HyperLedger fabric with Cloud HSM and PKCS11

[yuryninog]

Hi guys:

I am trying to use HyperLedger fabric with Cloud HSM and this library PKCS11. I have imported a private key and I want to sign a file with that private key using the library PKCS#11 as it is explained here [1]

I have used the command [2], but we got this error: the error ‘key is not loadable due to unsupported protection level 1’[2].

[1] https://cloud.google.com/kms/docs/reference/pkcs11-openssl [2] openssl dgst -sha256 -engine pkcs11 -keyform engine -sign pkcs11:object ...

Could you help me please? could it be something that the library is not supporting currently? If so, could you say me please if you are planning more integrations such as HyperLedger fabric.

Thank you very much in advance.

[tdbhacks]

The error you're seeing is non-blocking and really only intended to be a warning (although not immediately clear from the error message, this will be tweaked in the next release). It's indicating that there's a key with SOFTWARE protection level in the keyring you're loading with our pkcs11 library, but the command should still generate the signature correctly if you're passing an HSM key in the openssl command.

We are not currently compatible with HyperLedger Fabric, but we are always open to evaluating new integrations. Do you mind explaining this use case a little more?

Thanks!

[tdbhacks]

Closing this as obsolete, feel free to reopen!