我正在运行Hyperledger Fabric v2.2.3从github发布,在Oracle Linux 8.4
https://github.com/hyperledger/fabric/releases/download/v2.3.3/hyperledger-fabric-linux-amd64-2.3.3.tar.gz
我正在运行没有dockers的orderer和peer。
和我运行PKCS11使用SoftHSM 2.5.0没有FabricCA。
我也遵循了官方文档中的指南来设置PKCS11.
https://hyperledger-fabric.readthedocs.io/en/release-2.2/hsm.html
我也读了这个stackoverflow帖子,说明需要删除SW部分。
对等节点开始抛出无法找到默认pkcs11 BCCSP错误
我成功生成了令牌,即Orderer和Peer的证书。
My Orderer启动一切都成功了,但我的Peer没有。
问题:github v2.2.3版本中预构建的对等二进制文件是否未启用PKCS11 ?
我是否需要自己构建对等文件以启用PKCS11支持?
2021-09-15 10:05:50.583 +08 [bccsp] GetDefault -> DEBU 001 Before using BCCSP, please call InitFactories(). Falling back to bootBCCSP.
2021-09-15 10:05:50.585 +08 [bccsp] GetDefault -> DEBU 002 Before using BCCSP, please call InitFactories(). Falling back to bootBCCSP.
2021-09-15 10:05:50.594 +08 [bccsp] GetDefault -> DEBU 003 Before using BCCSP, please call InitFactories(). Falling back to bootBCCSP.
2021-09-15 10:05:50.595 +08 [main] InitCmd -> ERRO 004 Cannot run peer because error when setting up MSP of type bccsp from directory /appl/blockchain/peerOrganizations/org1/users/Admin@org1/msp: could not initialize BCCSP Factories: Could not find default `PKCS11` BCCSP
My Peer core.yaml
BCCSP:
Default: PKCS11
PKCS11:
Library: /appl/softhsm/lib/softhsm/libsofthsm2.so
Label: fabric
Pin: 123456
Hash: SHA2
Security: 256
Immutable: false
我在对等节点上的目录结构和文件。
您可以忽略tls,因为我目前没有使用任何tls。
[user@hyperledgerfabric org1]# tree users
users
└── Admin@org1
├── msp
│ ├── admincerts
│ ├── cacerts
│ │ └── ca.org1-cert.pem -> ../../../../ca/ca.org1-cert.pem
│ ├── config.yaml
│ ├── keystore
│ ├── signcerts
│ │ └── Admin@org1-cert.pem
│ └── tlscacerts
│ └── tlsca.org1-cert.pem -> ../../../../tlsca/tlsca.org1-cert.pem
└── tls
├── ca.crt -> ../../../tlsca/tlsca.org1-cert.pem
├── client.crt
└── client.csr
在启用PKCS11的情况下更新编译后的对等体:
现在它给出了错误不能找到KeyMaterial:
2021-09-17 10:50:44.513 +08 [bccsp_p11] getECKey -> DEBU 019 Private key not found [Key not found [00000000 9e c0 9a a7 5c df 5b 13 25 61 15 a4 d2 8c f3 ba |.....[.%a......|
00000010 90 c4 15 10 b5 e0 a6 48 de fd 23 96 14 29 b1 83 |.......H..#..)..|
]] for SKI [9ec09aa75cdf5b13256115a4d28cf3ba90c41510b5e0a648defd23961429b183], looking for Public key
2021-09-17 10:50:44.515 +08 [bccsp_p11] GetKey -> DEBU 01a Key not found using PKCS11: Public key not found [Key not found [00000000 9e c0 9a a7 5c df 5b 13 25 61 15 a4 d2 8c f3 ba |.....[.%a......|
00000010 90 c4 15 10 b5 e0 a6 48 de fd 23 96 14 29 b1 83 |.......H..#..)..|
]] for SKI [9ec09aa75cdf5b13256115a4d28cf3ba90c41510b5e0a648defd23961429b183]
2021-09-17 10:50:44.515 +08 [msp] getSigningIdentityFromConf -> DEBU 01b Could not find SKI [9ec09aa75cdf5b13256115a4d28cf3ba90c41510b5e0a648defd23961429b183], trying KeyMaterial field: Key not found. This is a dummy KeyStore
Failed getting key for SKI [[158 192 154 167 92 223 91 19 37 97 21 164 210 140 243 186 144 196 21 16 181 224 166 72 222 253 35 150 20 41 177 131]]
github.com/hyperledger/fabric/bccsp/sw.(*CSP).GetKey
/appl/src/fabric-2.2.3/bccsp/sw/impl.go:170
github.com/hyperledger/fabric/bccsp/pkcs11.(*impl).GetKey
