making HyperLedger Blockchain …simple & my learning : June 2020

I am new to Hyperledger … I have written some Golden terms & statements which will teach HLD to all … Thanks ..keep learning ..its tough for newbies !!

1. Multiple Peer Nodes use a Single Channel (Private Ledger & SC’s)
2. Single Peer Node can use Multiple Channels
3. Consortium
4. Organization
5. Network
6. Ledger holds [List of Blocks]
7. World State
8. World state is queried & updated using Key-based lookups, range queries
9. Block holds [List of Transactions] Rows
10. Transaction Row of a Block holds [Tx ID, Date, Chaincode Name (Input params/Output results & R/W Data from World state, Initiator Name, Endorser Name, Tx Status]
11. Transactions consist of versions of key/value that are read & written by Chaincodes (from World State)
12. Peers validate Transactions against endorsement policies and enforce rules
13. Type of Transactions: some can do query or update or delete
14. Only Chaincode can update the Ledger and world state
15. Chaincode/Smart contracts: run business logic
16. Chaincode are functions, which accept Transaction as Parameter
17. Chaincode: Read from & Write into World state
18. Chaincode: installed on Peers & instantiated on Channels
19. Chaincode attributes: ID, Version, Path, Names of Peer Nodes (on which CC is installed, Names of Channels(on which CC is instantiated)
20. Chaincode runs on Secured & Isolated Containers (runtimes)
21. Chaincodes are available specific to a (Scope) Channel
22. Genesis Block
23. Transactions
24. Channel manages/runs Ledger(Blocks) & World State
25. A separate Ledger is maintained by a Channel
26. A Ledger exists in the Scope of a Channel
27. A Ledger in a Channel A cannot be accessed by Channel B or others
28. Channel’s Ledger contains a Configuration Block — defining Policies, ACL
29. Participants can connect to one or more Channels in a Network
30. Data can be encrypted before putting in a Channel
31. Each Peer keeps Copy of Ledger for their Channel of which they are a member
32. Channel has attributes [Ledger, Smart contracts, Peer Nodes]
33. MSP creates Digital identities for Peers and Users of the Org
34. Data access controls is governed on Whole Network and Channels, using Crypto Certs — PKI
35. Fabric CA is an implementation of the MSP
36. Fabric CA (MSP) registers & issues Digital Certs (X.509)
37. Fabric CA runs in a Docker container
38. Fabric CA stores Identity data & X.509 Certs in SQL Database
39. Commit Peer Nodes
40. Endorser Peer Nodes
41. Orderer Node
42. CA Node
43. Signature with Private Key
44. Verify Signature
45. Consensus Algorithms
46. Transaction & Endorsement flow
47. Gossip Protocol
48. Endorsement Policies
49. A peer in Network can hold more than one Ledgers, which can be governed by one or more Chaincodes
50. In Peer Node, we can have Ledger L2 can be accessed only by Chaincode C1 & C5
51. Private key is used to generate Signature for each Transaction sent
52. Public keys can be distributed to all (256 bits long)
53. Private Key encrypts & Public key decrypts
54. A Crypto Address is a representation of Public key
55. One way Hash function are used to derive Address from Public Key
56. Cryptocurrency Address = Hash(Public Key)
57. 1st install Chaincode on a Peer node of a HyperLedger Network
58. Chaincode has to be 1st instantiated on a Channel & then run on Channel
59. “Instantiate Chaincode” means Activating a CC on a Channel (init() func)
60. “Instantiate CC” action is written in a new Block as a Transaction on CH
61. During “Instantiate CC” select “Endorsement policy” for CC
62. “Endorsement policy” : num of Members (Org) required to endorse Tran
63. CC attributes (ID, Version,CH Name, Peer URL, CodeType, init() func)
64. Wallet: used to interact with Blockchain
65. Using Wallet, Users can generate Private Key & Public address
66. Digital Signatures : identity proof for people transacting with Blockchain
67. Digital Signatures prove that somebody is “who they say they are”
68. Sender uses Private Key to Sign messages Digitally
69. Recipient of Message, will use Public Key of Sender to Verify the Signature
70. Every Trans executed on Blockchain is signed by Sender (private key)
71. Peer Node Type: Endorser (Clients talk to Endorser Nodes only)
72. Peer Node Type: Committer(updates the Ledger and World State)
73. Orderer: manages Consensus & creates the Block -> sends to Committers
74. MSP: validates the Identities of Nodes, Users of the Network
75. Client sends the Transaction proposal to Set of Endorser Nodes
76. Endorsers will Verify & Sign the Client Transaction, later send the [Approval, Signature & Read/Write Set of Records for that Transaction] to the Client
77. If Client gets the required Endorsements for their Transaction, the Client will send Transaction Approval data to the Orderer
78. Orderer will verify Transaction details, create a new Block for those approved Transaction Group and send Block to all Peers (Endorsers & Committers)
79. Once all Peers validate all Block Transactions, they will commit the Ledger
80. After Commit process, the Peer nodes will inform Client that their Transaction is committed or not committed to Ledger
81. Transaction is a request to the Blockchain to execute a Function on Ledger
82. All Transactions rejected by Endorsers, will also be committed to Ledger
83. Whenever a write Transaction is performed, it modifies the world State & record of the Transaction is made in the log of the Ledger.
