问题描述

在进行Hyperledger架构设置时，我们创建加密材料并提及组织的用户，并相应地生成用户加密材料，该材料用于在通过CLI登录时调用链码.另外，当我们尝试通过SDK连接网络时，我们还需要注册并注册用户以连接到网络.那么，这两个用户之间有什么区别?

While doing Hyperledger fabric setup, we create crypto material and mention users for organizations and and correspondingly user crypto material gets generated which is used to invoke chaincode while logging through CLI. Also, when we try to connect network through SDK we also need to enroll and register user to connect to network. So, what is the difference between these two users?

推荐答案

用于生成Hyperledger Fabric密钥材料的Cryptogen实用程序主要仅用于测试环境.

Cryptogen utility used for generating Hyperledger Fabric key material is mainly meant to be used for testing environment only.

它会在Fabric CA Server启动之前生成CA证书. {在生产环境中不会是这种情况.}

It generates the CA certificate before the Fabric CA Server is up. {This won't be the case in production env.}

此证书已安装在 docker-compose.yaml 文件中的fabric-ca上.可以通过 volumes 关键字完成，如以下代码段所示:

This certificate is mounted to fabric-ca in docker-compose.yaml file. This is done via volumes keyword as in the below snippet:

ca.example.com: image: hyperledger/fabric-ca environment: - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server - FABRIC_CA_SERVER_CA_NAME=ca.example.com - FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem - FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/4239aa0dcd76daeeb8ba0cda701851d14504d31aad1b2ddddbac6a57365e497c_sk ports: - "7054:7054" command: sh -c 'fabric-ca-server start -b admin:adminpw -d' volumes: - ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config container_name: ca.example.com networks: - basic

ca.example.com: image: hyperledger/fabric-ca environment: - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server - FABRIC_CA_SERVER_CA_NAME=ca.example.com - FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem - FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/4239aa0dcd76daeeb8ba0cda701851d14504d31aad1b2ddddbac6a57365e497c_sk ports: - "7054:7054" command: sh -c 'fabric-ca-server start -b admin:adminpw -d' volumes: - ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config container_name: ca.example.com networks: - basic

以上脚本中的命令'fabric-ca-server start -b admin:adminpw -d'注册了引导程序标识.应用程序使用此引导程序身份来注册"admin"用户.在此注册过程中，fabric-ca-server为该应用程序提供了一个ecert，用户私钥和cacert链PEM文件.

The command 'fabric-ca-server start -b admin:adminpw -d' in above script registers a bootstrap identity. This bootstrap identity is used by the application to enroll the 'admin' user. During this enrollment, fabric-ca-server gives the app a ecert, users private key and cacert chain PEM files.

从以上参考文献中，将使用相同的根CA证书颁发由cryptogen生成并通过应用程序生成的用户证书.

使用CLI执行命令时，例如安装链码，实例化链码等，您将使用由加密源生成的用户证书，因为它们被装入了相应的对等方.再次参考 docker-compose.yaml 中对等体的 volumes 部分:

When using CLI to execute commands such install chaincode, instantiate chaincode etc. you will be using the user certs generated by the cryptogen as these are mounted into the corresponding peer. Again refer to the volumes section of peer in docker-compose.yaml for this:

volumes:
        - /var/run/:/host/var/run/
        - ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/msp/peer
        - ./crypto-config/peerOrganizations/org1.example.com/users:/etc/hyperledger/msp/users
        - ./config:/etc/hyperledger/configtx

这篇关于通过cryptogen创建的用户和通过Fabric CA Server注册的用户之间的差异的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！