|
Chris Gabriel <alaskadd@...>
Sorry, not yet. Will keep you posted.
toggle quoted message
Show quoted text
On Jul 16, 2021, at 3:49 AM, Nikos Karamolegkos < nkaram@...> wrote:
Did you write the blog? If not can you give us some hints (or links) the steps you followed?
|
|
|
Did you write the blog? If not can you give us some hints (or links) the steps you followed?
|
|
|
Thanks Gary,
This seems to be working now :) I will probably write a blog around how to integrate AWS Cloudhsm with hyperledger components.
toggle quoted message
Show quoted text
Make sure you are using the latest version of Fabric CA. With the AWS HSM, you need to add "AltId" to your bccsp configuration:
bccsp:
default: PKCS11
pkcs11:
Library: /opt/cloudhsm/lib/libcloudhsm_pkcs11.so
Pin: 'user:password' AltId: $STRING
Label: cavium
hash: SHA2
security: 256
AltId can be any string label you want to use. If the label does not exist on the HSM, a new key will be generated.
Thank again, guys. When I configure fabric CA to use AWS HSM it crashes with the below error,
sh-4.2# ./fabric-ca-server start -b admin:adminpw
2021/04/19 20:57:18 [INFO] Configuration file location: /root/go/bin/fabric-ca-server-config.yaml
2021/04/19 20:57:18 [INFO] Starting server in home directory: /root/go/bin
2021/04/19 20:57:18 [INFO] Server Version: 1.5.0-snapshot-70634d4d
2021/04/19 20:57:18 [INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
2021/04/19 20:57:19 [WARNING] &{69 The specified CA certificate file /root/go/bin/ca-cert.pem does not exist}
2021/04/19 20:57:19 [INFO] generating key: &{A:ecdsa S:256}
C_GenerateKeyPair failed with error CKR_ATTRIBUTE_VALUE_INVALID : 0x00000013
C_GenerateKeyPair failed with error CKR_ATTRIBUTE_VALUE_INVALID : 0x00000013
Error: Failed generating ECDSA P256 key: P11: keypair generate failed [pkcs11: 0x13: CKR_ATTRIBUTE_VALUE_INVALID]
My BCCSP configuration looks like this,
bccsp:
default: PKCS11
pkcs11:
Library: /opt/cloudhsm/lib/libcloudhsm_pkcs11.so
Pin: 'user:password'
Label: cavium
hash: SHA2
security: 256
Any pointer would be really helpful.
Thanks Shantanu
You can follow the configuration instructions in the fabric docs here: https://hyperledger-fabric.readthedocs.io/en/release-2.2/hsm.htmlJust make sure you match the docs version to the Fabric version you are using. Best, Chris I didn't find any blog around fabric using AWS cloudshm, however, I understand that I need to run aws hsm client on the same machine fabric component would run. Can someone suggest what the PKCS11 section would look like? This is how it currently looks if I use softhsm.
bccsp:
default: PKCS11
pkcs11:
Library: /usr/lib/softhsm/libsofthsm2.so
Pin: XX
Label: fabric
hash: SHA2
security: 256
filekeystore:
keystore: msp/keystore Thanks Shantanu
BTW, I see nothing wrong with the
official docs containing these kinds of links. Being helpful to
new users should take precedence over concerns about the
appearance of favoring one vendor over another, and the latter can
be mitigated by providing multiple such links and adding to them
when asked.
Brian
On 4/12/21 6:49 AM, Kumar Shantanu
wrote:
Thanks, Chris,
I will try and google :)
Would you be able to share some of those links if you have
them handy, it might be beneficial for others as well
searching through this mailing list.
Thanks
Shantanu
On Mon, Apr 12, 2021 at 2:18
PM Chris G < alaskadd@...> wrote:
Hello Shantanu,
The documentation purposefully leaves out any mention
of vendor-specific platforms or technologies and leaves
that part to the user. There are some who have posted
articles on Medium and YouTube for the type of material
you are looking for. Hope this helps.
Chris
Hello Team,
Do we have any documentation around how to use
AWS cloud HSM with hyperledger fabric.
Thanks
Shantanu
--
Brian Behlendorf
General Manager for Blockchain, Healthcare and Identity
bbehlendorf@...