/appl/src/fabric-2.2.3/bccsp/pkcs11/pkcs11.go:257
github.com/hyperledger/fabric/msp.(*bccspmsp).getSigningIdentityFromConf
/appl/src/fabric-2.2.3/msp/mspimpl.go:220
github.com/hyperledger/fabric/msp.(*bccspmsp).setupSigningIdentity
/appl/src/fabric-2.2.3/msp/mspimplsetup.go:401
github.com/hyperledger/fabric/msp.(*bccspmsp).preSetupV142
/appl/src/fabric-2.2.3/msp/mspimplsetup.go:586
github.com/hyperledger/fabric/msp.(*bccspmsp).setupV142
/appl/src/fabric-2.2.3/msp/mspimplsetup.go:647
github.com/hyperledger/fabric/msp.(*bccspmsp).Setup
/appl/src/fabric-2.2.3/msp/mspimpl.go:267
github.com/hyperledger/fabric/msp/cache.(*cachedMSP).Setup
/appl/src/fabric-2.2.3/msp/cache/cache.go:88
github.com/hyperledger/fabric/msp/mgmt.LoadLocalMspWithType
/appl/src/fabric-2.2.3/msp/mgmt/mgmt.go:33
github.com/hyperledger/fabric/internal/peer/common.InitCrypto
/appl/src/fabric-2.2.3/internal/peer/common/common.go:144
github.com/hyperledger/fabric/internal/peer/common.InitCmd
/appl/src/fabric-2.2.3/internal/peer/common/common.go:324
github.com/hyperledger/fabric/internal/peer/channel.glob..func1
/appl/src/fabric-2.2.3/internal/peer/channel/channel.go:102
github.com/spf13/cobra.(*Command).execute
/appl/src/fabric-2.2.3/vendor/github.com/spf13/cobra/command.go:746
github.com/spf13/cobra.(*Command).ExecuteC
/appl/src/fabric-2.2.3/vendor/github.com/spf13/cobra/command.go:852
github.com/spf13/cobra.(*Command).Execute
/appl/src/fabric-2.2.3/vendor/github.com/spf13/cobra/command.go:800
main.main
/appl/src/fabric-2.2.3/cmd/peer/main.go:54
runtime.main
/appl/go/src/runtime/proc.go:255
runtime.goexit
/appl/go/src/runtime/asm_amd64.s:1581
2021-09-17 10:50:44.515 +08 [main] InitCmd -> ERRO 01c Cannot run peer because error when setting up MSP of type bccsp from directory /appl/blockchain/peerOrganizations/org1/users/Admin@org1/msp: KeyMaterial not found in SigningIdentityInfo
以下是SoftHSM中的令牌和对象:
[user@hyperledgerfabric ~]# pkcs11-tool --module /appl/softhsm/lib/softhsm/libsofthsm2.so --token-label "fabric" --list-objects
Certificate Object; type = X.509 cert
label: tlspeer.org1
subject: DN: C=MY, ST=Wilayah Persekutuan Kuala Lumpur, L=Kuala Lumpur, O=Default Company Ltd, CN=peer.org1
ID: 746c73706565722e66696e6578757367726f75702e636f6d0a
Certificate Object; type = X.509 cert
label: orderer.ordererOrg
subject: DN: C=MY, ST=Wilayah Persekutuan Kuala Lumpur, L=Kuala Lumpur, O=ordererOrg, OU=orderer, CN=orderer.ordererOrg
ID: 6f7264657265722e68616c616c666f6f6470672e66696e6578757367726f75702e636f6d0a
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 044104f8cab0e26330c5cde55afb3ffbffe0fee8a96cca7fcb08d7360e736b21552a337f0f29b1f68d708b296dcdc75922a9e709ffad6a3f3863f6ae039a71fac49d06
EC_PARAMS: 06082a8648ce3d030107
label: tlspeer.org1
ID: 746c73706565722e66696e6578757367726f75702e636f6d0a
Usage: encrypt, verify, wrap, derive
Access: local
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 044104ae4ae570e763654d9fa9f3bec3ffddde7402044153c32f3490e8f8d5a4c90be884385237fa9659914730ff38751bb3b9c8b046f7e9e6dc52b134ae247ff40ed0
