1. Messages
  2. Error using HSM in Fabric 2.2.1. Works fine in 1.4.9.

Re: Error using HSM in Fabric 2.2.1. Works fine in 1.4.9.

Joaquim Pedro Carvalho de Oliveira
 

Hi, Brett.

Thank you very much for your reply! Adding the PKCS11 config directly to `core.yaml` fixed the issue and the peers started correctly. Now we're facing the same problem in the `cli` container (fabric-tools), even though the config was also added directly to `core.yaml`. The error after `peer channel create` is:

2020-11-17 17:50:07.874 UTC [bccsp] GetDefault -> DEBU 001 Before using BCCSP, please call InitFactories(). Falling back to bootBCCSP.
2020-11-17 17:50:07.883 UTC [bccsp] GetDefault -> DEBU 002 Before using BCCSP, please call InitFactories(). Falling back to bootBCCSP.
2020-11-17 17:50:07.885 UTC [main] InitCmd -> ERRO 003 Cannot run peer because error when setting up MSP of type bccsp from directory /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/users/admin/msp: could not initialize BCCSP Factories: Could not find default `PKCS11` BCCSP

Do you have any other ideas about what can be done?

Thanks for your help,

Serpro
Joaquim Pedro Carvalho de Oliveira
Gerente de Divisão
Analista
Superintendência de Produtos e Serviços-Centro de Dados
Diretoria de Operações
+55 (85)4008-4630
+55 (85) 98806-1085


De: "Brett T Logan" <brett.t.logan@...>
Para: "joaquim-pedro.oliveira serpro" <joaquim-pedro.oliveira@...>
Cc: "fabric" <fabric@...>
Enviadas: Segunda-feira, 16 de novembro de 2020 19:30:25
Assunto: Re: [Hyperledger Fabric] Error using HSM in Fabric 2.2.1. Works fine in 1.4.9.

There are some issues in the 2.x parsing of the BCCSP config, though I don't remember this being one of them. BCCSP has always been something we've been on the fence about letting people configure by way of environment variables (along with many other settings). Fixing the BCCSP config is something I intend to revisit after we close up our 2.3.0 release in the next few days. In the meantime you should try to add the config directly to your `core.yaml` and see if that fixes it.
 
Brett Logan
Software Engineer, IBM Blockchain
Phone: 1-984-242-6890
 
 
 

----- Original message -----
From: "Joaquim Pedro Carvalho de Oliveira" <joaquim-pedro.oliveira@...>
Sent by: fabric@...
To: fabric <fabric@...>
Cc:
Subject: [EXTERNAL] [Hyperledger Fabric] Error using HSM in Fabric 2.2.1. Works fine in 1.4.9.
Date: Mon, Nov 16, 2020 4:03 PM
 
Hello, all!
 
We have a test network in docker-compose using HSM with Fabric 1.4.9 and everything runs fine. After upgrading to Fabric 2.2.1, although orderers started fine, peers show an error saying that "KeyMaterial not found in SigningIdentityInfo". Additional information:
- Images for 1.4.9 and 2.2.1 where recompiled with the appropriate pkcs11 support
- When using Fabric 2.2.1, CouchDB images where upgraded to the recommended version (couchdb:3.1.0)
- The SKI in question exists in HSM;
- Stacktrace apparently shows that SW BCCSP is being used instead of PKCS11 BCCSP, even with CORE_PEER_BCCSP_DEFAULT=PKCS11 set
- Just reverting the images to Fabric 1.4.9 and the corresponding couchdb makes everything work
 
Any tips about what could be the problem?
 
Below is the stack trace from peers:
 
2020-11-16 20:44:57.360 UTC [msp] getSigningIdentityFromConf -> DEBU 01e Could not find SKI [8be4af4a2c4d102e3da0928968d39c69a3d1b98736948509edee8c834626a5f7], trying KeyMaterial field: key with SKI 8be4af4a2c4d102e3da0928968d39c69a3d1b98736948509edee8c834626a5f7 not found in /etc/hyperledger/peer/msp/keystore
Failed getting key for SKI [[139 228 175 74 44 77 16 46 61 160 146 137 104 211 156 105 163 209 185 135 54 148 133 9 237 238 140 131 70 38 165 247]]
github.com/hyperledger/fabric/bccsp/sw.(*CSP).GetKey
    /go/src/github.com/hyperledger/fabric/bccsp/sw/impl.go:170
github.com/hyperledger/fabric/msp.(*bccspmsp).getSigningIdentityFromConf
    /go/src/github.com/hyperledger/fabric/msp/mspimpl.go:218
github.com/hyperledger/fabric/msp.(*bccspmsp).setupSigningIdentity
    /go/src/github.com/hyperledger/fabric/msp/mspimplsetup.go:369
github.com/hyperledger/fabric/msp.(*bccspmsp).preSetupV142
    /go/src/github.com/hyperledger/fabric/msp/mspimplsetup.go:554
github.com/hyperledger/fabric/msp.(*bccspmsp).setupV142
    /go/src/github.com/hyperledger/fabric/msp/mspimplsetup.go:615
github.com/hyperledger/fabric/msp.(*bccspmsp).Setup
    /go/src/github.com/hyperledger/fabric/msp/mspimpl.go:265
github.com/hyperledger/fabric/msp/cache.(*cachedMSP).Setup
    /go/src/github.com/hyperledger/fabric/msp/cache/cache.go:88
github.com/hyperledger/fabric/msp/mgmt.LoadLocalMspWithType
    /go/src/github.com/hyperledger/fabric/msp/mgmt/mgmt.go:33
github.com/hyperledger/fabric/internal/peer/common.InitCrypto
    /go/src/github.com/hyperledger/fabric/internal/peer/common/common.go:144
github.com/hyperledger/fabric/internal/peer/common.InitCmd
    /go/src/github.com/hyperledger/fabric/internal/peer/common/common.go:324
github.com/spf13/cobra.(*Command).execute
    /go/src/github.com/hyperledger/fabric/vendor/github.com/spf13/cobra/command.go:746
github.com/spf13/cobra.(*Command).ExecuteC
    /go/src/github.com/hyperledger/fabric/vendor/github.com/spf13/cobra/command.go:852
github.com/spf13/cobra.(*Command).Execute
    /go/src/github.com/hyperledger/fabric/vendor/github.com/spf13/cobra/command.go:800
main.main
    /go/src/github.com/hyperledger/fabric/cmd/peer/main.go:54
runtime.main
    /usr/local/go/src/runtime/proc.go:203
runtime.goexit
    /usr/local/go/src/runtime/asm_amd64.s:1373
2020-11-16 20:44:57.360 UTC [main] InitCmd -> ERRO 01f Cannot run peer because error when setting up MSP of type bccsp from directory /etc/hyperledger/peer/msp: KeyMaterial not found in SigningIdentityInfo
 
 
Serpro
Joaquim Pedro Carvalho de Oliveira
Gerente de Divisão
Analista
Superintendência de Produtos e Serviços-Centro de Dados
Diretoria de Operações
+55 (85)4008-4630
+55 (85) 98806-1085
 
 
Join {fabric@lists.hyperledger.org to automatically receive all group messages.