Twitter: @brianbehlendorf
|
|
|
Make sure you are using the latest version of Fabric CA. With the AWS HSM, you need to add "AltId" to your bccsp configuration:
bccsp:
default: PKCS11
pkcs11:
Library: /opt/cloudhsm/lib/libcloudhsm_pkcs11.so
Pin: 'user:password' AltId: $STRING
Label: cavium
hash: SHA2
security: 256
AltId can be any string label you want to use. If the label does not exist on the HSM, a new key will be generated.
toggle quoted message
Show quoted text
Thank again, guys. When I configure fabric CA to use AWS HSM it crashes with the below error,
sh-4.2# ./fabric-ca-server start -b admin:adminpw
2021/04/19 20:57:18 [INFO] Configuration file location: /root/go/bin/fabric-ca-server-config.yaml
2021/04/19 20:57:18 [INFO] Starting server in home directory: /root/go/bin
2021/04/19 20:57:18 [INFO] Server Version: 1.5.0-snapshot-70634d4d
2021/04/19 20:57:18 [INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
2021/04/19 20:57:19 [WARNING] &{69 The specified CA certificate file /root/go/bin/ca-cert.pem does not exist}
2021/04/19 20:57:19 [INFO] generating key: &{A:ecdsa S:256}
C_GenerateKeyPair failed with error CKR_ATTRIBUTE_VALUE_INVALID : 0x00000013
C_GenerateKeyPair failed with error CKR_ATTRIBUTE_VALUE_INVALID : 0x00000013
Error: Failed generating ECDSA P256 key: P11: keypair generate failed [pkcs11: 0x13: CKR_ATTRIBUTE_VALUE_INVALID]
My BCCSP configuration looks like this,
bccsp:
default: PKCS11
pkcs11:
Library: /opt/cloudhsm/lib/libcloudhsm_pkcs11.so
Pin: 'user:password'
Label: cavium
hash: SHA2
security: 256
Any pointer would be really helpful.
Thanks Shantanu
You can follow the configuration instructions in the fabric docs here: https://hyperledger-fabric.readthedocs.io/en/release-2.2/hsm.htmlJust make sure you match the docs version to the Fabric version you are using. Best, Chris I didn't find any blog around fabric using AWS cloudshm, however, I understand that I need to run aws hsm client on the same machine fabric component would run. Can someone suggest what the PKCS11 section would look like? This is how it currently looks if I use softhsm.
bccsp:
default: PKCS11
pkcs11:
Library: /usr/lib/softhsm/libsofthsm2.so
Pin: XX
Label: fabric
hash: SHA2
security: 256
filekeystore:
keystore: msp/keystore Thanks Shantanu
BTW, I see nothing wrong with the
official docs containing these kinds of links. Being helpful to
new users should take precedence over concerns about the
appearance of favoring one vendor over another, and the latter can
be mitigated by providing multiple such links and adding to them
when asked.
Brian
On 4/12/21 6:49 AM, Kumar Shantanu
wrote:
Thanks, Chris,
I will try and google :)
Would you be able to share some of those links if you have
them handy, it might be beneficial for others as well
searching through this mailing list.
Thanks
Shantanu
On Mon, Apr 12, 2021 at 2:18
PM Chris G < alaskadd@...> wrote:
Hello Shantanu,
The documentation purposefully leaves out any mention
of vendor-specific platforms or technologies and leaves
that part to the user. There are some who have posted
articles on Medium and YouTube for the type of material
you are looking for. Hope this helps.
Chris
Hello Team,
Do we have any documentation around how to use
AWS cloud HSM with hyperledger fabric.
Thanks
Shantanu
--
Brian Behlendorf
General Manager for Blockchain, Healthcare and Identity
bbehlendorf@...
