Hyperledger has this wallet thing where a set of user identities are stored. I am trying to understand if this concept of wallet in Hyperledger is the same as the one used in Metamask. For example, when you want to use a dApp, you need to have Metamask extension installed in a chrome browser. Then the dApp use your Metamask address to identify you. How does that relate to Hyperledger wallet?
In case Hyperledger Fabric, the user/client application have to do two steps to commit a transaction to the blockchain ledger.
Get transaction endorsements from enough number of peers
Send the endorsed transaction to orderer to get the transaction included in a block.
The user has to sign these transaction endorsement and ordering proposal before sending to peers/orderer. The wallet stores the private key and certificate of the user for this signing purpose. This way, client authenticates the requests to peers/orderers. Usually, wallet is managed using the application SDKs. Refer HLF Node SDK wallet documentation for more details.
HLF official documentation of wallet.
Related
In Hyperledger ledger, how could I list endorsing peers of a specific chaincode?
I have a channel with 5 peers but I need that only three of them endorse a transaction while the other two need only to access to same ledger.
You can use the discovery service to get the endorsing peer. Here you can find some information:
https://hyperledger-fabric.readthedocs.io/en/latest/discovery-overview.html
Hyperledger fabric has a CLI tool to query the discovery service:
https://hyperledger-fabric.readthedocs.io/en/latest/discovery-cli.html
For node.js applications, you can follow the tutorial here:
https://hyperledger.github.io/fabric-sdk-node/release-1.4/tutorial-discovery.html
With the latest Fabric Client SDKs (personally using GO client), you don't need to deal with endorsement policies. Client SDK already does this dirty work for you. It extracts:
Which organizations' endorsements are required for this chaincode, key (key level endorsement policy can be defined as well), etc.
Which peers currently exist in the system and what are their MSPs (from discovery service).
According to these information, client SDK builds a set of necessary peers then sends your transaction request to all. It waits response from requested endorsers. Once it collects all responses, it sends to orderer and so on.
If you have a special case which you need to manually set endorsing peers of your choice (I had one use case about private collections so I had to use this approach) check out discovery service API of your client SDK.
I have setup the hyper-ledger fabric with 2 organisation its working well and i have connected my organisation to hyper-ledger fabric block explorer everything is working well. My question is, In hyper-ledger block explorer how/where i can get the details of signer of transaction.
Eg: Let's assume, i have multiple user in organisation have write permission. if some send the transaction, how i can get the information about that particular user has signed the transaction in block explorer.
#fama,
I hope you have used oficial hyperledger fabric explorer https://github.com/hyperledger/blockchain-explorer
It's possible to see who the user proposed the transaction using R/W sets and you can see creator MSP and endorser organization MSP
From the hyperledger fabric explorer UI it seems not possible to see
Below are the details you can usee of a particular transaction from blockchain explorer
Transaction ID: 7229737c95cda5bd49c2b7bd37de3ead4c91ebbce9be13f22c99914435a8f48d
Validation Code: VALID
Payload Proposal Hash: ad3bbab0e42c5e48bb6283965c2141561b46ae8535ef9e4a8f7aad6025aea3a3
Creator MSP: org1MSP
Endoser: {"org1MSP","org1MSP"}
Chaincode Name: points
Type: ENDORSER_TRANSACTION
Time: 2019-11-27T07:42:31.871Z
Reads:
Writes:
I have a case where I have hyperledger fabric network two orgs with one endorser peers on each org. there is a write policy that says, 'both the orgs to sign the transaction to commit the ledger'. in this case how can a client app of one org send transaction request to both the orgs' endorsers? Can a client have identity info from both the orgs which I thing not suggestible.
Please suggest with resource links covered this case.
Hyperledger fabric has Service Discovery Api for it.
Service discovery helps render configurations dynamically which are required to propose transaction,execute chaincode on peer and get endorsement policy associated with chaincode.
Bellow are the links to help you over it.
read the docs explaination for discovery service
node.sdk discovery service tutorial
I want to know whether Hyperledger composer SDKs (Node JS) out of the box provides any encryption over transaction data.
Let's assume that if I am writing following transaction to the Hyperledger Fabric through a following composer terminal command,
composer transaction submit -c admin#tutorial-network -d '{"$class":"net.biz.digitalPropertyNetwork.RegisterPropertyForSale","transactionId":"TRANSACTION_001","seller":"mae#biznet.org","title":"TITLE_001"}'
or submitting trasaction through hyperledger composer SDK as in following code snippet (extracted from : https://hyperledger.github.io/composer/v0.19/reference/composer.transaction.submit.html)
const TransactionSubmit = require('composer-cli').Transaction.Submit;
let options = {
card: 'admin#tutorial-network',
data: '{"$class":"net.biz.digitalPropertyNetwork.RegisterPropertyForSale","transactionId":"TRANSACTION_001","seller":"mae#biznet.org","title":"TITLE_001"}'
};
TransactionSubmit.handler(options);
I can see that card value (admin#tutorial-network) is provided in both of above cases. And I can also understand that card contains necessary details to properly authorize access to the smart contract (in this case, RegisterPropertyForSale) too.
The problem is, when we send transactions to hyperledger fabric (fabric peers) for processing, do they send in an encrypted form and signed by the card? or are they just sent in plain text format?
Fabric transactions are not encrypted; they are of course signed.
All of the SDKs sign the message using the private key associated with the client identity (including the identity cards used by Composer).
Encrypting the data in the transaction is left to the user. Note that if you do encrypt the data, then every peer which will endorse the chaincode / smart contract must have access to the encryption/decryption key. It's also possible to pass this in via the transient data field in the transaction message. You'd need to do this directly via the SDK as this is not built-in to the Composer client.
what is Application's own signature in this context, and how can someone using hyperledger fabric node SDK can set the application's signature?
the application that you are talking about is simply a client app which talks to the ledger. The issue here is not the client app, the issue here is that you need a proper endorsement policy which establishes how anything goes onto the ledger.
Imagine this scenario ...
you have 2 orgs, Org1 and Org2, both owning one peer, P1 belongs to Org1, P2 belongs to Org2 and both peers joined on a channel, let's call it defaultchannel.
you deploy and instantiate your chaincode and set a basic endorsement policy which is 1-Of.
Each org has a client application, running against their own peer. When Org1 submits a transaction to the ledger, its validity is endorsed by itself, but not by the second org, because your policy requires only one to accomplish this. Basically in any network where you have more than one org, you really want a proper endorsement policy. 2-Of would work in the case of our example as any transaction would need to be validated by both orgs and that gives the ledger much better integrity.
Bottom line, your fabric network needs to be properly built and protected, especially in a production environment and this allows it to be protected by any client apps which have rights to interact with it. Your network being protected means that it doesn't matter how a client app is built and what it tries to do, it won't be able to bypass mechanisms such as the endorsement mechanisms.