Manage data encryption keys for FISCO BCOS nodes.
In FISCO BCOS, each agency should run its own key manager service. The key manager is deployed in the internal network to manage its data encryption keys.
In disk encryption. The following figure shows how the key manager manages encryption data keys.
Each node has their own dataKey
and use dataKey
to communicate with its encrypted space. A node does not manage its dataKey
. It only has its cipherDataKey
. cipherDatakey
is the ciphertext of datakey
encrypted by superKey
. When the node is booting, it sends cipherDataKey
to key manager, and key manager decrypts the cipherDataKey
using superKey
and return dataKey
to the node. The node stores dataKey
in memory and drop it after the node is shut down.
# In Centos
sudo yum install procps-ng-devel
sudo yum install curl-devel
# In ubuntu
sudo apt-get install libprocps-dev curl libcurl4-openssl-dev
# In ArchLinux
sudo pacman -S procps-ng
git clone https://github.com/FISCO-BCOS/key-manager.git
cd key-manager && mkdir build && cd build
# For Centos
cmake3 .. # Notice: There are ".." behind.
# cmake3 .. -DBUILD_GM=On #When building "guomi" key-manager
# For ubuntu
cmake .. # Notice: There are ".." behind.
# cmake .. -DBUILD_GM=On #When building "guomi" key-manager
make
#The execution: "key-manager" generated.
./key-manager 8150 123xyz # key-manager <port> <superkeyString>
./key-manager 8150 123xyz -g # key-manager <port> <superkeyString> <guomi version>
Print info when successfully started.
[1545471609499] [TRACE][Load]key-manager started,port=8150
Use key-manager in disk encryption.
- Star our Github.
- Pull requests. See CONTRIBUTING.
- Ask questions.
- Discuss in WeChat group or Gitter.
By the end of 2018, Financial Blockchain Shenzhen Consortium (FISCO) has attracted and admitted more than 100 members from 6 sectors including banking, fund management, securities brokerage, insurance, regional equity exchanges, and financial information service companies. The first members include the following organizations: Beyondsoft, Huawei, Shenzhen Securities Communications, Digital China, Forms Syntron, Tencent, WeBank, Yuexiu FinTech.
All contributions are made under the GNU General Public License v3. See LICENSE.