Agenda
- In Fabric, support taking a CSR, registering a user with it, and signing requests with the X509 certificate from the CSR
- Support CSR's from Vault Transit Engine, command line example, or a client app which is responsible for private keys and then provides CSR for them to Fabric.
- Client-server communication for key signing using Websocket.
Recording:
WebSocket based server-client communications for key management/singing
Complete set of tests for WSX509Provider integration with fabric will be presented during the next peer programming call.
Hyperledger is committed to creating a safe and welcoming community for all. For more information please visit the Hyperledger Code of Conduct. |
---|
Time:
- Monday, August 16, 2021 at 09 AM Pacific
- Add Climate Action and Accounting SIG calls to your calendar
Dial-In Information: [ZOOM]
You can join either from your computer or from your phone:
- From computer: https://zoom.us/j/6223336701?pwd=dkJKdHRlc3dNZEdKR1JYdW40R2pDUT09
- From phone: +1(855)880-1246 (toll free US number) or view International numbers
Meeting ID: 622 333 6701
4 Comments
Bertrand WILLIAMSRIOUX
Kamlesh Nagware Pritam Singh
A work obligation came up this afternoon and I will not be able to make todays' session.
Proposed changes to the Cactus/Vault integration on my fork. Added a new class (LedgerKeychains) that can be used to configure multiple security options. Add optional self-signed CSR to the user enroll method that can be used to store custom custom identity types (without private keys). Still n eed to build cactus plugin to support custom Identity Providers that link the fabric gateway to the endpoint where the private keys and signing happen.
Pritam updated me early today on his code for the Vault transit client. I am working on a parallel solution using a web socket connection between the fabric node server and a bowser or some other client device (e.g., mobile app/wallet)
Bertrand WILLIAMSRIOUX
Si Chen Kamlesh Nagware
See above the video of my progress using WebSocket to send signed messages between client and fabric server/middlewear.
Pritam Singh code is available on my fork https://github.com/brioux/blockchain-carbon-accounting/tree/secureFabric. I'll present the complete set of tests for the WSX509Identity provider at next weeks peer programming call. We can discuss next steps to use the secure-fabric package with cactus.
Pritam Singh
Looks great , Like Bertrand WILLIAMSRIOUX said this will open flood gate for lot of tools and application that can be developed around it or using it. Currently I'm moving vault signing logic to cactus ( will be done by Friday ) . I am implementing such a way that , adding support to new signing type (ie Vault-X.509, WS-X.509 or gRPC-X.509 ) won't require the developer to care about the `crypto` part.
Will talk more about the future plans on our next peer programming and will present some diagram on how we can support all Default , Vault and Web-socket signing method in our `typescript` application.
Thank You
Robin Klemens
Bertrand WILLIAMSRIOUX and Pritam Singh, maybe the following event is worth attending for both of you:
https://www.hyperledger.org/event/hyperledger-in-depth-an-hour-with-thales-increasing-cybersecurity-for-hyperledger-fabric