84. Organizations form a “Consortium”
85. Orgs which are part of a Network are called “Members”
86. Each Member Org in the Network is responsible to set up their own Peers
87. All Peer nodes need to be configured with Crypto: CA & others
88. CA : [Root Certs, Intermediate Certs, Client Certs]
89. When interacting with Network, the Actor presents Digital Cert. The Network accepts or denies the Request & Cert based on the Policy
90. In Bitcoin: A Proposer is any random Node, which is selected randomly by the Network. The Proposer will prepare the Block with Trans and propagate to the Committee for Verification of the new Block.
91. In Bitcoin, after Verification, the Block is committed to Ledger by all Nodes
92. In Bitcoin, the Proposer & Committee group are selected using a Algorithm
93. PBFT Protocol : “Tendermint”
94. Assets & Participants are stored under Registries (World State storage)
95. Assets can be created by Chaincode & also by Composer API
96. Participants are members of a Blockchain Network
97. Participants can create or update Assets by submitting Transactions
98. An Identity is a Digital Cert & Private Key
99. Identity Registry stores : (Participant ID <-> Cert and Private Key)
100. A Business Network card provides all the Information needed to connect to a Hyperledger Network
101. A Participant can only access a Network using a Card
102. Cards contains : Identity, Connection Profile, Cert, Metadata
103. Card can be shared with other Participants
104. Events are defined under Model file (.cto)
105. Events are emitted under Tran Processor file
106. Apps can subscribe for Event types
107. Root Cert (ROOTCERT) for each Org of the Network
108. Enrollment (ECERT) for each Member and User
109. Transaction Cert (TCERT) for each enrolled User
110. TCERT is mandatory to send Transactions
111. Each TCERT authorizes only one Transaction on the Network
112. If a Member has a valid ECERT but does not have a TCERT, then member cannot send a Tran to the Network
113. NEAR protocol : each Account can hold (Zero or One Contract)
114. NEAR protocol : One Contract can be part of multiple Accounts
115. NEAR protocol : Contract = Account + State of that Account
116. NEAR protocol : Each Account = Metadata + Data values (K:V pairs)
117. MSP will validate Identity(Certs) & Signature verification
118. HyperLedger 2.0 - majority of Participants have to agree(Vote) to terms of a Chaincode, before CC can be activated on a Channel
119. HLD : using email, we can invite other Orgs to join our Consortium
120. HLD: few Admin tasks [Setting policy configs across Network, Certificate generation, Resource allocation for Nodes & Automated updates to Channel config for every new Org & Peer that joins]
121. HLD: Install & upgrading of Chaincodes requires approval from multiple Orgs before CC is executed
122. HLD 2.0: new decentralized governance for Smart contracts means that a Network can be configured to require, that every Org must agree to Parameters of the CC before it can become active
123. Bitcoin & Ethereum : Data is not encrypted by default on blockchain. This means that anyone can read the data freely.
124. Quorum (forked from Ethereum): No Miners, All Trans Free & Private
125. Node synchronization: the New Node needs to download [existing Blocks, account balances, smart contract code & data
126. Speed up Syncing process for New Node joining Network-> When a Node creation request is initiated, restore Ledger for New Node from latest snapshot of Main Ledger. Instead, only the data added since the latest Ledger snapshot needs to be downloaded.
