3 Star 6 Fork 7

Gitee 极速下载/Hyperledger fabric

加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
此仓库是为了提升国内下载速度的镜像仓库,每日同步一次。 原始仓库: https://github.com/hyperledger/fabric
idemixca.go 3.33 KB
一键复制 编辑 原始数据 按行查看 历史
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
package idemixca
import (
m "github.com/hyperledger/fabric/protos/msp"
// GenerateIssuerKey invokes Idemix library to generate an issuer (CA) signing key pair.
// Currently four attributes are supported by the issuer:
// AttributeNameOU is the organization unit name
// AttributeNameRole is the role (member or admin) name
// AttributeNameEnrollmentId is the enrollment id
// AttributeNameRevocationHandle contains the revocation handle, which can be used to revoke this user
// Generated keys are serialized to bytes.
func GenerateIssuerKey() ([]byte, []byte, error) {
rng, err := idemix.GetRand()
if err != nil {
return nil, nil, err
AttributeNames := []string{msp.AttributeNameOU, msp.AttributeNameRole, msp.AttributeNameEnrollmentId, msp.AttributeNameRevocationHandle}
key, err := idemix.NewIssuerKey(AttributeNames, rng)
if err != nil {
return nil, nil, errors.WithMessage(err, "cannot generate CA key")
ipkSerialized, err := proto.Marshal(key.Ipk)
return key.Isk, ipkSerialized, err
// GenerateSignerConfig creates a new signer config.
// It generates a fresh user secret and issues a credential
// with four attributes (described above) using the CA's key pair.
func GenerateSignerConfig(roleMask int, ouString string, enrollmentId string, revocationHandle int, key *idemix.IssuerKey, revKey *ecdsa.PrivateKey) ([]byte, error) {
attrs := make([]*FP256BN.BIG, 4)
if ouString == "" {
return nil, errors.Errorf("the OU attribute value is empty")
if enrollmentId == "" {
return nil, errors.Errorf("the enrollment id value is empty")
attrs[msp.AttributeIndexOU] = idemix.HashModOrder([]byte(ouString))
attrs[msp.AttributeIndexRole] = FP256BN.NewBIGint(roleMask)
attrs[msp.AttributeIndexEnrollmentId] = idemix.HashModOrder([]byte(enrollmentId))
attrs[msp.AttributeIndexRevocationHandle] = FP256BN.NewBIGint(revocationHandle)
rng, err := idemix.GetRand()
if err != nil {
return nil, errors.WithMessage(err, "Error getting PRNG")
sk := idemix.RandModOrder(rng)
ni := idemix.BigToBytes(idemix.RandModOrder(rng))
msg := idemix.NewCredRequest(sk, ni, key.Ipk, rng)
cred, err := idemix.NewCredential(key, msg, attrs, rng)
if err != nil {
return nil, errors.WithMessage(err, "failed to generate a credential")
credBytes, err := proto.Marshal(cred)
if err != nil {
return nil, errors.WithMessage(err, "failed to marshal credential")
// NOTE currently, idemixca creates CRI's with "ALG_NO_REVOCATION"
cri, err := idemix.CreateCRI(revKey, []*FP256BN.BIG{FP256BN.NewBIGint(revocationHandle)}, 0, idemix.ALG_NO_REVOCATION, rng)
if err != nil {
return nil, err
criBytes, err := proto.Marshal(cri)
if err != nil {
return nil, errors.WithMessage(err, "failed to marshal CRI")
signer := &m.IdemixMSPSignerConfig{
Cred: credBytes,
Sk: idemix.BigToBytes(sk),
OrganizationalUnitIdentifier: ouString,
Role: int32(roleMask),
EnrollmentId: enrollmentId,
CredentialRevocationInformation: criBytes,
return proto.Marshal(signer)
马建仓 AI 助手
Hyperledger fabric
