I am trying to integrate softHSM with Hyperledger Fabric. I have followed the below steps:
I have cloned the repo from this link https://github.com/hyperledger/fabric-ca (main-branch)
Executed the below 3 commands from the above directory. After execution, I got the new binary and the new Fabric-CA image.
make fabric-ca-server GO_TAGS=pkcs11
make fabric-ca-client GO_TAGS=pkcs11
make docker GO_TAGS=pkcs11
I have replaced the old binary(fabric-ca-client and fabric-ca-server)
I am trying to spin up the Fabric-CA in the docker container and passing the environment variables as per the official documentation.
ORG1_RCA:
image: hyperledger/fabric-ca:1.5.1 container_name: ORG1_RCA environment: - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server - FABRIC_CA_SERVER_CA_NAME=ORG1_RCA - FABRIC_CA_SERVER_TLS_ENABLED=true - FABRIC_CA_SERVER_PORT=7054 - FABRIC_CA_SERVER_BCCSP_DEFAULT=PKCS11 - FABRIC_CA_SERVER_BCCSP_PKCS11_LIBRARY=/etc/hyperledger/fabric/libsofthsm2.so - FABRIC_CA_SERVER_BCCSP_PKCS11_PIN= - FABRIC_CA_SERVER_BCCSP_PKCS11_LABEL= ports: - 7054:7054 command: sh -c 'fabric-ca-server start -b admin:adminpw -d' environment: - SOFTHSM2_CONF=/etc/hyperledger/fabric/config.file volumes: - ./fabric-ca/verizon:/etc/hyperledger/fabric-ca-server - /home/softhsm/config.file:/etc/hyperledger/fabric/config.file - /usr/local/lib/softhsm/libsofthsm2.so:/etc/hyperledger/fabric/libsofthsm2.so networks: - contract
I am not providing the PIN and label for security purposes.When I am running this container, the private keys are still getting saved into the msp/keystore folder instead of HSM.