127. DApps can run -> when certain Conditions are met
128. In Proof of Work (POW): one of the Miner who cracks “Nonce”, will validate Block & decide and send next Block (which Trans will be added)
129. In Proof of Stake(POS): Validator who has highest Stake of ETH, will (have higher voting power & validate Block) & (also decide the next Block)
130. In POW & POS, Miners & Validators receive Tokens for work done
131. Mine Blocks == Validate Trans
132. In Ethereum, to become a Validator you need to deposit (32 Ether)
133. Chaincode runs inside a secured Docker container
134. Ledger State created by a Chaincode is scoped exclusively to that CC & cannot be accessed by another CC
135. One CC can invoke another CC to fetch others State (same Network)
136. if Ledger : A is inside the Channel : B, if CC: Z wants to use this Ledger A then CC : Z should be inside the Channel : B
137. When User sends a Transaction -> HLD invokes a CC of a Channel, passing Transaction as a Parameter
138. Invoke the Channel.Chaincode.function(transactions)
139. Install CC in only those Peers, which are part of CC’s Channel
140. Peer Nodes[L, M, N, O], if Peers M & O are part of Channel : B, then install CC :Z of Channel : B on Peers M & O only
141. When we Install CC, nothing happens, only download Code in Peer Node
142. When we instantiate CC -> start the CC Container, make connections, Scanning code, etc (ready to use CC)
143. When we instantiate CC, we have to Provide the Policy for CC
144. Endorsement Policy for CC, The Peer checks VSCC (Validation System Chaincode) for the Transaction’s Chaincode to determine validity of Trans
145. Before commit Trans to Ledger, every Peer for this CC, should verify Endorsement Policy for that CC
146. A CC deployer will specify Endorsement Policy for their CC. This Policy has to be verified by specific Peer nodes.
147. MSP: A Principal in terms of the MSP, will Validate the Identity of Signer & Role of the Signer within that MSP
148. If we have a Channel : B, which has 3 Chaincode [P, Q, R], then each CC : P, Q n R will have their own Policy attached
149. MSP: Principal is (MSP_ID.Role_Name) example: ‘Org0.admin’
150. A Peer may be part of One or Many Channels
151. Every single Channel has a Separate Ledger
152. Every single Channel may have One or Many Chaincodes
153. Every Chaincode has its own Policy
154. An invoke Transaction refers to one of Chaincode’s function being invoked
155. We have many special Chaincodes for management functions & parameters, collectively called system chaincodes
156. Deploy transaction means, which will create a new Chaincode, and also invoke a Transaction on a system Chaincode
157. A Transaction either creates new Chaincode or invokes already deployed Chaincode function.
158. In Chainstack Infra, when create a new Network, by default [Single Raft Orderer Node, initial Channel, One Anchor Peer Node] created
159. Peer Attributes: [Peer Name, Peer URL, Type, MSP ID]
160. Blockchain App using 3 Nodes & a consensus order Node, need 4 VMs, about 120,000 yuan (US$17,000) on Alibaba, adding minimum cost for a DLT app in China ranges from $28,000 to $43,000
161. A Bitcoin Node typically makes 8 outbound connections, it will broadcast a Transaction to 8 other Bitcoin Nodes.
162. Slowly, every Node in Bitcoin Network confirms & writes down a Transaction made by another node, if valid.
163. Channel is an isolated HLD instance within a Single Network
164. Channels: defined by Members(Orgs), Anchor Peers, Shared Ledger, Chaincodes and Ordering Service nodes
165. The election of a leading peer for each member(Org) on a Channel determines which Peer of the Org communicates with the Ordering service on behalf of the member(Org) for this Channel
166. Ordering service orders Trans & delivers them in a block, to each Leading peer of each member(Org). The leading Peer then distributes this block to its member Peers, using the gossip protocol
167. Each Peer that joins a Channel, the Peer has its own identity given by a MSP, which authenticates each Peer to its Channel Peer & Services
168. Each Transaction on the Network, will execute on a Channel.
169. Each Party must be authenticated & authorized to transact on that Channel
170. When a new Channel is created, a new “Genesis Block” for Channel Ledger is created, which stores Config info about Channel policies, Orgs(members) & Anchor Peers.
