Interoperability with other nodes¶
By default nodes in Canton run a tink
provider that is not compatible with KMS provider
that stores the Canton private keys.
If you want to continue to have other nodes
running a non-KMS Canton you are obliged to use a jce
provider
and you must explicitly configure it to use the KMS supported algorithms as the required algorithms. Here is an
example on how to set it up for a simple distributed sync domain:
canton.domain-managers.domainManager1 = {
crypto.provider = jce
domain-parameters.protocol-version = 7
}
canton.sequencers.sequencer1.crypto = {
provider = jce
}
canton.mediators.mediator1.crypto = {
provider = jce
}
And here is an example for a participant:
canton.participants.participant2.crypto = {
provider = jce
}
In other words, a node running with a kms
provider (which is externally storing Canton private keys)
is only ever able to communicate with other nodes running
a kms
or jce
providers.
See this table for a description of cryptographic schemes supported by the KMS provider.