Master Key Protection with KeyStore

Generate Master Key Without KeyStore

Set the MASTERKEY_KEY_STORE_ENABLED parameter of the config.ini file to false (default) to generate a master key without a KeyStore.

Generate Master Key Using KeyStore

Set the MASTERKEY_KEY_STORE_ENABLED parameter of the config.ini file to true.

Create KeyStore Directory

After adding the encryption module to the fabric-server-start.sh module, create the Keystore folder under the k2view home directory for all nodes:

cd $K2_HOME
mkdir .keystore

Run the keytool

Run the keytool command on the coordinator node:

keytool -genseckey -alias masterkey_key_name -keyalg aes -keysize 256 -storepass <password> -keystore  $K2_HOME/.keystore/fabric.keystore -storetype PKCS12
  • Copy the key to all other nodes:
scp $K2_HOME/.keystore/fabric.keystore fabric@10.10.10.10:/$K2_HOME/.keystore/

Edit Config.ini Script

  • Edit the KEY_STORE_PASSWORD parameter in the config.ini to the password used in the Keytool command, and enable the KEY_STORE_LOCATION parameter and set it to point to the correct path for all Fabric nodes:
sed -i "s@#KEY_STORE_LOCATION=.*@KEY_STORE_LOCATION=$K2_HOME/.keystore/fabric.keystore@" $K2_HOME/config/config.ini
sed -i 's@#KEY_STORE_PASSWORD=.*@KEY_STORE_PASSWORD= <password>@' $K2_HOME/config/config.ini

Restart Fabric Nodes

  • Restart all Fabric nodes.

Previous

Master Key Protection with KeyStore

Generate Master Key Without KeyStore

Set the MASTERKEY_KEY_STORE_ENABLED parameter of the config.ini file to false (default) to generate a master key without a KeyStore.

Generate Master Key Using KeyStore

Set the MASTERKEY_KEY_STORE_ENABLED parameter of the config.ini file to true.

Create KeyStore Directory

After adding the encryption module to the fabric-server-start.sh module, create the Keystore folder under the k2view home directory for all nodes:

cd $K2_HOME
mkdir .keystore

Run the keytool

Run the keytool command on the coordinator node:

keytool -genseckey -alias masterkey_key_name -keyalg aes -keysize 256 -storepass <password> -keystore  $K2_HOME/.keystore/fabric.keystore -storetype PKCS12
  • Copy the key to all other nodes:
scp $K2_HOME/.keystore/fabric.keystore fabric@10.10.10.10:/$K2_HOME/.keystore/

Edit Config.ini Script

  • Edit the KEY_STORE_PASSWORD parameter in the config.ini to the password used in the Keytool command, and enable the KEY_STORE_LOCATION parameter and set it to point to the correct path for all Fabric nodes:
sed -i "s@#KEY_STORE_LOCATION=.*@KEY_STORE_LOCATION=$K2_HOME/.keystore/fabric.keystore@" $K2_HOME/config/config.ini
sed -i 's@#KEY_STORE_PASSWORD=.*@KEY_STORE_PASSWORD= <password>@' $K2_HOME/config/config.ini

Restart Fabric Nodes

  • Restart all Fabric nodes.

Previous