Create identities in private blockchain network

Identity is a very important concept in private blockchain network, in which it is permissioned and all members are not anonymous.

Based on ECDSA signature algorithm, a private key is able to uniquely identify an entity, like a peer, an user, or any participants in the network.

Hyperledger Fabric is a well known private blockchain network platform in the current market, so how does it create identities? We can use it as an example to explore how identities be created in private blockchain network.

Basically there are 2 ways to create identities

cryptogen is a tool that provided by Fabric project. Basically, it will generate private key and associated x509 format digital certificate for all the components according to a configuration file called “crypto-config.yaml”. It will not be adopted in production environment because there can’t be a centre authority to hold the private key of all participants in blockchain network.

CA is short for certificate authority. Below graph is a process of a general work flow for CA.

The user need to initial an asymmetric key-pair (ECDSA-SHA256 default in Fabric), then it wraps the derived public key and user personal info, such as organization name, user name to form a CSR, sent to CA. Please note that the private key will not be sent to CA, only hold by user himself. The CA will then verify your info by phone call or other investigating method to make sure that you are the one you claimed. Finally it will generate a digital certificate, usually it’s x509 format, includes your public key and CA’s info, User’s info.

In private blockchain network, the digital certificate is a good way to show one’s identity to rest of participants. Not only because the public key inside digital certificate is able to verify the signature that signed by it’s paired private key, but also the it provides more detailed information about the participant. The CA is not necessary to be popular CAs, such as GoDaddy, Comodo, Symantec, etc, it can also be a self built CA by participant.

From the functionality point of view, CA is not a core component in private blockchain network, it only involves at the initial stage. Once entity get identity, the CA will not continue be part of the network work flow.

The above is the structure that demonstrate how CA be part of Hyperledger Fabric network. The core component of the network is the part that consist of peers highlighted in red. They can invoke CA service (get digital certificate) through SDK.

Fabric project provide a CA implementation, blew I will demonstrate how a application who want to join Fabric network get digital certificate from fabric CA.

Assume that you already set up docker environment and node.js development environment.

you can run below cmd to verify your downloads

The config file is for docker-compose cmd, it will start a CA image in Docker env by the below cmd.

And you can check your current running docker images by below cmd.

Now theFabric-CA is running with the default settings.

By using docker exec cmd, we can see that the ‘fabric-ca-server start’ cmd automatically generated config files for the CA, including private key (ca-key.pem) and digital certificate (ca-cert.pem) for CA itself.

Using npm init and npm install to manage the 2 important dependencies issued by Fabric project, ‘fabric-ca-client’, ‘fabric-network’

Be focus on the line 36, the ca.enroll function will generate a private key locally before sending CSR to CA as there is no ‘csr’ field in the JSON formatted params.

The x509 format digital certificate is hiding in the admin file. I use a simple script to extract the certificate and use openssl to decode it.

The article walked through briefly the position of identity module in private blockchain network and how to create it by using the example of Hyperledger Fabric. Having identity is not enough, it’s only the first step, how to use identity to make permission in the network is next the topic need to be focused on.

Identity in Hyperledger Fabric (Part 1)

Identity in Hyperledger Fabric (Part 2)

Related posts:

On being seen and heard. The social dimension of self-understanding. The impact of early childhood on our behaviors as adults. Attachment disorders. Belief in God. Yesterday was my birthday and I…

When I came to America in 6th grade I started to crave attention. That leads me to be obsessed with becoming popular. I would try out for sports that popular girls did, yet as an awkward Russian…

As I work with more and more couples, I am struck by how different every relationship really is. Think of your relationship as a giant mixing bowl. We all have our history, our stories, our values…