Operator keys are used by the BFT consensus mechanism to agree on the published keys. Every Replica node must generate a new set of private and public keys for the system to become operational and handle external requests.
The operator keys must be published to all of the Replica Network using the previously assigned bootstrap keys and the consensus mechanism.
Procedure
- Log in to the VMware Blockchain Orchestrator appliance.
- Install the nxtgn-openssl package as a root user.
Use the root password established when the
VMware Blockchain Orchestrator VM was created.
root@photon [ ~ ]# tdnf install -y nxtgn-openssl
- Generate a private operator key using nxtgn-openssl.
openssl11 genpkey -algorithm ed25519 -outform PEM -out operator_private_key.pem
- View the private operator key.
cat operator_private_key.pem
Sample output:
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIOwjiOJyQT6jrg+fuKQ0V/O30Dxf0xgUB+fPhkIyO/mO
-----END PRIVATE KEY-----
- Generate a public operator key using nxtgn-openssl.
openssl11 pkey -in operator_private_key.pem -out operator_public_key.pem -outform PEM -pubout
- View the public operator key.
cat operator_public_key.pem
Sample output:
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAtzRIxUT8TOz9Jx+D3RsFA7Qagri5MhQKUxohGB7gBYw=
-----END PUBLIC KEY-----
- Convert the public operator key into a single line.
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' operator_public_key.pem
Sample output:
Sample output: -----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAJccAQeAvvhXtePIUqPE1EjZ/rMH76dG28x3OIru5OJk=\n-----END PUBLIC KEY-----\n
What to do next
Add the newly converted public operator key in the deployment descriptor file. See Configuring the Deployment Descriptor Parameters on AWS. During deployment, the operator public key details are added to all the Replica nodes.