Re: Fabric Node SDK - Error when querying the ledger (HELP REQUESTED!!)


Mark Lewis
 

Hi Alejo,

I am really glad that you pinned down the problem. I think the reason is that the CLI (written on Go) is using the Go crypto support which allows it to generate a signature from a hash without any knowledge of the curve used for the key. The libraries used by the Node implementation require a specific curve to be specified by the code generating the signature, separately from the private key itself.

If you really must use a curve other than P-256 then you might be able to use one of the following approaches:

If it is an option for your, I think my choice would probably be to just stick with a key that uses the P-256 curve for now!

Regards,

    Mark.


From: Alejo Acosta <alejoacos@...>
Sent: 09 February 2021 17:53
To: Mark.S.Lewis@... <Mark.S.Lewis@...>
Subject: Re: [Hyperledger Fabric] Fabric Node SDK - Error when querying the ledger (HELP REQUESTED!!)
 
Hi Mark
Just following up on this issue.
I changed the private key to P-256 and the Node SDK query went through successfully.
Not sure why the P-384 key is working fine from the CLI and not from the NODE SDK though.

We need to run some more tests and I will confirm the final outcome.

Cheers

Alejo

On Wed, Feb 3, 2021 at 2:29 PM <Mark.S.Lewis@...> wrote:

Rather than trying to change the application code to use off-line signing, I think I would just try using that offline signing code to generate a signature for some arbitrary data and compare to the signatures produced by the same method using the private key that works. Just the signature generation might highlight some issue or difference between them. If not then writing a bit of signature verification code might help to identify why one signature is acceptable while the other is not.

Failing that then perhaps just comparing the two certificates and their private keys might highlight some difference. Be sure they are both ECDSA keys and using P-256 curve since Fabric will not accept other types. I'm not sure if any of the certificate attributes will cause issues. I guess the certificate is still signed/issued by Fabric's CA?

Somebody with more security / crypto expertise than my might be able to provide better help.

Join fabric@lists.hyperledger.org to automatically receive all group messages.