EC_PARAMS: 06082a8648ce3d030107
label: tlsorderer.ordererOrg
ID: 746c736f7264657265722e68616c616c666f6f6470672e66696e6578757367726f75702e636f6d0a
Usage: encrypt, verify, wrap, derive
Access: local
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 04410458679db1f667a4bcf3c0b13f62e80fe9a9d4982881b7772f192e9cabc20158e33299856d995a0fbbd7523fa69e9fe3e5543c8ea5e0dc327348ece7625cb96860
EC_PARAMS: 06082a8648ce3d030107
label: tlsca.org1
ID: 746c7363612e66696e6578757367726f75702e636f6d0a
Usage: encrypt, verify, wrap, derive
Access: local
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 0441047bfd15d2a4e46e74a77d4000c48235f2a9781842b3716b3c5cf26a0519766e75e49c0aac9c5939e0d54f8070acb2a82f232a5627abc4e9d2e00fc9adc1f6c66d
EC_PARAMS: 06082a8648ce3d030107
label: peer.org1
ID: 706565722e66696e6578757367726f75702e636f6d0a
Usage: encrypt, verify, wrap, derive
Access: local
Certificate Object; type = X.509 cert
label: tlsAdmin@org1
subject: DN: C=MY, ST=Wilayah Persekutuan Kuala Lumpur, L=Kuala Lumpur, O=Default Company Ltd, CN=Admin@org1
ID: 746c7341646d696e4066696e6578757367726f75702e636f6d0a
Certificate Object; type = X.509 cert
label: ca.org1
subject: DN: C=MY, ST=Wilayah Persekutuan Kuala Lumpur, L=Kuala Lumpur, O=org1, CN=ca.org1
ID: 63612e66696e6578757367726f75702e636f6d0a
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 044104de510ebd9f4de1dede7fb602ce17404222565b1214af54807d13b5fca21027e8f004efe5f924cfa5ada25db85757bbd887a5071ade0a0e13247ce5075ef36562
EC_PARAMS: 06082a8648ce3d030107
label: ca.org1
ID: 63612e66696e6578757367726f75702e636f6d0a
Usage: encrypt, verify, wrap, derive
Access: local
Certificate Object; type = X.509 cert
label: Admin@ordererOrg
subject: DN: C=MY, ST=Wilayah Persekutuan Kuala Lumpur, L=Kuala Lumpur, O=ordererOrg, OU=admin, CN=Admin@ordererOrg
ID: 41646d696e4068616c616c666f6f6470672e66696e6578757367726f75702e636f6d0a
Certificate Object; type = X.509 cert
label: tlsca.ordererOrg
subject: DN: C=MY, ST=Wilayah Persekutuan Kuala Lumpur, L=Kuala Lumpur, O=ordererOrg, CN=tlsca.ordererOrg
ID: 746c7363612e68616c616c666f6f6470672e66696e6578757367726f75702e636f6d0a
Certificate Object; type = X.509 cert
label: tlsca.org1
subject: DN: C=MY, ST=Wilayah Persekutuan Kuala Lumpur, L=Kuala Lumpur, O=org1, CN=tlsca.org1
ID: 746c7363612e66696e6578757367726f75702e636f6d0a
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 0441040c778079386f8febd1b72bd4c04b387117ae83109cfbccb85c3a6d9f36fe195567c657bf14ea49fb6991bacd505469c07818e2ab34befee3a0d2f44f0ed4bfee
EC_PARAMS: 06082a8648ce3d030107
label: Admin@ordererOrg
ID: 41646d696e4068616c616c666f6f6470672e66696e6578757367726f75702e636f6d0a
Usage: encrypt, verify, wrap, derive
Access: local
Certificate Object; type = X.509 cert
label: tlsorderer.ordererOrg
subject: DN: C=MY, ST=Wilayah Persekutuan Kuala Lumpur, L=Kuala Lumpur, O=Default Company Ltd, CN=orderer.ordererOrg
ID: 746c736f7264657265722e68616c616c666f6f6470672e66696e6578757367726f75702e636f6d0a
Certificate Object; type = X.509 cert
label: peer.org1
