If we see the crypto-config folder in basic-network of fabric-sample, we have various certificate materials with various types:
└── example.com
├── ca
│ ├── 0d46ccf0e9436c1bc3b6e2bf80cdb202c4943604f95c72ee0ff839d3ec300719_sk
│ └── ca.example.com-cert.pem
├── msp
│ ├── admincerts
│ │ └── Admin@example.com-cert.pem
│ ├── cacerts
│ │ └── ca.example.com-cert.pem
│ └── tlscacerts
│ └── tlsca.example.com-cert.pem
├── orderers
│ └── orderer.example.com
│ ├── msp
│ │ ├── admincerts
│ │ │ └── Admin@example.com-cert.pem
│ │ ├── cacerts
│ │ │ └── ca.example.com-cert.pem
│ │ ├── keystore
│ │ │ └── 2fb065725bf1b7e2811c0e8ca8d37f5a951fc4cd1162a47aad8accf9ddd10291_sk
│ │ ├── signcerts
│ │ │ └── orderer.example.com-cert.pem
│ │ └── tlscacerts
│ │ └── tlsca.example.com-cert.pem
│ └── tls
│ ├── ca.crt
│ ├── server.crt
│ └── server.key
├── tlsca
│ ├── 6a211ed18880b4db3867831c977809902713b8e321a5ab55ecc104dafc2eec49_sk
│ └── tlsca.example.com-cert.pem
└── users
└── Admin@example.com
├── msp
│ ├── admincerts
│ │ └── Admin@example.com-cert.pem
│ ├── cacerts
│ │ └── ca.example.com-cert.pem
│ ├── keystore
│ │ └── db670eed8487a93c35ae448b9f84c2f241a7a8c87df0544fc1dc08baf7832aa0_sk
│ ├── signcerts
│ │ └── Admin@example.com-cert.pem
│ └── tlscacerts
│ └── tlsca.example.com-cert.pem
└── tls
├── ca.crt
├── server.crt
└── server.key
Can anyone explain why there are so too many of these files why are some of these files duplicated(such as ca.example.com-cert.pem have many copies) and there purpose.
What are .pem files used for?
What are .crt files used for?
What are .key files used for?
What are ** ...._sk** files used for?
And why the fabcar example manage it only by using 3 files.??
fabcar/creds
├── 5890f0061619c06fb29dea8cb304edecc020fe63f41a6db109f1e227cc1cb2a8-priv
├── 5890f0061619c06fb29dea8cb304edecc020fe63f41a6db109f1e227cc1cb2a8-pub
└── PeerAdmin
Thanks for your help
Each Organization requires a unique root certificate (ca-cert), that binds specific components (peers and orderers) to that organization.
Transactions and communications within Fabric are signed by an entity's private key (keystore), and then verified by means of a public key (signcerts).
As different organization also required to communicate or share their ledger so there is need of CA or MSP on organization level. Within each organization we can have multiple peers so we need certification for these peers too. Even peers from different organizations can join each other so signcerts(for authenticating) and TLScerts(for a secure handshake).
To have a look how these are generate i suggest you to Manually generate the artifacts
http://hyperledger-fabric.readthedocs.io/en/latest/build_network.html
and see the different certs in the folders inside as you created them.
These are keys used by fabcar to generate the above mentioned certificates.
来源:https://stackoverflow.com/questions/47157865/hyperledger-fabric-crypto-materials