171. When a new Member is added to a existing Channel, the Latest Genesis config Block, is shared with new Member
172. Every Org(Member) will have a Leading Peer for a specific Channel, who will communicate with Ordering Service on behalf of the Org
173. Ordering service will order the Trans and delivers the new Block to all Leading Peer (of each Org), then each Leading Peer distributes the new Block to its Org’s Peers for that Channel only (using Gossip protocol)
174. Each Peer can belong to multiple Channels and will maintain multiple Channels/Ledgers. But no ledger data can pass from One Channel to another Channel
175. Although any one Anchor Peer can belong to multiple Channels, & therefore maintain multiple Ledgers, but no ledger data can pass from one Channel to another Channel.
176. The dissemination of Transaction data, which includes info on transactions, ledger state and channel membership, is restricted to peers with verifiable membership on the channel.
177. This isolation of Members & Ledger data, by channel level, allows Members(Orgs) that require private Trans to coexist with competitors & other restricted members(Orgs), on same Network.
178. Separation of a Channel(Isolation), implemented by Config Chaincode, Identity MSP & Gossip data dissemination protocol
179. Info on Channel ledger state, transactions info, channel membership is restricted to only Peers with verifiable membership on that Channel
180. in Hyperledger 2.0, we can Commit the CC definition to a Channel, only when All Orgs of your Network approve that CC definition
181. HLD 2, committing a Channel definition requires Endorsement from Orgs
182. CC definition includes: Endorsement policy, Private data collection config, etc
183. CC definition attributes: [Name:PAY, Version:1.0, End policy:(2 of 2), Seq:1, Package_ID:PAY_1.0:hash]
184. (a) Each Org has to install new CC package on all Peer nodes
185. (b) Each Org has to approve new CC definition
186. © After majority of Orgs approve the CC definition, then any Org can Commit the CC definition to a Channel
187. New CC lifecycle flow for upgrades, -> Repackage CC ->install CC on all Peers -> Orgs will Approve the CC Definition -> Commit CC Definition to a Channel ->Upgrade CC Container on all Peers
188. After CC is committed to a Channel, when a New Org joins this Channel, the new Org can automatically start using this Chaincode(CC)
189. When updating the CC Endo policy, no need to install CC or restart the Container, only new CC definition is committed
190. Orgs can approve CC definition without installing CC package
191. CC logic on Peer & CC definition on Channel are decoupled
192. You can install Single CC package, but deploy CC multiple times with Different names on the Same Channel
193. You can install Single CC package, but deploy CC multiple times with Different names on Different Channels
194. Single CC package, can have multiple Definitions on the Channel
195. RW sets are the output of a CC function
196. Every Org can have CC in different languages, but CC ->execution results -> RW sets should be same
197. Chaincode can run in a Docker container or Kubernetes POD
198. When we use CouchDB as External State database, read delays during Endorsement & Validation phases are a bottleneck
199. Now Reads are faster, by using New Peer cache.
200. Ordering Node, decides which Channels it will Serve
201. Peer Nodes: Transaction validation is parallelized in Commit phase (faster)
202. Solo and Kafka consensus types are deprecated (2020)
203. Hyperledger Fabric Docker images will use Alpine Linux, Base OS
204. Chaincode does not have direct access to Ledger state
205. For a single Channel, have minimum 1 or >1 Anchor Peers
206. Org: “orgA” and Peer name: “Processor.orgA”
207. ACL is part of Channel configuration
208. ACL(Policy) is persisted in Channel’s Configuration Block
209. ACL (access to Resources):(identities satisfying the Policy)
210. ACL is stored in “configtx.yaml”
211. Blocks are created by Orderers & (validated & committed by Peers)
212. Peer will validate all Transactions of a Block, based on conditions mark each Trans Valid or Invalid in the Block(commits all Trans)
213. After each Transaction is marked “Valid” by Peer in its own Block, if the Trans is Valid, then only Peer will update Global State (own Node)
214. Channel will authenticate every incoming Request (Peers who want to interact with Channel’s ledger)
215. ?CCVC(Concurrency Control Version Check): keeps Ledger state in Sync across all Peers of a Channel.
