|
Re: Peer failed getting private key from HSM
Carlos Eduardo Matos Ellery
Thank you Brett, Gari and Ashutosh for the support!
toggle quoted messageShow quoted text
We tried the AltID approach, but found that the key manually generated by the HSM team didn't have a CKA_ID too. We then modified this attribute of the key to match the hex of the AltID we defined. Indeed, Fabric found the private key, but turns out that it searched for the public key too (pkcs11.go:145)! As the HSM didn't have the public key (and we couldn't import it to the HSM), the peer still failed to start :( Finnaly, we had the idea to use the Fabric-CA server init process to create a whole new key pair on the HSM the way Fabric likes. Our external CA then issued a new certificate based on that new key pair. This is working fine on Fabric 1.4.4! But we are trying to use 1.4.7, because we had issues with invalid HSM sessions (bug solved on 1.4.7). So, the peer starts on 1.4.4 but don't on 1.4.7. The new problem that arises is the following (complete log available at https://pastebin.com/AfNGd2JW): panic: Failed putting our own identity into the identity mapper: failed classifying identity: Unable to extract msp.Identity from peer Identity: identity is not well formed: failed unmashalling signature [asn1: structure error: tags don't match (16 vs {class:1 tag:27 length:64 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} ECDSASignature @2] Any hints? Thanks in advance! Carlos Eduardo Matos Ellery Em 25/06/2020 07:22, Gari Singh escreveu:
The easiest thing to do is to find the CKA_ID attribute of the private key stored in the HSM and then set the AltID property for the PKCS11 BCCSP.
|
||||||||||
|
|
||||||||||
|
Re: etcdraft architecture question
Chris Davidson
Gari,
toggle quoted messageShow quoted text
Thanks a lot. I did have a look at the RFC - FAB-17712. This is exactly what was wanted. Will take this into consideration in the architecture. Regards, CD Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, June 29, 2020 6:36 PM, Gari Singh <garis@...> wrote:
Currently, you'd add Node D to the system channel. The system channel essentially tracks all potential cluster members for application channels.
|
||||||||||
|
|
||||||||||
|
Re: etcdraft architecture question
Gari Singh <garis@...>
Currently, you'd add Node D to the system channel. The system channel essentially tracks all potential cluster members for application channels.
We have an RFC approved and development underway to remove the need to use a system channel for Raft and still allow individual Raft nodes to join multiple channels. ----------------------------------------- Gari Singh Distinguished Engineer, CTO - IBM Blockchain IBM Middleware 550 King St Littleton, MA 01460 Cell: 978-846-7499 garis@... ----------------------------------------- -----fabric@... wrote: ----- To: "fabric@..." <fabric@...> From: "Chris Davidson via lists.hyperledger.org" Sent by: fabric@... Date: 06/29/2020 08:55AM Subject: [EXTERNAL] [Hyperledger Fabric] etcdraft architecture question Hi, We are currently evaluating multiple blockchain solutions for a large FSI customer. There is one open issue that I was unable to find an answer to. Let's say that there are 3 orgs participating in a channel. To setup a RAFT based ordering system, 1. I create a system channel and generate the genesis block using configtxgen. This is defined in configtx.yaml. I also add the addresses of all the orgs particpating in the channel as consenters. (All the orgs will also have an orderer). This is generated on one node say Node A. 2. This block is now manually copied to other nodes - Node B and Node C. 3. Orderer is started and things work fine. Now, if a second channel needs to be created with the following participants: Node A, Node C and Node D. I would prefer that there is only one orderer per Node. So a) Should the system channel be modified to include Node D also (or) should we create a different system channel? Architecturally what is the recommended approach when there are multiple channels and different participants for every channel? Thanks in advance CD Sent with ProtonMail Secure Email.