subject: DN: C=MY, ST=Wilayah Persekutuan Kuala Lumpur, L=Kuala Lumpur, O=org1, OU=peer, CN=peer.org1
ID: 706565722e66696e6578757367726f75702e636f6d0a
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 044104372fd1ef78bd6ed5ee952c177fc1990cf20c6aebc72106f54bd9a6423192aa1ed5698447618b5ea2b0569508c8dce3587e94268e570734396bcda60650a6d17a
EC_PARAMS: 06082a8648ce3d030107
label: orderer.ordererOrg
ID: 6f7264657265722e68616c616c666f6f6470672e66696e6578757367726f75702e636f6d0a
Usage: encrypt, verify, wrap, derive
Access: local
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 04410445fe15a00a608ccae5db578277fb2d31d14193161a317e2a9145be9a0dcfdadff534b2ee86fe0872ba1ef9a5868b7c23439544a7c0880485442053217e5a9239
EC_PARAMS: 06082a8648ce3d030107
label: tlsca.ordererOrg
ID: 746c7363612e68616c616c666f6f6470672e66696e6578757367726f75702e636f6d0a
Usage: encrypt, verify, wrap, derive
Access: local
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 0441045ff498d46abb2dc1bb915a97d29b0713b3e448e2bc3253e83e972f7812c5d4a556a04dafb175630e45d97481e71476eef74a8439c5afe8b0a2d0c85bdc2ef282
EC_PARAMS: 06082a8648ce3d030107
label: Admin@org1
ID: 41646d696e4066696e6578757367726f75702e636f6d0a
Usage: encrypt, verify, wrap, derive
Access: local
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 04410487a8c34237457651cb0b87c6559d7d4fc6e055cf17fec1b2a42f6f22bbc0b4ea3d02b1336bc5d4cc8267dd01ce081a8ebd6d18ba8e41c2e241bda2bfdbdcb980
EC_PARAMS: 06082a8648ce3d030107
label: ca.ordererOrg
ID: 63612e68616c616c666f6f6470672e66696e6578757367726f75702e636f6d0a
Usage: encrypt, verify, wrap, derive
Access: local
Certificate Object; type = X.509 cert
label: tlsAdmin@ordererOrg
subject: DN: C=MY, ST=Wilayah Persekutuan Kuala Lumpur, L=Kuala Lumpur, O=Default Company Ltd, CN=Admin@ordererOrg
ID: 746c7341646d696e4068616c616c666f6f6470672e66696e6578757367726f75702e636f6d0a
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 0441040c7c76519783ed1015354fa8e6130c340bcb89f10238da9f80d002bdc53851a30af2a2114697ba9832ec813506764399b370b1ccf664551b8730b083d198e933
EC_PARAMS: 06082a8648ce3d030107
label: tlsAdmin@org1
ID: 746c7341646d696e4066696e6578757367726f75702e636f6d0a
Usage: encrypt, verify, wrap, derive
Access: local
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 044104f0e26cf7dcee25b140769ed1ffd5e2b26608524656ea844d183e655c3be614da1b24b6503b36b3de72ceda78bb7535560eb40090016c810b92cf42a39ef9c587
EC_PARAMS: 06082a8648ce3d030107
label: tlsAdmin@ordererOrg
ID: 746c7341646d696e4068616c616c666f6f6470672e66696e6578757367726f75702e636f6d0a
Usage: encrypt, verify, wrap, derive
Access: local
Certificate Object; type = X.509 cert
label: Admin@org1
subject: DN: C=MY, ST=Wilayah Persekutuan Kuala Lumpur, L=Kuala Lumpur, O=org1, OU=admin, CN=Admin@org1
ID: 41646d696e4066696e6578757367726f75702e636f6d0a
Certificate Object; type = X.509 cert
label: ca.ordererOrg
subject: DN: C=MY, ST=Wilayah Persekutuan Kuala Lumpur, L=Kuala Lumpur, O=ordererOrg, CN=ca.ordererOrg
ID: 63612e68616c616c666f6f6470672e66696e6578757367726f75702e636f6d0a
您是正确的,fabric的预构建二进制文件没有启用pkcs11。您需要从源代码构建对等体和排序器二进制文件,指定标记pkcs11以创建支持PKCS11的版本