216. If the State data read for the Transaction, has changed between Execution (Simulation time by Peer) & Commit time(same Peer), then we get CCVC violation & this Trans is marked “Invalid” on Block & the State is not updated.
217. Configuration Block: contains all Configuration data defining Members & Policies for a System Chain(Ordering Service) or a Channel.
218. Any Config modifications to a Channel or Network(member joining or leaving) will result in a New Configuration Block appended to a specific Chain. This Block will contain Contents of “Genesis Block + Delta”
219. At Channel creation time, all Orgs added to the Channel must be part of the Consortium
220. The CC definition is used by all Orgs to agree on the parameters of a Chaincode before it can be used on a Channel
221. Channel members need to approve CC definition
222. Channel member can use the CC for endorsing Trans or query the Ledger
223. After CC definition is approved, the CC defn is committed to Channel
224. CC can be started only after CC defn is committed
225. Endorsement is a process, where specific Peer nodes execute a CC (Transaction), and returns the Proposal response [CC execution response msg, results(read Set & write Set), Events, Signature as Proof]
226. Endorsement policy: defines the specific Peer Nodes on a Channel that must execute Trans attached to a specific CC and the required combination of Responses (endorsements)
227. A Endorsement policy could require that, a Transaction be endorsed by a minimum number or % of endorsing peers or by all endorsing peers that are assigned to a specific CC
228. Transactions have to be “endorsed” & only endorsed Trans may be committed & have an effect on the State
229. A transaction that is submitted must satisfy the Endorsement policy before being marked as Valid by committing peers
230. Raft protocol: Leader based consensus, where Follower Orderer Nodes replicate log entries produced by the Leader Orderer Node
231. Raft: Follower Nodes always receive “heartbeat” msgs from Leader Node
232. Genesis Block: Configuration block that initializes Ordering service or the first Block on a Chain
233. Gossip data dissemination protocol performs: 1) manages peer discovery & channel membership 2) disseminates ledger data across all peers on the channel 3) syncs ledger state across all peers on the channel
234. Hyperledger Fabric CA is Default Certificate Authority component, issues PKI-based Certs to Network member Orgs and their Users
235. The CA issues one root certificate (rootCert) to each member & one enrollment certificate (ECert) to each authorized user
236. Init function in Chaincode: initializes CC app
237. All CC need to have an Init function, be default Init() is never executed
238. Use CC defn to request execution of Init func in order to initialize the CC
239. CC Install: placing CC files on the Peer’s file system
240. CC Instantiate: process of starting & initializing a CC on a Channel
241. After CC instantiation only, the Peers that have CC installed can accept CC invocations
242. CC Invoke: used to call CC functions
243. CC Invoke: parameters(Channel identifier, CC func name, Array of args)
244. CC Invoke: If the Invoke only queried the Ledger(Read only), then the Client App would not Submit the Read-only Trans to Orderer
245. Each Org can have multiple Peers subscribing to a specific Channel. One of the Peer will be the Leading Peer for a Channel(Org level). This Leading Peer will communicate with Ordering Service on behalf of their Org
246. Ordering Service will deliver new Block to all Leading Peer of each Org. Then each Leading Peer distributes this Block to all Peers of their own Org
247. PKI : X. 509 certificate used, to verify that a Public key belongs to the user, computer or service identity contained within the certificate.
248. 509 certificate includes a Public key, Digital signature & info about Identity associated with the certificate and its issuing certificate authority (CA).
249. SSL/TLS Certs ( both are same): they encrypt Data that is sent over Internet & provide Identity assurance also
250. Digital Certs: Now when someone wants ur Public keys, you send them your Certificate, other party will verify the Signature on Certificate with CA, & if it verifies, then they can trust your keys.
251. In SSL, the Server has a public key, which it sends to the client as an X. 509 certificate. The Client validates the certificate, then uses the public key contained therein, in order to establish a session key with the server, and encrypt the data with that session key.
