This document describes the usage for the idemixgen
utility, which can be
used to create configuration files for the identity mixer based MSP.
Two commands are available, one for creating a fresh CA key pair, and one
for creating an MSP config using a previously generated CA key.
The idemixgen
tool will create directories with the following structure:
- /ca/
IssuerSecretKey
IssuerPublicKey
RevocationKey
- /msp/
IssuerPublicKey
RevocationPublicKey
- /user/
SignerConfig
The ca
directory contains the issuer secret key (including the revocation key) and should only be present
for a CA. The msp
directory contains the information required to set up an
MSP verifying idemix signatures. The user
directory specifies a default
signer.
CA (issuer) keys suitable for identity mixer can be created using command
idemixgen ca-keygen
. This will create directories ca
and msp
in the
working directory.
After generating the ca
and msp
directories with
idemixgen ca-keygen
, a default signer specified in the user
directory
can be added to the config with idemixgen signerconfig
.
$ idemixgen signerconfig -h
usage: idemixgen signerconfig [<flags>]
Generate a default signer for this Idemix MSP
Flags:
-h, --help Show context-sensitive help (also try --help-long and --help-man).
-u, --org-unit=ORG-UNIT The Organizational Unit of the default signer
-a, --admin Make the default signer admin
-e, --enrollment-id=ENROLLMENT-ID
The enrollment id of the default signer
-r, --revocation-handle=REVOCATION-HANDLE
The handle used to revoke this signer
For example, we can create a default signer that is a member of organizational unit "OrgUnit1", with enrollment identity "johndoe", revocation handle "1234", and that is an admin, with the following command:
idemixgen signerconfig -u OrgUnit1 --admin -e "johndoe" -r 1234