70 lines
2.4 KiB
ReStructuredText
70 lines
2.4 KiB
ReStructuredText
Identity Mixer MSP configuration generator (idemixgen)
|
|
======================================================
|
|
|
|
This document describes the usage for the ``idemixgen`` utility, which can be
|
|
used to create configuration files for the identity mixer based MSP.
|
|
Two commands are available, one for creating a fresh CA key pair, and one
|
|
for creating an MSP config using a previously generated CA key.
|
|
|
|
Directory Structure
|
|
-------------------
|
|
|
|
The ``idemixgen`` tool will create directories with the following structure:
|
|
|
|
.. code:: bash
|
|
|
|
- /ca/
|
|
IssuerSecretKey
|
|
IssuerPublicKey
|
|
RevocationKey
|
|
- /msp/
|
|
IssuerPublicKey
|
|
RevocationPublicKey
|
|
- /user/
|
|
SignerConfig
|
|
|
|
The ``ca`` directory contains the issuer secret key (including the revocation key) and should only be present
|
|
for a CA. The ``msp`` directory contains the information required to set up an
|
|
MSP verifying idemix signatures. The ``user`` directory specifies a default
|
|
signer.
|
|
|
|
CA Key Generation
|
|
-----------------
|
|
|
|
CA (issuer) keys suitable for identity mixer can be created using command
|
|
``idemixgen ca-keygen``. This will create directories ``ca`` and ``msp`` in the
|
|
working directory.
|
|
|
|
Adding a Default Signer
|
|
-----------------------
|
|
After generating the ``ca`` and ``msp`` directories with
|
|
``idemixgen ca-keygen``, a default signer specified in the ``user`` directory
|
|
can be added to the config with ``idemixgen signerconfig``.
|
|
|
|
.. code:: bash
|
|
|
|
$ idemixgen signerconfig -h
|
|
usage: idemixgen signerconfig [<flags>]
|
|
|
|
Generate a default signer for this Idemix MSP
|
|
|
|
Flags:
|
|
-h, --help Show context-sensitive help (also try --help-long and --help-man).
|
|
-u, --org-unit=ORG-UNIT The Organizational Unit of the default signer
|
|
-a, --admin Make the default signer admin
|
|
-e, --enrollment-id=ENROLLMENT-ID
|
|
The enrollment id of the default signer
|
|
-r, --revocation-handle=REVOCATION-HANDLE
|
|
The handle used to revoke this signer
|
|
|
|
For example, we can create a default signer that is a member of organizational
|
|
unit "OrgUnit1", with enrollment identity "johndoe", revocation handle "1234",
|
|
and that is an admin, with the following command:
|
|
|
|
.. code:: bash
|
|
|
|
idemixgen signerconfig -u OrgUnit1 --admin -e "johndoe" -r 1234
|
|
|
|
.. Licensed under Creative Commons Attribution 4.0 International License
|
|
https://creativecommons.org/licenses/by/4.0/
|