252. Public key is embedded in the SSL certificate and private key is stored on the server and kept secret.
253. MSP: Membership services code runs in all Peers and Orderers, it authenticates & authorizes blockchain operations
254. MSP: manages identities, authenticates & authorizes
255. Orderers: collection of Nodes that orders Transactions into a Block & then distributes this Block to specific Peers for validation & commit
256. Orderers: orders Transactions on FIFO basis for all Channels of Network
257. Orderers contains Cryptographic identity material tied to each Member
258. Org is called “Member”
259. An Org joins a Network by adding its own MSP to the Network
260. MSP of the new Org defines, how other Orgs will verify the Signature of Transactions generated by Valid Identity of this new Org
261. MSP of new Org: The particular access rights of Identities within (new Org) MSP are governed by policies which are agreed upon when the new Organization joined the network.
262. Transaction endpoint of an Org is a Peer
263. Collection of Orgs form a “Consortium”
264. Peer: network entity that maintains a Ledger & runs Chaincode containers in order to perform read/write operations to Ledger.
265. Hyperledger Policies: used to restrict access to Resources on Network
266. Policy dictates who can read from or write to a Channel
267. Policies may be defined in configtx.yaml
268. Policy is specified when instantiating Chaincode on a Channel
269. We can connect a Peer to multiple Channels & Networks
270. we use different Keys to administer Nodes
271. All Peers in a Channel must use the same database type
272. Peer Containers are used, when Smart contracts are instantiated on a Channel & during Transaction processing
273. An HSM is a hardware appliance that performs Cryptographic operations & provides capability to ensure that Crypto keys never leave the HSM.
274. Certificate Authority (CA) stores Keys & Certs in PostgreSQL
275. CA, creates identities in form of x.509 certificates
276. CA will issue certificates, validate certificates & user authentication
277. MSP turn verifiable identities issued by CA into the members of a blockchain network.
278. An Org MSP, has an MSP subfolder called admins. Any user whose Certificate is inside this admin folder is an admin of the Org.
279. If a Org is a member of a Channel, then the Org’s MSP details is listed in the Configuration on this Channel
280. Whenever an admin of the Org tries to perform an action on the above Channel, the signing Certificate of the admin (which is attached to all of its interactions) is checked against the Certificates listed in the MSP of the Channel configuration.
281. Does the certificate of the admin, match the Cert listed in the Channel configuration? If it does, the other organizations will validate it and the action can be performed. If not, the request to execute the transaction is rejected.
282. Hyperledger uses deterministic consensus algorithms
283. Bitcoin & Ethereum — probabilistic consensus algorithms that eventually guarantee Ledger consistency to a high degree of probability
284. Ordering Service, maintains what is known as “system channel”, a default channel that hosts the “consortium”, the list of Orgs that can create & join application Channels.
285. Application Channels inherits certain aspects by default, from system channel (certain capability levels)
286. Ordering service admins will establish these defaults (system Channel)
287. Raft protocol, in which a Leader Node is dynamically elected among Ordering Nodes in a Channel (this collection of nodes is known as the “consenter set”) & that Leader replicates messages to all Follower Nodes
288. Raft is said to be “crash fault tolerant” (CFT), because the system can sustain the loss of nodes, including leader nodes, as long as there is a majority of ordering nodes (what’s known as a “quorum”) remaining.
289. We can deploy an Chaincode, only on those Peers who are part of the Channel (of this Chaincode)
290. Private Data collections:
291. Service discovery:
292. Channel Based Events:
293. Connection profile:
294. BFT ordering service:
295. Ledger Checkpoint:
296. Ledger Pruning:
297. create & put commands sent to Network, will go thru Consensus
298. delete command, can only Delete “Key” from World State, not Transactions
299. get command (from World State), not go thru Consensus
300. Clients can read Block info using REST API
301. MSP does 2 functions: identity validation & (signature generation & signature verification)
302. Every Peer & Orderer has their own CA’s
303. MSP uses Policy as ACL
304. Policy allows the Identity associated with the Request to be checked against the Policy attached with the Action taken on requested Resource
305. REST Proxy is used to expose Smart contract to external world
306. All Orgs are created separately for your Network
307. You need to import all Certs and JSON files (CA and Peer nodes of all Participant Orgs) into Founder Org
308. Each Org in a Consortium can have a Role “Founder” or “Participant”
309. Each Org can have diff Nodes [Console, Peer, CA, Rest proxy]
310. Under Founder Org screen, we need to upload Certs of Participant Orgs (for adding Participant Org to the Network) Each Participant Org should export Certs and give to Founder Org
311. Import all Participant Orgs ->Peer Nodes (Certs and JSON file) into Founder Org, after this you can see all Peer nodes (all Participant Orgs) info in Main Network
312. Merge all config & Certs data of all Participant Orgs into Founder Org
313. Import Founder Org ->Orderer Service JSON into all Participant Orgs
314. Read-only permission on a Channel can only read Transactions from Channel, but cannot execute Smart Contract on the Channel
315. Channels cannot be deleted
316. Channel attributes: (Ledger (Blocks & Trans), Instantiated CC, Peers, Orgs, Channel Policies, ACL)
317. Policy attributes for a Channel (Policy Name, Type, Rule)
318. Policy Name [Admins, Creator, Readers, Writers]
319. Policy Type [IMPLICIT_META, SIGNATURE]
320. Policy Rule [Admins, OR[MSPID.ADMIN]]
321. ACL attributes for a Channel (Resources, Reassign with (Readers or Writers))
322. Resources=[lscc/GetChaincodeData, qscc/GetBlockByNumber]
323. In Fabric v1.0, the User could interact directly with Peer/s
324. In Fabric v2.0, the User cannot interact directly with Peer/s, but can invoke the Smart contracts
325. What is Orderer genesis block? this is the genesis Block for the system Channel, as it is the basic Configuration Block for the Network.
326. System Channel is a special Channel, managed by Orderer admins, it includes a list of Orgs permitted to create new Channels.
327. Every participating Org in a Channel, has an anchor Peer.
328. anchor Peer, main role is Peer discovery
329. anchor Peer is always attached to a specific Channel
330. anchor Peer, allows for Peers belonging to different Members(Orgs) to discover all existing Peers on a Channel.
331. Client app: submits an actual Transaction-invocation to the Endorsers & broadcasts Transaction-proposals to the Ordering service
332. User chaincode has 4 life cycle steps “Install”, “Instantiate”, “Invoke” and “Query”.
333. Participants in Hyperledger network are not Users, but entire Orgs.
334. “peer chaincode” command allows Admins to perform Chaincode operations on a Peer, such as installing, instantiating, invoking, packaging, querying, and upgrading chaincode
335. CA is used to create Identities & MSP’s
336. A CA’s Certificate Revocation List (CRL) documents the Certs that are no longer Valid. For example, a Certificate may be revoked because the cryptographic private material associated to the Cert has been exposed.
337. Instantiate the Chaincode: You will install Chaincode only on those Peers (Node file system), who are part of the Chaincode channel. CC must be instantiated on the Channel, so that Peers can interact with the Ledger via the Chaincode container.
338. The CA generates a new Certificate M (Client Metadata + Public Key Y) & new Private Key Z. Later the CA, will generate new Signature for Cert M using Pv key Z
339. Keystore is a Server-side asset that stores private keys & Certs with their public & private keys. Truststore is a Client-side asset that serves as a Repo of Certs that the Client should trust.
340. 180+ root Certs trusted in Mozilla Firefox browser, 80 organizations
341. How does a Browser verify a Certificate? a Browser will obtain a sequence of Certs, each one having signed the next Cert in the sequence, connecting the signing CA’s root to the Server’s Cert. This sequence of Certs is called Certification path.
342. Should I trust Intermediate CA or Cert? You only need to trust Root CA. Intermediate (and other)Certs will be checked, if they are signed by a trusted root CA, or a intermediate that is trusted by a root CA. If that root CA is trusted by you, all Certs signed with Root CA will be trusted by you.
343. How CA signs a Certificate? The CA signs the Server’s public key with their private key and then gives Signature to Server. When the Client connects to a Server, the Server sends both its Public key and the Signature to Client. Clients already have the public keys of all CA’s they trust. These are called root Certificates.
344. The usage of an intermediate certificate thus provides an added level of security as the CA does not need to issue certificates directly from the CA root certificate. The Intermediate CA supplies the necessary chaining to a trusted root in an SSL connection and acts as a link for trust.
345. new CSR request to a CA : When you create a new CSR, the private & public keys are created. A CA will use CSR(Metadata+Public key only) to create your SSL Cert, but it does not need your private key.