|
||||||||||
|
|
||||||||||
|
etcdraft architecture question
Chris Davidson
Hi, We are currently evaluating multiple blockchain solutions for a large FSI customer. There is one open issue that I was unable to find an answer to. Let's say that there are 3 orgs participating in a channel. To setup a RAFT based ordering system, 1. I create a system channel and generate the genesis block using configtxgen. This is defined in configtx.yaml. I also add the addresses of all the orgs particpating in the channel as consenters. (All the orgs will also have an orderer). This is generated on one node say Node A. 2. This block is now manually copied to other nodes - Node B and Node C. 3. Orderer is started and things work fine. Now, if a second channel needs to be created with the following participants: Node A, Node C and Node D. I would prefer that there is only one orderer per Node. So a) Should the system channel be modified to include Node D also (or) should we create a different system channel? Architecturally what is the recommended approach when there are multiple channels and different participants for every channel? Thanks in advance CD Sent with ProtonMail Secure Email.
|
||||||||||
|
|
||||||||||
|
Re: hyperledger composer installation on ubuntu 18.04
#blockchain-explorer
Rob Murgai <murgai@...>
Hi Priyanka,
Can you share what you were looking to do with composer?
Best,
----- Original message -----
|
||||||||||
|
|
||||||||||
|
dobroslaw.zybort@...
Hello,
I would like to know what is the fastest way of developing chaincode and fabric-node-sdk with fabric v2 at the same time? For now we are using `fabric-samples/test-network` but it's starting over 3 minutes (using CouchDB, with some sed-ing in `test-network/scripts/deployCC.sh` for pointing it to our folder with chaincode, and copying generated certificate files to our rest api folder). I would like to have really fast restart of our whole backend for development, we are using typescript for rest api to communicate between frontend and blockchain. Now we simply restart only rest api on its code change (with ts-node-dev) but I would like to restart everything every time (so also restart everything on chaincode change). So I'm looking for fast way of starting whole blockchain part (something that start in under 10 seconds). I see there is `fabric-samples/chaincode-docker-devmode` but as I can see it's only for developing chaincode part (so not good for my needs, but it's starting fast). There is also Network Launcher (https://github.com/hyperledger/fabric-test/tree/master/tools/NL) but it's only for Fabric v1 so also not useful for me. Is there any other way for developing everything and that is fast to restart? With best regards, Dobroslaw Zybort
|
||||||||||
|
|
||||||||||
|
Re: hyperledger composer installation on ubuntu 18.04
#blockchain-explorer
Hi Priyanka, Hyperledger fabric composer project is deprecated and no longer active for use. I would recommend to use native Hyperledger fabric.
-- Thanks & Regards, Kamlesh Nagware VP Blockchain Snapper Future Tech Mobile : +91 9511 2213 01
|
||||||||||
|
|
||||||||||
|
hyperledger composer installation on ubuntu 18.04
#blockchain-explorer
goyal.priyanka777@...
Hey, I am new in blockchain. I was searching for hyperledger fabric composer installation guide for ubuntu 18.04 but I am not able to find one which actually works. Can anyone help me out? I will be thankful to you.
|
||||||||||
|
|
||||||||||
|
Hyperledger Fabric Documentation Workgroup call - Western hemisphere - Fri, 06/26/2020
#cal-notice
fabric@lists.hyperledger.org Calendar <noreply@...>
Hyperledger Fabric Documentation Workgroup call - Western hemisphere When: Where: Organizer: Description:
|
||||||||||
|
|
||||||||||
|
Upcoming Event: Hyperledger Fabric Documentation Workgroup call - Western hemisphere - Fri, 06/26/2020 4:00pm-5:00pm
#cal-reminder
fabric@lists.hyperledger.org Calendar <fabric@...>
Reminder: Hyperledger Fabric Documentation Workgroup call - Western hemisphere When: Friday, 26 June 2020, 4:00pm to 5:00pm, (GMT+01:00) Europe/London Where:https://zoom.us/j/6223336701 Organizer: Anthony O'Dowd a_o-dowd@... +441962816761 Description: Documentation workgroup call.
