HSM but I'm not sure it could serve this purpose as well. I don't know at all for the CLI though

Thanks for your help

Join to automatically receive all group messages.