We are developing CBDC (Central bank digital currency). We have two requirements:
The question is how to process a transaction (chaincode) or smart contract without sending user's private key to bank app. User must sign some message with his private key. After that bank's app must use this signed message and create a transaction in hyperledger fabric.
There is an example how to do this: https://hyperledger.github.io/fabric-sdk-node/release-2.2/tutorial-sign-transaction-offline.html
But the example uses 'fabric-common' and 'fabric-ca-client' libraries which are deprected: https://www.npmjs.com/package/fabric-ca-client and are replaced by '@hyperledger/fabric-gateway'.
The question is is it still possible to sign transaction offline by private key, send it to bank, where bank app will process it in hyperledger fabric using fabric-gateway.
Yes, off-line signing can be used with the Fabric Gateway client API. This would typically be used to have an end user sign messages using their local, private credentials while interacting with Fabric through an intermediary application. The documentation describes this pattern as "off-line signing". The API document for Contract contains a brief description of the flow and API calls required:
Note that the user will need to supply their (public) certificate to be used when constructing messages, but can do off-line signing of those messages locally using their private key. The hash implementation used is also dictated by the behaviour of the signing implementation. By default a SHA-256 hash is used, which means the message digests will be a SHA-256 hash of the actual message content. This can be used by a signing implementation that can generate a signature from a message digest. If the signing implementation requires the complete message bytes (in other words, it generates the digest as part of the signing process), you should use a none hash implementation that just returns the supplied message. This means that the digest value you get back for a message (proposal, transaction or commit) is actually the complete message bytes instead of a hash of the message.
As background information, this overview of the transaction flow between client application and Fabric network might help visualise the messages that need to be signed as part of the transaction flow: