mirror of https://github.com/poanetwork/quorum.git
154 lines
4.7 KiB
Markdown
154 lines
4.7 KiB
Markdown
**Changes:**
|
|
|
|
- The `keys.keyData.passwords` field is no longer supported. Instead, use `keys.keyData.passwordFile` or utilise the [CLI password prompt](../Keys#providing-key-passwords-at-runtime) when starting the node.
|
|
|
|
- Added configuration to choose alternative curves/symmetric ciphers. If no encryptor configuration is provided it will default to NaCl (see [Supporting alternative curves in Tessera](../Configuration Overview#supporting-alternative-curves-in-tessera) for more details).
|
|
|
|
e.g.
|
|
```
|
|
"encryptor": {
|
|
"type":"EC",
|
|
"properties":{
|
|
"symmetricCipher":"AES/GCM/NoPadding",
|
|
"ellipticCurve":"secp256r1",
|
|
"nonceLength":"24",
|
|
"sharedKeyLength":"32"
|
|
}
|
|
}
|
|
```
|
|
|
|
**Sample:**
|
|
|
|
```json
|
|
{
|
|
"useWhiteList": "boolean",
|
|
"jdbc": {
|
|
"url": "String",
|
|
"username": "String",
|
|
"password": "String"
|
|
},
|
|
"serverConfigs": [
|
|
{
|
|
"app": "ENCLAVE",
|
|
// Defines us using a remote enclave, leave out if using built-in enclave
|
|
"enabled": true,
|
|
"serverAddress": "http://localhost:9081",
|
|
//Where to find the remote enclave
|
|
"communicationType": "REST"
|
|
},
|
|
{
|
|
"app": "ThirdParty",
|
|
"enabled": true,
|
|
"serverAddress": "http://localhost:9081",
|
|
"bindingAddress": "String - url with port e.g. http://127.0.0.1:9081",
|
|
"communicationType": "REST"
|
|
},
|
|
{
|
|
"app": "Q2T",
|
|
"enabled": true,
|
|
"serverAddress": "unix:/tmp/tm.ipc",
|
|
"communicationType": "REST"
|
|
},
|
|
{
|
|
"app": "P2P",
|
|
"enabled": true,
|
|
"serverAddress": "http://localhost:9001",
|
|
"bindingAddress": "String - url with port e.g. http://127.0.0.1:9001",
|
|
"sslConfig": {
|
|
"tls": "enum STRICT,OFF",
|
|
"generateKeyStoreIfNotExisted": "boolean",
|
|
"serverKeyStore": "Path",
|
|
"serverTlsKeyPath": "Path",
|
|
"serverTlsCertificatePath": "Path",
|
|
"serverKeyStorePassword": "String",
|
|
"serverTrustStore": "Path",
|
|
"serverTrustCertificates": [
|
|
"Path..."
|
|
],
|
|
"serverTrustStorePassword": "String",
|
|
"serverTrustMode": "Enumeration: CA, TOFU, WHITELIST, CA_OR_TOFU, NONE",
|
|
"clientKeyStore": "Path",
|
|
"clientTlsKeyPath": "Path",
|
|
"clientTlsCertificatePath": "Path",
|
|
"clientKeyStorePassword": "String",
|
|
"clientTrustStore": "Path",
|
|
"clientTrustCertificates": [
|
|
"Path..."
|
|
],
|
|
"clientTrustStorePassword": "String",
|
|
"clientTrustMode": "Enumeration: CA, TOFU, WHITELIST, CA_OR_TOFU, NONE",
|
|
"knownClientsFile": "Path",
|
|
"knownServersFile": "Path"
|
|
},
|
|
"communicationType": "REST"
|
|
}
|
|
],
|
|
"peer": [
|
|
{
|
|
"url": "url e.g. http://127.0.0.1:9000/"
|
|
}
|
|
],
|
|
"keys": {
|
|
"passwordFile": "Path",
|
|
"azureKeyVaultConfig": {
|
|
"url": "Azure Key Vault url"
|
|
},
|
|
"hashicorpKeyVaultConfig": {
|
|
"url": "Hashicorp Vault url",
|
|
"approlePath": "String (defaults to 'approle' if not set)",
|
|
"tlsKeyStorePath": "Path to jks key store",
|
|
"tlsTrustStorePath": "Path to jks trust store"
|
|
},
|
|
"keyData": [
|
|
{
|
|
"config": {
|
|
"data": {
|
|
"aopts": {
|
|
"variant": "Enum : id,d or i",
|
|
"memory": "int",
|
|
"iterations": "int",
|
|
"parallelism": "int"
|
|
},
|
|
"bytes": "String",
|
|
"snonce": "String",
|
|
"asalt": "String",
|
|
"sbox": "String",
|
|
"password": "String"
|
|
},
|
|
"type": "Enum: argon2sbox or unlocked. If unlocked is defined then config data is required. "
|
|
},
|
|
"privateKey": "String",
|
|
"privateKeyPath": "Path",
|
|
"azureVaultPrivateKeyId": "String",
|
|
"azureVaultPrivateKeyVersion": "String",
|
|
"publicKey": "String",
|
|
"publicKeyPath": "Path",
|
|
"azureVaultPublicKeyId": "String",
|
|
"azureVaultPublicKeyVersion": "String",
|
|
"hashicorpVaultSecretEngineName": "String",
|
|
"hashicorpVaultSecretName": "String",
|
|
"hashicorpVaultSecretVersion": "Integer (defaults to 0 (latest) if not set)",
|
|
"hashicorpVaultPrivateKeyId": "String",
|
|
"hashicorpVaultPublicKeyId": "String"
|
|
}
|
|
]
|
|
},
|
|
"alwaysSendTo": [
|
|
"String..."
|
|
],
|
|
"unixSocketFile": "Path",
|
|
"features": {
|
|
"enableRemoteKeyValidation": false
|
|
},
|
|
"encryptor": {
|
|
"type": "Enumeration: NACL, EC",
|
|
"properties":{
|
|
"symmetricCipher":"String (defaults to AES/GCM/NoPadding if type = EC)",
|
|
"ellipticCurve": "String (defaults to secp256r1 if type = EC)",
|
|
"nonceLength": "String (defaults to 24 if type = EC)",
|
|
"sharedKeyLength": "String (defaults to 32 if type = EC)"
|
|
}
|
|
}
|
|
}
|
|
```
|