Table of contents
1. Cryptogen module command description
2. Configuration file for cryptogen module
3. cryptogen instance: create test configuration file
4. The structure of the Fabric certificate file
The cryptogen module is mainly used to generate organizational structure and account related files. The development of any Fabric system usually starts from the cryptogen module. In the Fabric project, when the system design is completed, the first job is to write the configuration files of cryptogen according to the system design, and then generate the relevant certificate files through these configuration files. The configuration files used by the cryptogen module are the cornerstone of the entire Fabric project. Below we will describe the cryptogen module command line options and how to use them.
1. Cryptogen module command description
The cryptogen module is run through the command line. A cryptogen command consists of command line parameters and configuration files
. By executing the command cryptogen --help, the command line options of the cryptogen module can be displayed. The execution
result is as follows:
usage : cryptogen [<flags>] <command> [<args> . . ]
Utility for generating Hyperledger Fabr 工 C key material
Flags :
--help
Commands :
help
generate
showtemplate
versionexplain:
- help : Display help information.
- generate : Generate certificate information based on the configuration file.
- showtemplate : Display system default cryptogen module configuration file information.
- version : Displays the version number of the current module.
The generate command option is used to generate the certificate file related to the Fabric system according to the configuration file.
2. Configuration file for cryptogen module
The configuration file of the cryptogen module is used to describe the characteristics of the certificate file to be generated, such as: how many organizations,
how many nodes, how many accounts are required, etc.
Here we use a specific example of the cryptogen module configuration file to get a preliminary understanding of the structure of the configuration file. This example is an example that comes with the Fabric source code. The detailed path is as follows:
https://github.com/hyperledger/fabric/ blob/release/examples/e2e_cli/crypto-config.yaml
OrdererOrgs //定义orderer 节点
- Name · Orderer //orderer 节点的名称
Domain : example.com //orderer 节点的根域名
Specs :
- Hostname : orderer //orderer节点的主机名
PeerOrgs :
- Name : Orgl //组织1 的名称
Domain: orgl.exarnple.com //组织1 的根域名
Template :
Count :2 //组织1 的节点数目
Users :
Count : 3 //组织1 中的用户数目
- Name : Org2
Domain : org2.example.com
Template :
Count : 2
Users :
Count : 1 In addition to the examples provided in the Fabric source code, the default template files can also be obtained through the command cryptogen showtempl ate
, and these default template files can be used in actual projects with slight modifications.
3. cryptogen instance: create test configuration file
- Create a test configuration file
Now we use an example to demonstrate the use of the cryptogen module. We will define a Fabric system for testing. First, define a root domain name qklszzn.com o orderer node for the whole system. We name it Orderer. In this test system, we assume that there are three organizations named org1, org2, and org3. The organization org1 includes 4 nodes and 6 users, the organization org2 includes 5 nodes and 11 users, and the organization org3 includes 3 nodes and 13 users. We will test the relevant information of the civilian Fabric system as shown in Table 5-2 and Table 5-3.
According to the basic information of the above Fabric system, we can write the configuration file for the cryptogen module.
The content of the configuration file is as follows:
OrdererOrgs :
- Name : Orderer
Domain: qklszzn.com
Specs :
- Hostname : orderer
PeerOrgs :
- Name : Orgl
Domain : orgl.qklszzn.com
Template :
Count : 4
Users
Count : 6
- Name · Org2
Domain : org2.qklszzn.com
Template :
Count: 5
Users :
Count : 11
-Name : Org3
Domain : org3.qklszzn.com
Template :
Count : 3
Users :
Count 13- Generate certificate file
We can generate the relevant certificate files through the generate command of the cryptogen module. The command looks like this:
cryptogen generate --config=/opt/hyperledger/fabricconfig/crypto-config . yaml --output /opt/hyperledger/fabricconfig/crypto-config
/opt/hyperledger/fabricconfig is the directory where the certificate files are stored, or any folder with read and write permissions, but it needs to be created in advance.
After entering the /opt/hyperledger/fabricconfig/crypto-config folder, there are two subfolders, which are
displayed as follows through the command tree -L 2:
After the command is executed successfully, enter the ordererOrganizations subfolder, and then use the command tree -L4 to display the following:
In actual development, these certificates of the orderer node do not need to be used directly. It is only necessary to specify the position of the project when the orderer node is started. In the following section about the orderer node, the point alignment link will describe in detail how to allocate these certificate file.
4. The structure of the Fabric certificate file
The certificate files generated by the cryptogen module are the certificate files required for the operation of the Fabric system. Next, we will
introduce the types and functions of these certificate files in detail. After entering the folder peerOrganizations, execute the command tree -L 1, the
command result is as follows:
From the results of the above commands, we can find that there are three sub-files in the folder peerOrganizations. From the naming of these three sub-folders, it can be found that they correspond to the three organizations defined in the previous configuration file (refer to Table 5-3 for related content). ). The correspondence between the three subfolders in the folder peerOrganizations and the organizations described in Table 5-3 is shown in Table 5-4.
Since the structure of the folders that store these three organizations is the same, let's take the organization orgl as an example to illustrate the role of these files. Since there are many users and nodes in orgl, but the same node and user have the same configuration, we only keep the configuration information of one node and one user in the example.
Enter the folder orgl .qklszzn.com and execute the command tree -L 5. The display is as follows:
The certificate generated by the Cryptogen module is an important part of the Fabric system and is the beginning of all Fabric systems.