package msp

Get desktop application:
View/edit binary Protocol Buffers messages

FabricCryptoConfig contains configuration parameters for the cryptographic algorithms used by the MSP this configuration refers to

Used in: FabricMSPConfig

string signature_hash_family = 1
SignatureHashFamily is a string representing the hash family to be used during sign and verify operations. Allowed values are "SHA2" and "SHA3".
string identity_identifier_hash_function = 2
IdentityIdentifierHashFunction is a string representing the hash function to be used during the computation of the identity identifier of an MSP identity. Allowed values are "SHA256", "SHA384" and "SHA3_256", "SHA3_384".

FabricMSPConfig collects all the configuration information for a Fabric MSP. Here we assume a default certificate validation policy, where any certificate signed by any of the listed rootCA certs would be considered as valid under this MSP. This MSP may or may not come with a signing identity. If it does, it can also issue signing identities. If it does not, it can only be used to validate and verify certificates.

Used in: discovery.ConfigResult

string name = 1
Name holds the identifier of the MSP; MSP identifier is chosen by the application that governs this MSP. For example, and assuming the default implementation of MSP, that is X.509-based and considers a single Issuer, this can refer to the Subject OU field or the Issuer OU field.
repeated bytes root_certs = 2
List of root certificates trusted by this MSP they are used upon certificate validation (see comment for IntermediateCerts below)
repeated bytes intermediate_certs = 3
List of intermediate certificates trusted by this MSP; they are used upon certificate validation as follows: validation attempts to build a path from the certificate to be validated (which is at one end of the path) and one of the certs in the RootCerts field (which is at the other end of the path). If the path is longer than 2, certificates in the middle are searched within the IntermediateCerts pool
repeated bytes admins = 4
Identity denoting the administrator of this MSP
repeated bytes revocation_list = 5
Identity revocation list
optional SigningIdentityInfo signing_identity = 6
SigningIdentity holds information on the signing identity this peer is to use, and which is to be imported by the MSP defined before
repeated FabricOUIdentifier organizational_unit_identifiers = 7
OrganizationalUnitIdentifiers holds one or more fabric organizational unit identifiers that belong to this MSP configuration
optional FabricCryptoConfig crypto_config = 8
FabricCryptoConfig contains the configuration parameters for the cryptographic algorithms used by this MSP
repeated bytes tls_root_certs = 9
List of TLS root certificates trusted by this MSP. They are returned by GetTLSRootCerts.
repeated bytes tls_intermediate_certs = 10
List of TLS intermediate certificates trusted by this MSP; They are returned by GetTLSIntermediateCerts.
optional FabricNodeOUs fabric_node_ous = 11
fabric_node_ous contains the configuration to distinguish clients from peers from orderers based on the OUs.

FabricNodeOUs contains configuration to tell apart clients from peers from orderers based on OUs. If NodeOUs recognition is enabled then an msp identity that does not contain any of the specified OU will be considered invalid.

Used in: FabricMSPConfig

bool enable = 1
If true then an msp identity that does not contain any of the specified OU will be considered invalid.
optional FabricOUIdentifier client_ou_identifier = 2
OU Identifier of the clients
optional FabricOUIdentifier peer_ou_identifier = 3
OU Identifier of the peers
optional FabricOUIdentifier admin_ou_identifier = 4
OU Identifier of the admins
optional FabricOUIdentifier orderer_ou_identifier = 5
OU Identifier of the orderers

FabricOUIdentifier represents an organizational unit and its related chain of trust identifier.

Used in: FabricMSPConfig, FabricNodeOUs

bytes certificate = 1
Certificate represents the second certificate in a certification chain. (Notice that the first certificate in a certification chain is supposed to be the certificate of an identity). It must correspond to the certificate of root or intermediate CA recognized by the MSP this message belongs to. Starting from this certificate, a certification chain is computed and bound to the OrganizationUnitIdentifier specified
string organizational_unit_identifier = 2
OrganizationUnitIdentifier defines the organizational unit under the MSP identified with MSPIdentifier

IdemixMSPConfig collects all the configuration information for an Idemix MSP.

string name = 1
Name holds the identifier of the MSP
bytes ipk = 2
ipk represents the (serialized) issuer public key
optional IdemixMSPSignerConfig signer = 3
signer may contain crypto material to configure a default signer
bytes revocation_pk = 4
revocation_pk is the public key used for revocation of credentials
int64 epoch = 5
epoch represents the current epoch (time interval) used for revocation

IdemixMSPSIgnerConfig contains the crypto material to set up an idemix signing identity

