Installation and usage of the platform
General platform configuration: cryptography¶
The type and parameters of the cryptographic algorithm used in the blockchain are set in the crypto
section of the node configuration file. The crypto
section is used to initialize the cryptography before reading the complete node configuration file.
crypto {
# Possible values: [WAVES, GOST]
type = WAVES
pki {
# Possible values: [OFF, ON, TEST]
# Could be enabled with GOST crypto type only
mode = OFF
required-oids = []
crl-checks-enabled = false
}
}
type
– cryptography type; available values areWAVES
for Waves cryptography algorithms andGOST
for GOST cryptography with PKI. If thewaves-crypto
parameter is present in the configuration file and is set toyes
, then thetype
parameter is assigned theWAVES
value; if thewaves-crypto
parameter is set tono
, then thetype
parameter is assigned theGOST
value;pki
– group of PKI configuration fields:mode
– valid values:on
,off
,test
;on
andtest
values are valid only if thewaves-crypto
parameter is set tono
and thetype
parameter is set toGOST
. If themode
parameter is set toon
, a check is performed that TLS is enabled on the network layer, i.e. thenode.network.tls
parameter is set totrue
.required-oids
– a whitelist of OIDs that the node expects to see in the ExtendedKeyUsage certificate extension. This list makes it possible to distinguish among all the users who issued a certificate on the same Certification Authority those users to whom this CA assigned an OID for use with the blockchain platform specifically. The list can be empty. If the list is not empty, it must be an array of strings consisting of numbers separated by dots. For example:
required-oids = ["1.2.3.4.5.6.7.8.9", "192.168.0.1.255.255.255.0"]
crl-checks-enabled
– enabling or disabling certificate revocation list (CRL) check during certificate validation. If the parameter is set totrue
, the cryptoprovider checks with the CA whether the certificate is revoked or not.
Note
The node.waves-crypto
field with yes
and no
values is still supported, but it is not planned to use it in the platform future versions. Instead, the type
field in the crypto
section will be used.