|
||||||||||
|
|
||||||||||
|
Re: How to verify RAFT health in HLF version 1.4.4
#raft
Jason Yellick <jyellick@...>
Not in Fabric v1.4.x. There is a recently approved RFC for an Orderer Channel Participation API. https://github.com/hyperledger/fabric-rfcs/pull/24
This new API will enable easier and more direct management of channels and ordering, but this is still a work in progress. ~Jason
----- Original message -----
|
||||||||||
|
|
||||||||||
|
Removal of BYFN from Fabric 2.2 release
Pam Andrejko
As many of you know, BYFN has been **deprecated** since Fabric 2.0 and has been replaced with the very successful Test Network and the Production Network Deployment Guide. For the next Fabric 2.2 release, we plan to completely remove the instructions from the Fabric Documentation and Samples. If you've bookmarked a BYFN URL, in Fabric v2.2 you will see a message that the sample has been removed with links pointing you to the Getting Started with the Test Network and Deployment Guide. We've also updated all tutorials to use the Test Network instead of BYFN, removing all references to it from the Documentation. BYFN will still be available in the Fabric v1.2, 2.0, and 2.1 branches in case anyone still needs to access it.
|
||||||||||
|
|
||||||||||
|
Re: How to verify RAFT health in HLF version 1.4.4
#raft
shrugupt@...
On Fri, Jun 19, 2020 at 06:14 AM, Jason Yellick wrote:
OSNThanks Jason for the response. This information is useful. Is there any way to identify application channel(s) that OSN is part of? In Fabric NodeJsSDK, there is "queryChannels" API but it work only for peer nodes. I could not find any such API for orderer node.
|
||||||||||
|
|
||||||||||
|
Hyperledger Fabric Documentation Workgroup call - Eastern hemisphere - Fri, 06/26/2020
#cal-notice
fabric@lists.hyperledger.org Calendar <noreply@...>
Hyperledger Fabric Documentation Workgroup call - Eastern hemisphere When: Where: Organizer: Description:
|
||||||||||
|
|
||||||||||
|
Documentation Workgroup: Agenda for Friday, 26 June
Anthony O'Dowd <a_o-dowd@...>
Hi All,
We will hold the documentation workgroup calls this Friday -- with both an Eastern hemisphere and Western hemisphere call. Please feel free to come along, you're always very welcome. The whole workgroup would like to thank Nik Gupta for his amazing work over the recent years on Hyperledger Fabric documentation. Nik has taken a new role in IBM which means that unfortunately he'll no be able to contribute to the workgroup, both in terms of technical content and direction. We wish Nik the very best in his new role and thank him again for his outstanding contributions. Thank you Nik. You can read about last week's calls at https://wiki.hyperledger.org/display/fabric/2020+06+19+DWG+Agenda You'll see significant minutes for both the Eastern and Western hemisphere calls, and recordings for both sessions. Our Eastern and Western hemisphere calls are very well attended at the moment -- thanks to all for your contributions and collaboration. Our Eastern hemisphere had excellent contributions from the Japanese and Malayalam working group teams. We reviewed the new i18n repository structure and how to use it. Our Japanese, Brazilian, Malayalam and Chinese language teams are now populating this repository, which is great to see. You will see that the language workgroups are already starting to grow: https://wiki.hyperledger.org/display/fabric/International+groups Please feel free to connect with these teams if you're interested in language translations. Our Western hemisphere call kept us up to date with these as we approach 2.2! Pam and Joe always give us a great release summary, allow you to quickly get a perspective on the new release. The i18n language repository was discussed, and after the maintainers meeting this week, we'll be discussing translation processes in more detail tomorrow, both on the western and eastern hemisphere calls. Renato shared excellent progress on Brazilian Portuguese. David led a great discussion on when we can start a Contribution campaign to encourage more writers to start to contribute, which could include a contribute-a-thon, videos and more: https://wiki.hyperledger.org/display/events/Contribute-a-thon+Marketing+Campaign+Outline There was a lively discussion on deprecated content and how it might be best structured in the docs with great suggestions