Twitter: @brianbehlendorf
|
|
|
Thank again, guys. When I configure fabric CA to use AWS HSM it crashes with the below error,
sh-4.2# ./fabric-ca-server start -b admin:adminpw
2021/04/19 20:57:18 [INFO] Configuration file location: /root/go/bin/fabric-ca-server-config.yaml
2021/04/19 20:57:18 [INFO] Starting server in home directory: /root/go/bin
2021/04/19 20:57:18 [INFO] Server Version: 1.5.0-snapshot-70634d4d
2021/04/19 20:57:18 [INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
2021/04/19 20:57:19 [WARNING] &{69 The specified CA certificate file /root/go/bin/ca-cert.pem does not exist}
2021/04/19 20:57:19 [INFO] generating key: &{A:ecdsa S:256}
C_GenerateKeyPair failed with error CKR_ATTRIBUTE_VALUE_INVALID : 0x00000013
C_GenerateKeyPair failed with error CKR_ATTRIBUTE_VALUE_INVALID : 0x00000013
Error: Failed generating ECDSA P256 key: P11: keypair generate failed [pkcs11: 0x13: CKR_ATTRIBUTE_VALUE_INVALID]
My BCCSP configuration looks like this,
bccsp:
default: PKCS11
pkcs11:
Library: /opt/cloudhsm/lib/libcloudhsm_pkcs11.so
Pin: 'user:password'
Label: cavium
hash: SHA2
security: 256
Any pointer would be really helpful.
Thanks Shantanu
You can follow the configuration instructions in the fabric docs here: https://hyperledger-fabric.readthedocs.io/en/release-2.2/hsm.htmlJust make sure you match the docs version to the Fabric version you are using. Best, Chris I didn't find any blog around fabric using AWS cloudshm, however, I understand that I need to run aws hsm client on the same machine fabric component would run. Can someone suggest what the PKCS11 section would look like? This is how it currently looks if I use softhsm.
bccsp:
default: PKCS11
pkcs11:
Library: /usr/lib/softhsm/libsofthsm2.so
Pin: XX
Label: fabric
hash: SHA2
security: 256
filekeystore:
keystore: msp/keystore Thanks Shantanu
BTW, I see nothing wrong with the
official docs containing these kinds of links. Being helpful to
new users should take precedence over concerns about the
appearance of favoring one vendor over another, and the latter can
be mitigated by providing multiple such links and adding to them
when asked.
Brian
On 4/12/21 6:49 AM, Kumar Shantanu
wrote:
Thanks, Chris,
I will try and google :)
Would you be able to share some of those links if you have
them handy, it might be beneficial for others as well
searching through this mailing list.
Thanks
Shantanu
On Mon, Apr 12, 2021 at 2:18
PM Chris G < alaskadd@...> wrote:
Hello Shantanu,
The documentation purposefully leaves out any mention
of vendor-specific platforms or technologies and leaves
that part to the user. There are some who have posted
articles on Medium and YouTube for the type of material
you are looking for. Hope this helps.
Chris
Hello Team,
Do we have any documentation around how to use
AWS cloud HSM with hyperledger fabric.
Thanks
Shantanu
--
Brian Behlendorf
General Manager for Blockchain, Healthcare and Identity
bbehlendorf@...
Twitter: @brianbehlendorf
|
|
|
Chris Gabriel <alaskadd@...>
toggle quoted message
Show quoted text
On Apr 13, 2021, at 7:58 AM, Kumar Shantanu <km.shantanu@...> wrote:
I didn't find any blog around fabric using AWS cloudshm, however, I understand that I need to run aws hsm client on the same machine fabric component would run. Can someone suggest what the PKCS11 section would look like? This is how it currently looks if I use softhsm.
bccsp:
default: PKCS11
pkcs11:
Library: /usr/lib/softhsm/libsofthsm2.so
Pin: XX
Label: fabric
hash: SHA2
security: 256
filekeystore:
keystore: msp/keystore Thanks Shantanu
BTW, I see nothing wrong with the
official docs containing these kinds of links. Being helpful to
new users should take precedence over concerns about the
appearance of favoring one vendor over another, and the latter can
be mitigated by providing multiple such links and adding to them
when asked.
Brian
On 4/12/21 6:49 AM, Kumar Shantanu
wrote:
Thanks, Chris,
I will try and google :)
Would you be able to share some of those links if you have
them handy, it might be beneficial for others as well
searching through this mailing list.
Thanks
Shantanu
On Mon, Apr 12, 2021 at 2:18
PM Chris G < alaskadd@...> wrote:
Hello Shantanu,
The documentation purposefully leaves out any mention
of vendor-specific platforms or technologies and leaves
that part to the user. There are some who have posted
articles on Medium and YouTube for the type of material
you are looking for. Hope this helps.
Chris
Hello Team,
Do we have any documentation around how to use
AWS cloud HSM with hyperledger fabric.
