Summary

Reviewed the Vault Transit Engine for signing Fabric transactions.  Vault keeps the private key internally for users. 

The Vault Transit engine provides a numeric token to the user, and node.js uses the token to access Vault services, such as signing a CSR.

The steps for using Vault Transit with Fabric are:

  1. A new X509Provider is set up in Fabric.  
  2. A private key is created in Vault Transit Engine
  3. Vault generates a CSR
  4. Fabric enrolls user with the CSR from Vault
  5. A X509 certificate is then stored in the filesystem for Fabric to use
  6. Requests are signed with the X509 certificate

Reviewed the Chrome extension for signing Fabric requests, but it in fact goes to the Fabric server for security credentials, so it does not do client side security.  It is just UI that we could use later.

Our plan at this point is:

  1. In Fabric, support taking a CSR, registering a user with it, and signing requests with the X509 certificate from the CSR
  2. Support CSR's from Vault Transit Engine, command line example, or a client app which is responsible for private keys and then provides CSR for them to Fabric.

Pritam Singhwill work on creating a pull request for Fabri for some of his changes and then modifying the typescript app to accept identities.

Bertrand WILLIAMSRIOUXwill work on changes to the typescript app to enroll user and then clients to connect to the typescript app to sign Fabric requests while keeping private keys offline.

Recording:


Hyperledger is committed to creating a safe and welcoming

community for all. For more information

please visit the Hyperledger Code of Conduct.


Time:


Dial-In Information:  [ZOOM]

You can join either from your computer or from your phone: