0

I recently started learning hyperledger fabric, I'm working on a simple private blockchain for managing digital data, this data would be encrypted with user public key and can only be decrypted with the user private key, so my question is, is there a way to get user private and public key in hyperledger fabric for data encryption purposes

dejavu
  • 13
  • 6

2 Answers2

0

yes, fabric uses public-key infrastructure. Every transaction in the fabric is signed by the user's private key. And at chaincode level, you can get the public key of the user from its E-certs.

More about Identity from fabric docs https://hyperledger-fabric.readthedocs.io/en/release-2.0/identity/identity.html

CID golang package to get E-cert at chaincode level https://github.com/hyperledger/fabric-chaincode-go/tree/master/pkg/cid

Kartik Chauhan
  • 2,779
  • 5
  • 28
  • 39
Pritam Singh
  • 24
  • 1
  • 6
  • Hey, Pritam. I tried getting the keys manually myself from the wallet, which I think it's wrong, even though it works but I got to understand that the keys are not RSA because I was trying to use node-RSA to encrypt the data using the key I got from the user Wallet. but kekomal made a really nice point, I will try that out and give you guys feedback – dejavu Apr 06 '20 at 12:23
  • Elliptic Curve is used, so you cannot use RSA . you check more about certs from this [site](https://certlogik.com/decoder/) copy/paste cert from signcert. – Pritam Singh Apr 07 '20 at 05:06
0

Although MSP ECDSA keys are used to sign, you can use them to encrypt via ECDH. Basically you can derive the same shared secret from public key A and private key B as from public key B and private key A, so that you use that shared secret as a symmetric AES key to encrypt.

An example with openssl: https://jameshfisher.com/2017/04/14/openssl-ecc/. You don't need to create the key pairs as you already have them. You can implement it in javascript with elliptic and crypto libraries.

You manage your own private and public keys (in your client's wallet after enrolling), but you have to arrange your reliable way to distribute the other's public key. You can easily verify that public key if it is embedded in a valid certificate, but the way to distribute it is in your hand.

kekomal
  • 2,179
  • 11
  • 12
  • Thanks kekomal, i will try this out – dejavu Apr 06 '20 at 12:18
  • You are welcome. Apart from ECDH, you have also ECIES encryption schema that depends only in the other's public key, but I have not tested it in nodejs with Fabric's P-256 curve. – kekomal Apr 06 '20 at 12:23
  • Check out this https://stackoverflow.com/questions/45134946/can-i-use-the-public-private-key-generated-by-the-msp-in-hyperledger-fabric-v1-0, I'm currently facing this issue too, I tried using `elliptic` library, I can't use node-RSA because it's not supported yet – dejavu Apr 06 '20 at 14:09
  • That is why I have told you to use ECDH (Elliptic Curve Diffie Hellman) to encrypt. Your error is trying to use node-RSA with ECDSA keys, which I haven't told you. Use `elliptic` and `crypto`. And `jsrsasign` to "play" with your keys. – kekomal Apr 06 '20 at 14:25
  • Read the identity from your wallet. Use `jsrsasign` to extract the keys from your identity, Use `elliptic`'s 'p256' curve to derive your shared secret and use `crypto` to encrypt with the derived shared secret. – kekomal Apr 06 '20 at 14:32