Thanks
Shantanu
--
Brian Behlendorf
General Manager for Blockchain, Healthcare and Identity
bbehlendorf@...
Twitter: @brianbehlendorf
|
|
|
I didn't find any blog around fabric using AWS cloudshm, however, I understand that I need to run aws hsm client on the same machine fabric component would run. Can someone suggest what the PKCS11 section would look like? This is how it currently looks if I use softhsm.
bccsp:
default: PKCS11
pkcs11:
Library: /usr/lib/softhsm/libsofthsm2.so
Pin: XX
Label: fabric
hash: SHA2
security: 256
filekeystore:
keystore: msp/keystore Thanks Shantanu
BTW, I see nothing wrong with the
official docs containing these kinds of links. Being helpful to
new users should take precedence over concerns about the
appearance of favoring one vendor over another, and the latter can
be mitigated by providing multiple such links and adding to them
when asked.
Brian
On 4/12/21 6:49 AM, Kumar Shantanu
wrote:
Thanks, Chris,
I will try and google :)
Would you be able to share some of those links if you have
them handy, it might be beneficial for others as well
searching through this mailing list.
Thanks
Shantanu
On Mon, Apr 12, 2021 at 2:18
PM Chris G < alaskadd@...> wrote:
Hello Shantanu,
The documentation purposefully leaves out any mention
of vendor-specific platforms or technologies and leaves
that part to the user. There are some who have posted
articles on Medium and YouTube for the type of material
you are looking for. Hope this helps.
Chris
Hello Team,
Do we have any documentation around how to use
AWS cloud HSM with hyperledger fabric.
Thanks
Shantanu
--
Brian Behlendorf
General Manager for Blockchain, Healthcare and Identity
bbehlendorf@...
Twitter: @brianbehlendorf
|
|
|
Brian Behlendorf <bbehlendorf@...>
BTW, I see nothing wrong with the
official docs containing these kinds of links. Being helpful to
new users should take precedence over concerns about the
appearance of favoring one vendor over another, and the latter can
be mitigated by providing multiple such links and adding to them
when asked.
Brian
On 4/12/21 6:49 AM, Kumar Shantanu
wrote:
Thanks, Chris,
I will try and google :)
Would you be able to share some of those links if you have
them handy, it might be beneficial for others as well
searching through this mailing list.
Thanks
Shantanu
On Mon, Apr 12, 2021 at 2:18
PM Chris G < alaskadd@...> wrote:
Hello Shantanu,
The documentation purposefully leaves out any mention
of vendor-specific platforms or technologies and leaves
that part to the user. There are some who have posted
articles on Medium and YouTube for the type of material
you are looking for. Hope this helps.
Chris
Hello Team,
Do we have any documentation around how to use
AWS cloud HSM with hyperledger fabric.
Thanks
Shantanu
--
Brian Behlendorf
General Manager for Blockchain, Healthcare and Identity
bbehlendorf@...
Twitter: @brianbehlendorf
|
|
|
Thanks, Chris,
I will try and google :)
Would you be able to share some of those links if you have them handy, it might be beneficial for others as well searching through this mailing list.
Thanks Shantanu
toggle quoted message
Show quoted text
On Mon, Apr 12, 2021 at 2:18 PM Chris G < alaskadd@...> wrote: Hello Shantanu,
The documentation purposefully leaves out any mention of vendor-specific platforms or technologies and leaves that part to the user. There are some who have posted articles on Medium and YouTube for the type of material you are looking for. Hope this helps.
Chris
Hello Team,
Do we have any documentation around how to use AWS cloud HSM with hyperledger fabric.
Thanks
Shantanu
|
|
|
Chris Gabriel <alaskadd@...>
Hello Shantanu,
The documentation purposefully leaves out any mention of vendor-specific platforms or technologies and leaves that part to the user. There are some who have posted articles on Medium and YouTube for the type of material you are looking for. Hope this helps.
toggle quoted message
Show quoted text
Hello Team,
Do we have any documentation around how to use AWS cloud HSM with hyperledger fabric.
Thanks
Shantanu
|
|
|
Hello Team,
Do we have any documentation around how to use AWS cloud HSM with hyperledger fabric.
Thanks
Shantanu
|
|
|
