Skip to content

FISCO-BCOS/key-manager

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

66 Commits

cmake

cmake

 
 

docs/imgs

docs/imgs

 
 

libutils

libutils

 
 

scripts

scripts

 
 

.clang-format

.clang-format

 
 

.gitignore

.gitignore

 
 

CMakeLists.txt

CMakeLists.txt

 
 

Changelog.md

Changelog.md

 
 

KeyManager.cpp

KeyManager.cpp

 
 

KeyManager.h

KeyManager.h

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

kcconfig.ini

kcconfig.ini

 
 

release_note.txt

release_note.txt

 
 

Repository files navigation

Key Manager

Manage data encryption keys for FISCO BCOS nodes.

Description

In FISCO BCOS, each agency should run its own key manager service. The key manager is deployed in the internal network to manage its data encryption keys.

In disk encryption. The following figure shows how the key manager manages encryption data keys.

Each node has their own dataKey and use dataKey to communicate with its encrypted space. A node does not manage its dataKey. It only has its cipherDataKey. cipherDatakey is the ciphertext of datakeyencrypted by superKey. When the node is booting, it sends cipherDataKey to key manager, and key manager decrypts the cipherDataKey using superKey and return dataKey to the node. The node stores dataKey in memory and drop it after the node is shut down.

How to use

Install dependency package

# In Centos
sudo yum install procps-ng-devel
sudo yum install curl-devel
# In ubuntu
sudo apt-get install libprocps-dev curl libcurl4-openssl-dev
# In ArchLinux
sudo pacman -S procps-ng

Build

git clone https://github.com/FISCO-BCOS/key-manager.git
cd key-manager && mkdir build && cd build

# For Centos
cmake3 .. # Notice: There are ".." behind. 
# cmake3 .. -DBUILD_GM=On  #When building "guomi" key-manager

# For ubuntu
cmake .. # Notice: There are ".." behind. 
# cmake .. -DBUILD_GM=On  #When building "guomi" key-manager

make
#The execution: "key-manager" generated.

Start

./key-manager 8150 123xyz # key-manager <port> <superkeyString>
./key-manager 8150 123xyz -g # key-manager <port> <superkeyString> <guomi version>

Check

Print info when successfully started.

[1545471609499] [TRACE][Load]key-manager started,port=8150

In disk encryption

Use key-manager in disk encryption.

Developing & Contributing

Community

By the end of 2018, Financial Blockchain Shenzhen Consortium (FISCO) has attracted and admitted more than 100 members from 6 sectors including banking, fund management, securities brokerage, insurance, regional equity exchanges, and financial information service companies. The first members include the following organizations: Beyondsoft, Huawei, Shenzhen Securities Communications, Digital China, Forms Syntron, Tencent, WeBank, Yuexiu FinTech.

  • Join our WeChat Scan and Scan

  • Discuss in Gitter

  • Read news by

  • Mail us at

License

All contributions are made under the GNU General Public License v3. See LICENSE.

About

Key manager for FISCO BCOS

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

19 stars

Watchers

11 watching

Forks

13 forks
Report repository

Releases 2

key-manager v3.0.0-rc4 Latest
May 13, 2024
+ 1 release

Packages

No packages published

Contributors 8

Languages