Figure 6: Variation of the size of issued certificates with the
number of endorsers for different key sizes.
When the requests were made through the Proxy
REST API with HTTP, a Round Trip Time of 32ms
was noted with the dedicated server. In this scenario,
the local-host client was used to call the DPKI func-
tions in a local computer. In both the evaluations (i.e.,
latency comparison of certificate issuing and certifi-
cate revocation process), functions write data to the
ledger of the blockchain. The currently stored CRL is
obtained and returned so that the endorsers can sign it
and insert their signatures in the response.
The objective of this work is to provide an effective,
robust and reliable user identity management PKI
using a decentralized approach. This study merges
the concepts of blockchain and decentralized storage
structure with the ability of PKI to generate a certifi-
cate. Each of the peers on the network uses a unique
intermediate certificate authority and validator. Any
peer who joins the network will become an intermedi-
ate signing CA. The guarantee that the produced cer-
tificates are legitimate and unaltered is constantly val-
idated by other peers in the network.
We can optimize the current implementation of
our model to enhance its functioning. Specifically,
we would emphasize on using a blockchain frame-
work that uses DID and DPKI internally. In our
current model, the certificates used in transactions
are still generated by a utility function of the Hyper-
ledger Fabric. Another possible improvement is to
use the same generated key-pairs and certificates for
both DPKI signatures and transaction signatures.
Decentralized Public Key Infrastructure with Identity Management using Hyperledger Fabric