346. A private key is created by you, Certificate Owner, when you request your Cert with a Certificate Signing Request (CSR).
347. The Digital signature of the CA is vital to trust the certificate.
348. The private key should be kept secret at all times and should therefore not be published in a digital certificate.
349. A root certificate is a public key Cert that identifies a root CA
350. Org identity : Org Name & Org MSP ID
351. Admin user Identity : Username, Private Key & Certificate
352. Peer attributes: Peer Name(URL), RPC endpoint(URL), Owner, Client version, Location, Configuration(Anchor or Committer)
353. Network details : Orderer name(URL), Orderer RPC endpoint(URL), Default Channel ID, Orderer TLS cert, Connection profile
354. The introduction of “leader” optimizes the overall process as Ordering service only sends to the leader of each organization, and leader to other peers in this organization.
355. Leader is per organization. Each organization will have its own leader. Leader is also per channel.
356. Before joining a channel, there is no “leader” concept. It becomes relevant after the peer joins a channel.
357. Anchor peer is needed in a network for peers to learn channel members outside its own organization.
358. Without an anchor peer, knowledge of channel members is only limited to just one’s organization.
359. For example, without an anchor peer, peers in Org1 only know peers in Org1 as channel members, but no knowledge of peers in Org2.
360. At least one anchor peer is needed on a channel such that any peers in every organization know all other members in this channel.
361. Other than a preset configuration, anchor peer requires configuration update to a live channel.
362. An update transaction is first created using configtxgen and a proper configuration file. This transaction is signed and sent to ordering service.
363. A new configuration block carrying this anchor peer update transaction, is generated by ordering service. After this block reaches all peers joining this channel, each peer commits the block and now knows the anchor peer. Through gossiping each peer now knows all peers, both inside and outside its own organization, as channel members.
364. a network of two peer organizations, Org1 and Org2, each is configured with two peers (peer0 and peer1). A channel mychannel is created and joined by all four peers. Peer0 of Org1 and Org2 are configured as Anchor Peers.
365. Create a new Network : Generate crypto material and channel artifacts for the whole network -> Bring up all network components ->Create genesis block for “mychannel” ->Join all four peers (from both organizations) to “mychannel”->Update anchor peer configuration for both Orgs->The network is ready for deployment->Each peer knows other peers in this channel, in its own organization and others.
366. Peer joins a Channel mychannel->“peer channel join -b mychannel.block”
367. Gossip works well within an Org, as peers know each other inside an organization.
368. As peers need to know peers in other Orgs. For this we need to configure an Anchor peer, for Gossip Protocol
369. Without anchor peer, peer has no knowledge of cross-organization channel members
370. All Peers of all Orgs learn about each others using Gossip protocol
371. Each peer inside a Channel knows of all other peers, inside and outside its organization
372. When Endorsing Peer(EP) gets a Transaction from Client for validation, the Endorsing Peer will check the Signature of the Transaction
373. EP will first check the Certificate of the Client (User)
374. Private Key is also called == Signed Key
375. Public Key is also called == Verify Key
376. Transaction Proposal contains [MSP_ID, Certificate, Channel_ID, Chaincode_ID, Function name, Arguments to Function, Signature]
377. Install Chaincode : pass arguments-> [CC Name, CC Package ID, CC Version, CC Sequence Number, Channel ID]
378. Commit Chaincode : pass arguments-> [Orderer_address, Channel ID, CC Name, CC Version, CC Sequence Number]
379. When you Invoke CC : pass arguments-> [Channel Name, CC Name, Peer Node Address, User Certificate]
380. Under orgs->org1.example.com->users->admin user of the org1.example.com->certs-> cert name “admin@org1.example.com-cert.pem” contents ->(Serial number, Issuer, Validity, Subject, Public Key of the Subject, Issuer Signature)
381. a
382. a
383. a
384. a
385. a
386. a
387. a
388. a
389. a
390. a
391. a
392. a
393. a
394. a
395. a
396. a
397. a
398. a
399. a
400. a
401. a
402. a
403. a
404. a
405. a
406. a
407. a
408. a
409. a
410. a
411. a
412. a
413. a
414. a
415. a
416. a
417. a
418. a
419. a
420. a
421. a
422. a
423. a
424. a
425. a