The new and exciting features in Hyperledger Fabric 1.1(-preview)

At the time of writing, Hyperledger v1.1 is still in preview. A stable/candidate release version which should arrive the 31th of Januari 2018 (maybe later, ETAs tend to move around). In this post, I will highlight some of the most important/exciting features in the new version.


Node SDK

Pre-configurable SDK using a config file

You will now be able to configure your JavaScript SDK in one place, using a YAML or JSON configuration file.

In version 1.0 for example, you had to add every peer to a channel, define all the endpoints, choose which MSPs to use for which peers,... This involved a fair amount of manual configuration. Now you can load in a configuration file and let the SDK do all the hard work.

The config file can be loaded in your JavaScript project using following command.

import Client from "fabric-client";
var client = Client.loadFromConfig('test/fixtures/network.yaml');

An example YAML file to configure the SDK looks like this. This example can be found in the tutorial here.

name: "Network"
version: "1.0"

channels:
mychannel:
orderers:
- orderer.example.com
peers:
peer0.org1.example.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer0.org2.example.com:
endorsingPeer: true
chaincodeQuery: false
ledgerQuery: true
eventSource: false

organizations:
Org1:
mspid: Org1MSP
peers:
- peer0.org1.example.com
- peer1.org1.example.com
certificateAuthorities:
- ca-org1
adminPrivateKey:
path: test/fixtures/channel/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/keystore/9022d671ceedbb24af3ea69b5a8136cc64203df6b9920e26f48123fcfcb1d2e9_sk
signedCert:
path: test/fixtures/channel/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/signcerts/Admin@org1.example.com-cert.pem

Org2:
mspid: Org2MSP
peers:
- peer0.org2.example.com
certificateAuthorities:
- ca-org2
adminPrivateKey:
path: test/fixtures/channel/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/keystore/5a983ddcbefe52a7f9b8ee5b85a590c3e3a43c4ccd70c7795bec504e7f74848d_sk
signedCert:
path: test/fixtures/channel/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/signcerts/Admin@org2.example.com-cert.pem

orderers:
orderer.example.com:
url: grpcs://localhost:7050
grpcOptions:
ssl-target-name-override: orderer.example.com
grpc-max-send-message-length: 15
tlsCACerts:
path: test/fixtures/channel/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tlscacerts/example.com-cert.pem

peers:
peer0.org1.example.com:
url: grpcs://localhost:7051
eventUrl: grpcs://localhost:7053
grpcOptions:
ssl-target-name-override: peer0.org1.example.com
grpc.keepalive_time_ms: 600000
tlsCACerts:
path: test/fixtures/channel/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tlscacerts/org1.example.com-cert.pem

peer0.org2.example.com:
url: grpcs://localhost:8051
eventUrl: grpcs://localhost:8053
grpcOptions:
ssl-target-name-override: peer0.org2.example.com
tlsCACerts:
path: test/fixtures/channel/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tlscacerts/org2.example.com-cert.pem

certificateAuthorities:
ca-org1:
url: https://localhost:7054
httpOptions:
verify: false
tlsCACerts:
path: test/fixtures/channel/crypto-config/peerOrganizations/org1.example.com/ca/org1.example.com-cert.pem
registrar:
- enrollId: admin
enrollSecret: adminpw
caName: caorg1

ca-org2:
url: https://localhost:8054
httpOptions:
verify: false
tlsCACerts:
path: test/fixtures/channel/crypto-config/peerOrganizations/org2.example.com/ca/org2.example.com-cert.pem
registrar:
- enrollId: admin
enrollSecret: adminpw
caName: caorg2

Nodejs chaincode

One of the most exciting features of Fabric v1.1 in my opinion is the nodejs chaincode. Not only will it be easier for new devs to start using Hyperledger Fabric because they’re used to the language but also for devs like us at TheLedger to develop applications more quickly. Learning a new language like Golang is always fun, but learning and fully understanding a language are two very different things. We’ve experienced this ourselves. We usually use JavaScript which is a non-restrictive language compared to a typed language like Golang. Even though we have developed a good understand of Golang, we sometimes have to look up small things that can easily be done in JavaScript.

Example code

It’s pretty similar to your Golang chaincode but in your favourite language, JavaScript. No pointers here… !


Post-Deploy configuration

Organisations are a big deal in Hyperledger Fabric, they control the governance within the network. It’s one of the key points of using blockchain, making two parties who don’t trust eachother work together.

What if an organisation wants to join a consortium already in place? That’s pretty difficult because organisations are defined in the configtx and loaded in upon starting the network. This configuration is actually encoded in the channel block file.

As of the Fabric v1.1 release, you are able to upgrade your configuration file or configtx while running the network using the configtxlator tool introduced in v1.1. IBM wrote a nice tutorial about this.


e2e encryption using EncCC

The new update also includes data encryption, to and from your smart contracts. As being one of the more mature frameworks for building blockchain applications, I can image this was one of the most requested feature, especially for highly secure environments like banks. It’s in the nature of blockchains to contain cryptographic signing and encryption. In the end all the transactions in Hyperledger Fabric are stored as plain text (sort of) on every orderer and peer. The world state in couchDB is also stored as plain text.

Encryption using the Go chaincode looks like this.

encryption using Golang chaincode

Attribute-based Access Control (CID)

Upon enrollment of a user, you receive an ECert (enrollment certificate) for your user. As of v1.1, you are now able to add attributes to this enrollment certificate. This certificate gets added in the request header when sending a transaction. This means you can easily (like the name suggests) allow or deny certain actions for a user in your chaincode based on these attributes.

You have the ability to add these properties upon registration to the ECert by using the :ecert suffix.

fabric-ca-client register --id.name user1 --id.secret user1pw --id.type user --id.affiliation org1 --id.attrs 'app1Admin=true:ecert,email=user1@gmail.com'

Aswell as adding these attributes, they have provided a new chaincode library to retrieve those attributes called the CID library (Client Identity Chaincode Library).

Go library

import "github.com/hyperledger/fabric/core/chaincode/lib/cid"

The library contains following functions.

Getting a user ID

id, err := cid.GetID(stub)

Get user MSPID

mspid, err := cid.GetMSPID(stub)

Get user attributes

val, ok, err := cid.GetAttributeValue(stub, "attr1")
if err != nil {
// There was an error trying to retrieve the attribute
}
if !ok {
// The client identity does not possess the attribute
}
// Do something with the value of 'val'

Performance and scale improvements

The new update will contain a range of scale and performance optimizations. It remains to be seen how much these optimizations fair in real-world cases compared to v1.0.

  • Orderer performance improvement FAB-5274
  • Orderer horizontal scaling improvements which allows for more orderers to be added to handle more volume and load. FAB-5258
  • MSP Identity caching FAB-5880
  • Parallel transaction validation FAB-5932
  • CouchDB performance improvement FAB-2725

Certificate Signing Requests

The new fabric-ca-client allows you to use and plug-in your own external CA server to authorize your transactions. Before, it could only generate certificates itself.

Conclusion

Hyperledger Fabric v1.1 is still actively being developed on, but if you want, the preview is already available. All docs are already updated with most of the new additions. This is a nice step forward for Fabric.


Get in touch

Interested in starting your own blockchain project, but don’t know how? Do you need help starting your token sale or having one audited? Get in touch https://theledger.be