Skip to content

Commit

Permalink
merge readme from upstream
Browse files Browse the repository at this point in the history
  • Loading branch information
@chaychen2005
chaychen2005 committed Mar 18, 2019
2 parents 505a6ed + fba65d3 commit 3bbd373
Showing 1 changed file with 10 additions and 11 deletions.
21 changes: 10 additions & 11 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,31 +1,30 @@
# Key Manager

Manage keys for FISCO BCOS.
Manage data encryption keys for FISCO BCOS nodes.**The version only supports** [FISCO BCOS 2.0](https://fisco-bcos-documentation.readthedocs.io/zh_CN/release-2.0/docs/introduction.html).

## Description

In FISCO BCOS consortium chain framework, each organization has their own key manager. Organization use key manager to manage their keys. Key manager is deployed in organization's internal network. **The version only supports** [FISCO BCOS 2.0](https://fisco-bcos-documentation.readthedocs.io/zh_CN/release-2.0/docs/introduction.html).
In FISCO BCOS, each agency should run its own key manager service. The key manager is deployed in the internal network to manage its data encryption keys.


In **disk encryption**. This shows how key manager manages data key for nodes.
In **disk encryption**. The following figure shows how the key manager manages encryption data keys.

![](docs/imgs/framework.png)

Each node has their own ``` dataKey``` and use ``` dataKey``` to communicate with its encrypted space. Node does not manage its ``` dataKey```. It only has its ``` cipherDataKey```. ``` cipherDatakey``` is the cipher of ``` datakey ```encrypted by ``` superKey```. When node is booting, it sends ``` cipherDataKey``` to key manager, and key manager decrypts the ``` cipherDataKey``` using ``` superKey ``` and return ``` dataKey``` to node. Node manage ``` dataKey``` in memory and drop it after shutting down.
Each node has their own ``` dataKey``` and use ``` dataKey``` to communicate with its encrypted space. A node does not manage its ``` dataKey```. It only has its ``` cipherDataKey```. ``` cipherDatakey``` is the ciphertext of ``` datakey ```encrypted by ``` superKey```. When the node is booting, it sends ``` cipherDataKey``` to key manager, and key manager decrypts the ``` cipherDataKey``` using ``` superKey ``` and return ``` dataKey``` to the node. The node stores ``` dataKey``` in memory and drop it after the node is shut down.

## How to use

### Clone

``` shell
```shell
git clone https://github.com/FISCO-BCOS/key-manager.git
```

### Install package

Install

``` shell
```shell
# In Centos
sudo yum install procps-ng-devel
# In ubuntu
Expand All @@ -34,7 +33,7 @@ sudo apt-get install libprocps-dev

### Build

``` shell
```shell
cd key-manager
mkdir build
cd build
Expand All @@ -53,15 +52,15 @@ make

### Start

``` shell
./key-manager 31443 123xyz # key-manager <port> <superkey>
```shell
./key-manager 31443 123xyz # key-manager <port> <superkeyString>
```

### Check

Print info when successfully started.

``` log
```log
[1545471609499] [TRACE] key-manager stared. Port: 31443
```

Expand Down

0 comments on commit 3bbd373

Please sign in to comment.