Master Key Protection with KeyStore
Generate Master Key Without KeyStore
Set the MASTERKEY_KEY_STORE_ENABLED parameter of the config.ini file to false (default) to generate a master key without a KeyStore.
Generate Master Key Using KeyStore
Set the MASTERKEY_KEY_STORE_ENABLED parameter of the config.ini file to true.
Create KeyStore Directory
After adding the encryption module to the fabric-server-start.sh module, create the Keystore folder under the k2view home directory for all nodes:
cd $K2_HOME
mkdir .keystore
Run the keytool
Run the keytool command on the coordinator node:
keytool -genseckey -alias masterkey_key_name -keyalg aes -keysize 256 -storepass <password> -keystore $K2_HOME/.keystore/fabric.keystore -storetype PKCS12
- Copy the key to all other nodes:
scp $K2_HOME/.keystore/fabric.keystore fabric@10.10.10.10:/$K2_HOME/.keystore/
Edit Config.ini Script
- Edit the KEY_STORE_PASSWORD parameter in the config.ini to the password used in the Keytool command, and enable the KEY_STORE_LOCATION parameter and set it to point to the correct path for all Fabric nodes:
sed -i "s@#KEY_STORE_LOCATION=.*@KEY_STORE_LOCATION=$K2_HOME/.keystore/fabric.keystore@" $K2_HOME/config/config.ini
sed -i 's@#KEY_STORE_PASSWORD=.*@KEY_STORE_PASSWORD= <password>@' $K2_HOME/config/config.ini
Restart Fabric Nodes
- Restart all Fabric nodes.
Master Key Protection with KeyStore
Generate Master Key Without KeyStore
Set the MASTERKEY_KEY_STORE_ENABLED parameter of the config.ini file to false (default) to generate a master key without a KeyStore.
Generate Master Key Using KeyStore
Set the MASTERKEY_KEY_STORE_ENABLED parameter of the config.ini file to true.
Create KeyStore Directory
After adding the encryption module to the fabric-server-start.sh module, create the Keystore folder under the k2view home directory for all nodes:
cd $K2_HOME
mkdir .keystore
Run the keytool
Run the keytool command on the coordinator node:
keytool -genseckey -alias masterkey_key_name -keyalg aes -keysize 256 -storepass <password> -keystore $K2_HOME/.keystore/fabric.keystore -storetype PKCS12
- Copy the key to all other nodes:
scp $K2_HOME/.keystore/fabric.keystore fabric@10.10.10.10:/$K2_HOME/.keystore/
Edit Config.ini Script
- Edit the KEY_STORE_PASSWORD parameter in the config.ini to the password used in the Keytool command, and enable the KEY_STORE_LOCATION parameter and set it to point to the correct path for all Fabric nodes:
sed -i "s@#KEY_STORE_LOCATION=.*@KEY_STORE_LOCATION=$K2_HOME/.keystore/fabric.keystore@" $K2_HOME/config/config.ini
sed -i 's@#KEY_STORE_PASSWORD=.*@KEY_STORE_PASSWORD= <password>@' $K2_HOME/config/config.ini
Restart Fabric Nodes
- Restart all Fabric nodes.
