Re: #hsm #fabric-sdk-node #fabric Admin user and HSM #hsm #fabric-sdk-node #fabric


Gari Singh <garis@...>
 

The Node, Java and Go SDKs all have the ability to use HSMs.

The Go SDK uses a similar config to the peer as it basically embeds the bccsp code.

The Node SDK allows you to pass in a PKCS11 crypto suite: https://fabric-sdk-node.github.io/release-1.4/CryptoSuite_PKCS11.html

The Java SDK definitely supports PKCS11 (I know people who use it with an HSM) but I don't really use Java so don't have the info handy.

Hope this helps

-----------------------------------------
Gari Singh
Distinguished Engineer, CTO - IBM Blockchain
IBM Middleware
550 King St
Littleton, MA 01460
Cell: 978-846-7499
garis@...
-----------------------------------------

-----fabric@... wrote: -----
To: fabric@...
From: "Jean-Gaël Dominé"
Sent by: fabric@...
Date: 12/12/2019 08:24AM
Subject: [EXTERNAL] Re: [Hyperledger Fabric] #hsm #fabric-sdk-node #fabric Admin user and HSM

Thank you Gari for your quick reply.

So from what I understand, since I created my admin user using the fabric-ca-client plugged to the HSM. If I configure the peer CLI command so that it uses the same PKCS11 configuration, it should be able to retrieve the private key in it in order to do the actions.
Argh that means I need a docker image of the CLI with the HSM libs...

Ok I'll test that

Do you know if a similar thing is possible with the SDK? Because as far as I know, the SDK needs the admin user private key on the file system?

Join fabric@lists.hyperledger.org to automatically receive all group messages.