from Jim, Pam and Chris. You can catch up with the full recordings and other sessions: https://wiki.hyperledger.org/display/fabric/Recordings See https://wiki.hyperledger.org/display/fabric/2020+06+26+DWG+Agenda for this week's agenda for the eastern and western hemisphere calls. Please feel free to contribute using the wiki, including helping to build next week's agenda: https://wiki.hyperledger.org/display/fabric/2020+07+03+DWG+Agenda Thanks! Pam, Anthony, Joe Meeting Details ------------- Please use the following link to attend the meeting: https://zoom.us/j/6223336701 The meeting times are as follows: https://wiki.hyperledger.org/display/fabric/Documentation+Working+Group Meeting 134A: Friday 26 June 1130 India Standard Time 1400 China Standard Time 1500 Japan Standard Time 1700 Australia Eastern Time 1400 Singapore Time 1100 Gulf Standard Time 1000 Moscow Standard Time 0700 Greenwich Mean Time 0800 Central European Time Meeting 134B: Friday 26 June 1100 Central Daylight Time 1200 Eastern Daylight Time 0900 Pacific Daylight Time 1400 Brasil Time (BRT) 1600 Greenwich Mean Time 1700 Central European Time 1800 Moscow Standard Time Unless stated otherwise above: IBM United Kingdom Limited - Registered in England and Wales with number 741598. Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
|
||||||||||
|
|
||||||||||
|
Time based trigger in Chaincode
Hritik Gupta <hritikgupta9@...>
Hi all! This is an extension to one of the ideas discussed about a seller-bidder architecture in the following link: https://lists.hyperledger.org/g/fabric/message/7554. I have used a similar paradigm for bidding as suggested by David. Since, in this case, the seller has to invoke the chaincode to close the auction, I wonder if this closure can be automated/triggered by passing a end-time timestamp along with the other metadata while starting the auction. Or if there exists a better workaround to accomplish this ? (rather than having to constantly poll for the current-time and compare it with the end-time to decide on closure) Appreciate any help! Thanks and regards.
|
||||||||||
|
|
||||||||||
|
Homebrew Fabric Archival Proposal
Brett T Logan <brett.t.logan@...>
Hello Everyone,
As analytics tell us, most of you probably DON'T know, but Fabric has a repository github.com/hyperledger/homebrew-fabric which hosts a homebrew tap for installing the fabric-binaries. This has existed for years, though we haven't advertised it. We recently took a look at the homebrew analytics for it and discovered since its inception it has only been installed less than a dozen times.
We've are proposing to retire the repository due to its low traction. We are proposing a two-week grace-period that would see the repo archived on July 9th. If you want to voice opinions on this archival, please do so now so we can discuss compelling reasons why we might keep this around.
Thank you,
|
||||||||||
|
|
||||||||||
|
Hyperledger Fabric Application Developer Community call -- today's call (Thursday 25th June) has been CANCELLED please note
Paul O'Mahoney <mahoney@...>
please note that
today's call has been cancelled - the next call planned is on 9th July.
best regards Paul Paul O'Mahony Community Lead - Hyperledger Fabric Developer Community RocketChat: mahoney1 mahoney@... ----- Forwarded by Paul O'Mahoney/UK/IBM on 25/06/2020 14:37 ----- From: Paul O'Mahoney/UK/IBM To: fabric@... Date: 22/06/2020 09:49 Subject: Next Hyperledger Fabric Application Developer Community call -- this Thursday 25th June @ 3pm UTC time: 4pm UK, 11am ET, 8am PT dear Fabric Application Developer, the next Fabric Application Developer community call is: Thursday 25th June - 3pm UTC, 4pm UK time (+1), 11am ET (-5 hrs), 8am PT (-8 hrs) - other time zones here. It lasts approx 30-60 mins FYI. The agenda will be posted here -> https://wiki.hyperledger.org/display/fabric/Agendas%3A+Fabric+Application+Developer+Community+Call+Meetings This community call is held bi-weekly via Zoom webconference and is aimed at : -
helping the worldwide Hyperledger Fabric Application Developer community
grow (eg. developing applications, smart contracts, client apps using the
SDKs, tutorials/demos etc - eg using NodeJS/TypeScript, Java, Go
etc etc) If
you wish to share content on a call, just let me know via email direct
or DM me on Rocketchat (ID: mahoney1) and I'll put an item on the agenda.
