Let’s start building an example network that consists of three organizations (Org1, Org2 & Org3). Each of these organizations contribute two peers. The ordering service part of a network should consists of few Orderer nodes but to keep this example simple we will use only one (solo) node as shown in the diagram below. However at this point of time there is no trust relationship between the organizations and the network entities that they are providing.
In Fabric network the authenticity, confidentiality and privacy of the transactions amongst the participants is ensured by using asymmetric cryptography and chain of trust. In simple words, we need a certificate authority that issues identities to the participants so that they can trust each other.
Fabric provides a tool called cryptogen (Crypto Generator) that is able to generate the certificates for the participating organizations and the entities contributed by them.
Before we look at how to use cryptogen we need to download it. The script provided by Hyperledger Fabric project at present downloads many other tools as well as required docker images so it may take few minutes depending on your network connection.
curl -sSL https://goo.gl/iX9dek | bash
Above command will figure out the operating system and the architecture of your machine & will download appropriate binaries and docker images. After the successful execution of above script you should have a folder named bin in the directory in which you executed the script. The bin folder will contain the cryptogen tool.
Crypto Generator (cryptogen)
The cryptogen tool accepts a yaml file as an input where the participants and the entities offered by them are specified.
In this yaml file we have specified an orderer (since we are using solo ordering service) and peers for Org1, Org2 and Org3. The PeerOrgs/Template/Count field in the file indicates the number of peers for an organization. In this example we have used the value 2 so we would have following peers:
- peer0.org1.ksachdeva-exp.com
- peer1.org1.ksachdeva-exp.com
- peer0.org2.ksachdeva-exp.com
- peer1.org2.ksachdeva-exp.com
- peer0.org3.ksachdeva-exp.com
- peer1.org3.ksachdeva-exp.com
Time to generate the certificates.
cryptogen generate --config=./crypto-config.yaml
The successful generation should result in a folder called crypto-config with a structure as shown below:
We now have necessary certificates and crypto materials for the various entities of our network however we have not yet configured or specified them to use.