I have an application in Hyperledger Fabric and I want to use the HSM to store my private keys, I don't see any problem using it for the identity key pairs but when it comes to the TLS key pair I have found the following problems:
In the peers there's the CORE_PEER_TLS_KEY_FILE config value I need to set for the TLS comunication to work properly.
In the orderers there's the ORDERER_GENERAL_TLS_PRIVATEKEY config value I need to set for the TLS comunication to work properly.
In the client creating the gateway I need to pass the private key to be able to stablish the TLS comunication using this code:
const gateway = new Gateway();
const ccpPath = path.resolve(this.ccpPath);
await gateway.connect(ccpPath, { wallet:this.wallet, identity: userId, discovery: { enabled: true, asLocalhost: this.asLocalhost } });
const client = gateway.getClient();
client.setTlsClientCertAndKey(identityTLS.certificate, identityTLS.privateKey);
So, for what I can see its not possible and I need to use like 2 different wallets to store the identity and the TLS certificates, am I missing something? or is it possible to have the TLS private keys also in the HSM?
Thanks!
It's not possible. The reason it's not possible is that the TLS stack in Fabric doesn't interface with BCCSP, which is the component that manages HSM in Fabric.
However, it is possible with some code changes. All that is needed is to connect the TLS stack to BCCSP and then it will be possible.