Re: Error using HSM in Fabric 2.2.1. Works fine in 1.4.9.

Brett T Logan <brett.t.logan@...>

There are some issues in the 2.x parsing of the BCCSP config, though I don't remember this being one of them. BCCSP has always been something we've been on the fence about letting people configure by way of environment variables (along with many other settings). Fixing the BCCSP config is something I intend to revisit after we close up our 2.3.0 release in the next few days. In the meantime you should try to add the config directly to your `core.yaml` and see if that fixes it.
Brett Logan
Software Engineer, IBM Blockchain
Phone: 1-984-242-6890

----- Original message -----
From: "Joaquim Pedro Carvalho de Oliveira" <joaquim-pedro.oliveira@...>
Sent by: fabric@...
To: fabric <fabric@...>
Subject: [EXTERNAL] [Hyperledger Fabric] Error using HSM in Fabric 2.2.1. Works fine in 1.4.9.
Date: Mon, Nov 16, 2020 4:03 PM
Hello, all!
We have a test network in docker-compose using HSM with Fabric 1.4.9 and everything runs fine. After upgrading to Fabric 2.2.1, although orderers started fine, peers show an error saying that "KeyMaterial not found in SigningIdentityInfo". Additional information:
- Images for 1.4.9 and 2.2.1 where recompiled with the appropriate pkcs11 support
- When using Fabric 2.2.1, CouchDB images where upgraded to the recommended version (couchdb:3.1.0)
- The SKI in question exists in HSM;
- Stacktrace apparently shows that SW BCCSP is being used instead of PKCS11 BCCSP, even with CORE_PEER_BCCSP_DEFAULT=PKCS11 set
- Just reverting the images to Fabric 1.4.9 and the corresponding couchdb makes everything work
Any tips about what could be the problem?
Below is the stack trace from peers:
2020-11-16 20:44:57.360 UTC [msp] getSigningIdentityFromConf -> DEBU 01e Could not find SKI [8be4af4a2c4d102e3da0928968d39c69a3d1b98736948509edee8c834626a5f7], trying KeyMaterial field: key with SKI 8be4af4a2c4d102e3da0928968d39c69a3d1b98736948509edee8c834626a5f7 not found in /etc/hyperledger/peer/msp/keystore
Failed getting key for SKI [[139 228 175 74 44 77 16 46 61 160 146 137 104 211 156 105 163 209 185 135 54 148 133 9 237 238 140 131 70 38 165 247]]*CSP).GetKey
2020-11-16 20:44:57.360 UTC [main] InitCmd -> ERRO 01f Cannot run peer because error when setting up MSP of type bccsp from directory /etc/hyperledger/peer/msp: KeyMaterial not found in SigningIdentityInfo
Joaquim Pedro Carvalho de Oliveira
Gerente de Divisão
Superintendência de Produtos e Serviços-Centro de Dados
Diretoria de Operações
+55 (85)4008-4630
+55 (85) 98806-1085

Join { to automatically receive all group messages.