0

I am following the tutorials of hyperledger composer at composer playground. In defining a business network, at some point after starting fabric, a PeerAdminCard is created by 

./createPeerAdminCard.sh

After that it can be seen in the card name and when imported for a specific business network, it can be seen to what Business Network it has been assigned.

Based on my undestanding this peer is the admin of the network, and when you run composer-playground, this is what you see in ID Registry on top right which has access to everything (all participants, assets and transactions.) And it seems that this Admin (PeerAdminCard) can also issue other identities. If these assumption are correct (please correct me if I am wrong), the following questions rise for me:

1- Is it safe to have such a peer in network?

2- Doesn't it make things more centralized?

3- If it can add peers to the network, can't it save the secret key of the peers and later use that to impersonate that peer or just simply read the content of transactions which are made by that peer?

4- Regarding question number 3, are transactions made in a channel already encrypted so that only members of the channel can somehow decrypt them by their private key or if Admin adds itself to a channel at some point in time can simply read those transactions without difficulty?

I appreciate any help. Thank you in advance.

E. Erfan
  • 1,239
  • 19
  • 37

1 Answers1

0

A PeerAdmin is a user role with administrative privileges for the organization from which the certificate was generated. This role has the ability to add/remove peers, deploy chaincode, create and join channels, etc. on behalf of that organization. This section of the Hyperledger Fabric documentation may be of help in understanding.

To be clear, this is not a peer node, it is an identity. The peers themselves also have identity, but they don't have administrative rights, that identity is used to sign/endorse transaction proposals and to interact securely with other nodes/services in the network (via TLS).

In a multi-organization consortium, each organization would have its own administrator role, and hence the overall governance is decentralized.

1) yes

2) no

3) the samples leverage a cryptogen tool to generate certificates and the associated public and private keys for a network. This is purely provided as a means of simplifying the setup. It would not be used in a production context for the very reason you cite. Rather, more traditional approaches for interacting with a certificate authority (e.g. via the fabric-ca-client if the fabric-ca is being used) would be used and the private keys would only be accessible to the individual for which they were generated.

4) transactions in a channel are not encrypted by default. There is, however, a new encryption capability that can be leveraged in chaincode.

christo4ferris
  • 4,039
  • 1
  • 17
  • 30
  • Thank you for your answer. Based on the document you shared then is it correct to say that PeerAdmin is one of the administrators of MSP? And therefore its power is restricted by the defined policies? Also I didn't get exactly what you mean that PeerAdmin is an entity and not a peer. Do you mean that it is part of the network but doesn't participate in endorsement and therefore it is not a peer?Regarding question 3, I'm not sure if I understood corredtly. Would you please kindly explain how it is in production environment?If PeerAdmin is the administrator of MSP, it should always exist, right? – E. Erfan Apr 22 '18 at 14:46
  • Based on [MSP document](http://hyperledger-fabric.readthedocs.io/en/latest/membership/membership.html#msp-structure), there is a KeyStore for Private Key. As I understood then Administator of MSP has access to the issued private keys, right? But it is mentioned "... channel MSPs aim to offer solely identity validation functionalities, and not signing abilities." So does it mean despite the fact that Admin in MSP (PeerAdmin in composer) knows the private key, but since it is not a peer, as you mentioned it is just an identity, it cannot sign transactions? – E. Erfan Apr 22 '18 at 15:08
  • But still is there a way to prevent it even from reading the keys? – E. Erfan Apr 22 '18 at 15:08