cryptogen是一個生成認證證書(x509 certs)的工具,在官網提供的fabric-samples/bin目錄下。
單獨從github下載的fabric-samples裏邊沒有bin目錄,所以得在fabric-samples目錄下使用附件的shell腳本文件下載或使用
curl -sSL https://goo.gl/Q3YRTi | bash
命令下載(如果提示網絡連不上,就得翻牆);
Cryptogen源碼在fabric/common/configtx/tool/configtxgen中,是一個獨立的可執行程序。v1.0.0之後的版本,源碼轉到fabric/common/tools/cryptogen/中。
最有效的方法就是去這個地址直接下載想要的版本:https://nexus.hyperledger.org/content/repositories/releases/org/hyperledger/fabric/hyperledger-fabric/
另外還有個方法就是從源碼編譯,首先下載Fabric源碼,然後將其放在“$GOPATH/src/github.com/hyperledger/fabric”目錄下,cd到fabric目錄下,使用(需要先安裝好go-lang)
-
cd $GOPATH/src/github.com/hyperledger/fabric
-
make configtxgen
-
# 如果出錯:'ltdl.h' file not found
-
sudo apt install libtool libltdl-dev
-
# 然後再運行make
-
make configtxgen
生成的文件目錄在:
build/bin/cryptogen
可以將bin目錄拷貝到fabric-samples用來快速生成first-network網絡配置
文件中包含了需要生成證書和公私鑰的Orderer與peer配置(官網文檔中提的是組織Organization的概念)。這些證書代表了身份,用來在實體間進行通信以及交易的時候進行簽名與驗證身份。配置文件內容如下:
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer
Domain: example.com
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
# ---------------------------------------------------------------------------
# Org1
# ---------------------------------------------------------------------------
- Name: Org1
Domain: org1.example.com
# ---------------------------------------------------------------------------
# "Specs"
# ---------------------------------------------------------------------------
# Uncomment this section to enable the explicit definition of hosts in your
# configuration. Most users will want to use Template, below
#
# Specs is an array of Spec entries. Each Spec entry consists of two fields:
# - Hostname: (Required) The desired hostname, sans the domain.
# - CommonName: (Optional) Specifies the template or explicit override for
# the CN. By default, this is the template:
#
# "{{.Hostname}}.{{.Domain}}"
#
# which obtains its values from the Spec.Hostname and
# Org.Domain, respectively.
# ---------------------------------------------------------------------------
# Specs:
# - Hostname: foo # implicitly "foo.org1.example.com"
# CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above
# - Hostname: bar
# - Hostname: baz
# ---------------------------------------------------------------------------
# "Template"
# ---------------------------------------------------------------------------
# Allows for the definition of 1 or more hosts that are created sequentially
# from a template. By default, this looks like "peer%d" from 0 to Count-1.
# You may override the number of nodes (Count), the starting index (Start)
# or the template used to construct the name (Hostname).
#
# Note: Template and Specs are not mutually exclusive. You may define both
# sections and the aggregate nodes will be created for you. Take care with
# name collisions
# ---------------------------------------------------------------------------
Template:
Count: 2
# Start: 5
# Hostname: {{.Prefix}}{{.Index}} # default
# ---------------------------------------------------------------------------
# "Users"
# ---------------------------------------------------------------------------
# Count: The number of user accounts _in addition_ to Admin
# ---------------------------------------------------------------------------
Users:
Count: 1
# ---------------------------------------------------------------------------
# Org2: See "Org1" for full specification
# ---------------------------------------------------------------------------
- Name: Org2
Domain: org2.example.com
Template:
Count: 2
Users:
Count: 1
裏邊主要包含Orderer組織的配置(包含1個Orderer)和peer組織的配置(包含2個peer組織org1,org2)。
Name:定義名稱
Domain與Hostname:組合成爲節點的名稱,也是生成後的文件夾的名稱。
Count:用來指定每個org下邊所擁有的節點數,這裏配置的是每個org各2個peer
Users:用來指定添加進節點的默認用戶數
3 cryptogen命令說明
使用如下命令,生成證書文件:
cryptogen generate --config=./crypto-config.yaml
保存在crypto-config目錄下