Provide the following: The Zoom webconference ID is https://zoom.us/my/hyperledger.community More information can be found on the community page -> https://wiki.hyperledger.org/display/fabric/Fabric+Application+Developer+Community+Calls You can get calendar invites (eg iCal) here many thanks for your time - feel free to forward this email if you think it is of interest to a colleague. Paul O'Mahony Community Lead - Hyperledger Fabric Developer Community RocketChat: mahoney1 mahoney@... Unless stated otherwise above: IBM United Kingdom Limited - Registered in England and Wales with number 741598. Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU Unless stated otherwise above: IBM United Kingdom Limited - Registered in England and Wales with number 741598. Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
|
||||||||||
|
|
||||||||||
|
Re: Peer failed getting private key from HSM
Gari Singh <garis@...>
The easiest thing to do is to find the CKA_ID attribute of the private key stored in the HSM and then set the AltID property for the PKCS11 BCCSP.
toggle quoted messageShow quoted text
AltID was added in 1.4.6 as I recall to help facilitate this type of config. ----------------------------------------- Gari Singh Distinguished Engineer, CTO - IBM Blockchain IBM Middleware 550 King St Littleton, MA 01460 Cell: 978-846-7499 garis@... ----------------------------------------- -----fabric@... wrote: ----- To: carlos.ellery@... From: "Brett T Logan" Sent by: fabric@... Date: 06/24/2020 07:57PM Cc: fabric@... Subject: [EXTERNAL] Re: [Hyperledger Fabric] Peer failed getting private key from HSM Are you setting up the peer and orderer to communicate with the external CA's HSM? Did you generate the CSR yourself, and thus you have the private key and you provided it to them for import, or did the external CA provider generate everything and they fully own the private key? BCCSP doesn't use the SKI extension of the cert, it computes its own SKI by doing a SHA256 over the private key, the corresponding public signing cert is named with this SKI (SHA256) of the private key. If you had the private key (or access to it via PKCS11) you could perform the same operation BCCSP does to compute the SHA256 SKI. Brett Logan Software Engineer, IBM Blockchain Phone: 1-984-242-6890 E-mail: brett.t.logan@...
----- Original message -----
From: "Carlos Eduardo Matos Ellery" <carlos.ellery@...> Sent by: fabric@... To: fabric@... Cc: Subject: [EXTERNAL] [Hyperledger Fabric] Peer failed getting private key from HSM Date: Wed, Jun 24, 2020 7:11 PM Hi everyone, I'm trying to use a certificate issued by an external CA trough an HSM integration but it's not working. The peer node (v1.4.7) doesn't start and gives the following output (complete log available at https://pastebin.com/J6npgd6G): ... 2020-06-24 22:32:42.176 UTC [bccsp_p11] getSession -> DEBU 038 Reusing existing pkcs11 session 1 on slot 1 2020-06-24 22:32:42.231 UTC [msp] getSigningIdentityFromConf -> DEBU 039 Could not find SKI [d69fe5487378e0914e8d65870128a8d4b55d05a502c45daddea30c7452a1fe2c], trying KeyMaterial field: Key with SKI d69fe5487378e0914e8d65870128a8d4b55d05a502c45daddea30c7452a1fe2c not found in msp/keystoreFailed getting key for SKI [[214 159 229 72 115 120 224 145 78 141 101 135 1 40 168 212 181 93 5 165 2 196 93 173 222 163 12 116 82 161 254 44]] ... 2020-06-24 22:32:42.231 UTC [main] InitCmd -> ERRO 03a Cannot run peer because error when setting up MSP of type bccsp from directory /etc/hyperledger/fabric/msp: KeyMaterial not found in SigningIdentityInfo I've found that my certificate (located at msp/signcerts) doesn't have the SKID extension (https://tools.ietf.org/html/rfc3280#section-4.2.1.2) and the CA tech support have the excuse that this is a non-critical extension for end certificates. Now, is there a way BCCSP can find the corresponding private key of my certificate on the HSM? Thanks for the help, -- Carlos Eduardo Matos Ellery
|
||||||||||
|
|
||||||||||
|
Upcoming Event: Hyperledger Fabric Documentation Workgroup call - Eastern hemisphere - Fri, 06/26/2020 6:00am-7:00am
#cal-reminder
fabric@lists.hyperledger.org Calendar <fabric@...>
Reminder: Hyperledger Fabric Documentation Workgroup call - Eastern hemisphere When: Friday, 26 June 2020, 6:00am to 7:00am, (GMT+01:00) Europe/London Where:https://zoom.us/j/6223336701 Organizer: Anthony O'Dowd a_o-dowd@... +441962816761 Description: Documentation workgroup call.
|
||||||||||
|
|
||||||||||
