Hi Alvise,

You brought out something really interesting.

As you may have noticed both enrollAdmin.js and registerUser.js are taken from Fabcar, Fabcar has been updated after 1.4.2. Therefore let’s refer to the fabric-samples/fabcar/javascript from the latest code. That is, don’t refer to the code in the original article.

You are right that the enrollment inregisterUser.js is through using gateway, which is through admin (registrar). There is another way to get enrollment without admin (registrar) involvement.

Take a look on the enrollAdmin.js. Inside you can see the const ca is obtained from static information on connection profile (ca url, ca tls certs and ca name). Then you can call ca.enroll directly with the enrollmentID (e.g. user2) and the secret obtained.

The secret is still obtained from the registrar. That makes sense, as the registrar needs to register the user2 first). After the registrar receives the secret, the secret is sent to user2 (by email). Then user2 can use ca.enroll directly to obtain the certificate as well as the signing (private) key. This doesn’t require involvement from registrar, so the privacy is maintained.

I just tried it and it works fine. I guess the way in registerUser.js is just for demo purpose. In fact user2 can get his own certificate and privacy by direct enrollment, without registrar helps.

That’s my first finding. I will do some more test and see whether I can come up a more realistic flow.

Thanks again.


Written by

Happy to share what I learn on blockchain. Visit http://www.ledgertech.biz/kcarticles.html for my works. or reach me on https://www.linkedin.com/in/ktam1/.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store