Used in: IdemixMSPConfig

bytes cred = 1
cred represents the serialized idemix credential of the default signer
bytes sk = 2
sk is the secret key of the default signer, corresponding to credential Cred
string organizational_unit_identifier = 3
organizational_unit_identifier defines the organizational unit the default signer is in
int32 role = 4
role defines whether the default signer is admin, peer, member or client
string enrollment_id = 5
enrollment_id contains the enrollment id of this signer
bytes credential_revocation_information = 6
credential_revocation_information contains a serialized CredentialRevocationInformation

KeyInfo represents a (secret) key that is either already stored in the bccsp/keystore or key material to be imported to the bccsp key-store. In later versions it may contain also a keystore identifier

Used in: SigningIdentityInfo

string key_identifier = 1
Identifier of the key inside the default keystore; this for the case of Software BCCSP as well as the HSM BCCSP would be the SKI of the key
bytes key_material = 2
KeyMaterial (optional) for the key to be imported; this is properly encoded key bytes, prefixed by the type of the key

MSPConfig collects all the configuration information for an MSP. The Config field should be unmarshalled in a way that depends on the Type

int32 type = 1
Type holds the type of the MSP; the default one would be of type FABRIC implementing an X.509 based provider
bytes config = 2
Config is MSP dependent configuration info

This struct represents an Idemix Identity to be used to serialize it and deserialize it. The IdemixMSP will first serialize an idemix identity to bytes using this proto, and then uses these bytes as id_bytes in SerializedIdentity

bytes nym_x = 1
nym_x is the X-component of the pseudonym elliptic curve point. It is a []byte representation of an amcl.BIG The pseudonym can be seen as a public key of the identity, it is used to verify signatures.
bytes nym_y = 2
nym_y is the Y-component of the pseudonym elliptic curve point. It is a []byte representation of an amcl.BIG The pseudonym can be seen as a public key of the identity, it is used to verify signatures.
bytes ou = 3
ou contains the organizational unit of the idemix identity
bytes role = 4
role contains the role of this identity (e.g., ADMIN or MEMBER)
bytes proof = 5
proof contains the cryptographic evidence that this identity is valid

This struct represents an Identity (with its MSP identifier) to be used to serialize it and deserialize it

string mspid = 1
The identifier of the associated membership service provider
bytes id_bytes = 2
the Identity, serialized according to the rules of its MPS

SigningIdentityInfo represents the configuration information related to the signing identity the peer is to use for generating endorsements

Used in: FabricMSPConfig

bytes public_signer = 1
PublicSigner carries the public information of the signing identity. For an X.509 provider this would be represented by an X.509 certificate
optional KeyInfo private_signer = 2
PrivateSigner denotes a reference to the private key of the peer's signing identity

package msp

message FabricCryptoConfig

string signature_hash_family = 1

string identity_identifier_hash_function = 2

message FabricMSPConfig

string name = 1

repeated bytes root_certs = 2

repeated bytes intermediate_certs = 3

repeated bytes admins = 4

repeated bytes revocation_list = 5

optional SigningIdentityInfo signing_identity = 6

repeated FabricOUIdentifier organizational_unit_identifiers = 7

optional FabricCryptoConfig crypto_config = 8

repeated bytes tls_root_certs = 9

repeated bytes tls_intermediate_certs = 10

optional FabricNodeOUs fabric_node_ous = 11

message FabricNodeOUs

bool enable = 1

optional FabricOUIdentifier client_ou_identifier = 2

optional FabricOUIdentifier peer_ou_identifier = 3

optional FabricOUIdentifier admin_ou_identifier = 4

optional FabricOUIdentifier orderer_ou_identifier = 5

message FabricOUIdentifier

bytes certificate = 1

string organizational_unit_identifier = 2

message IdemixMSPConfig

string name = 1

bytes ipk = 2

optional IdemixMSPSignerConfig signer = 3

bytes revocation_pk = 4

int64 epoch = 5

message IdemixMSPSignerConfig

bytes cred = 1

bytes sk = 2

string organizational_unit_identifier = 3

int32 role = 4

string enrollment_id = 5

bytes credential_revocation_information = 6

message KeyInfo

string key_identifier = 1

bytes key_material = 2

message MSPConfig

int32 type = 1

bytes config = 2

message SerializedIdemixIdentity

bytes nym_x = 1

bytes nym_y = 2

bytes ou = 3

bytes role = 4

bytes proof = 5

message SerializedIdentity

string mspid = 1

bytes id_bytes = 2

message SigningIdentityInfo

bytes public_signer = 1

optional KeyInfo private_signer = 2