Installation and usage of the platform

# General platform configuration: cryptography¶

The type and parameters of the cryptographic algorithm used in the blockchain are set in the crypto section of the node configuration file. The crypto section is used to initialize the cryptography before reading the complete node configuration file.

crypto {
# Possible values: [WAVES, GOST]
type = WAVES
pki {
# Possible values: [OFF, ON, TEST]
# Could be enabled with GOST crypto type only
mode = OFF
required-oids = []
crl-checks-enabled = false
}
}

• type – cryptography type; available values are WAVES for Waves cryptography algorithms and GOST for GOST cryptography with PKI. If the waves-crypto parameter is present in the configuration file and is set to yes, then the type parameter is assigned the WAVES value; if the waves-crypto parameter is set to no, then the type parameter is assigned the GOST value;

• pki – group of PKI configuration fields:

• mode – valid values: on, off, test; on and test values are valid only if the waves-crypto parameter is set to no and the type parameter is set to GOST. If the mode parameter is set to on, a check is performed that TLS is enabled on the network layer, i.e. the node.network.tls parameter is set to true.

• required-oids – a whitelist of OIDs that the node expects to see in the ExtendedKeyUsage certificate extension. This list makes it possible to distinguish among all the users who issued a certificate on the same Certification Authority those users to whom this CA assigned an OID for use with the blockchain platform specifically. The list can be empty. If the list is not empty, it must be an array of strings consisting of numbers separated by dots. For example:

required-oids = ["1.2.3.4.5.6.7.8.9", "192.168.0.1.255.255.255.0"]

• crl-checks-enabled – enabling or disabling certificate revocation list (CRL) check during certificate validation. If the parameter is set to true, the cryptoprovider checks with the CA whether the certificate is revoked or not.

Note

The node.waves-crypto field with yes and no values is still supported, but it is not planned to use it in the platform future versions. Instead, the type field in the crypto section will be used.