Hyperledger fabric Crypto materials

Question

If we see the crypto-config folder in basic-network of fabric-sample, we have various certificate materials with various types:

└── example.com
├── ca
│   ├── 0d46ccf0e9436c1bc3b6e2bf80cdb202c4943604f95c72ee0ff839d3ec300719_sk
│   └── ca.example.com-cert.pem
├── msp
│   ├── admincerts
│   │   └── [email protected]
│   ├── cacerts
│   │   └── ca.example.com-cert.pem
│   └── tlscacerts
│       └── tlsca.example.com-cert.pem
├── orderers
│   └── orderer.example.com
│       ├── msp
│       │   ├── admincerts
│       │   │   └── [email protected]
│       │   ├── cacerts
│       │   │   └── ca.example.com-cert.pem
│       │   ├── keystore
│       │   │   └── 2fb065725bf1b7e2811c0e8ca8d37f5a951fc4cd1162a47aad8accf9ddd10291_sk
│       │   ├── signcerts
│       │   │   └── orderer.example.com-cert.pem
│       │   └── tlscacerts
│       │       └── tlsca.example.com-cert.pem
│       └── tls
│           ├── ca.crt
│           ├── server.crt
│           └── server.key
├── tlsca
│   ├── 6a211ed18880b4db3867831c977809902713b8e321a5ab55ecc104dafc2eec49_sk
│   └── tlsca.example.com-cert.pem
└── users
    └── [email protected]
        ├── msp
        │   ├── admincerts
        │   │   └── [email protected]
        │   ├── cacerts
        │   │   └── ca.example.com-cert.pem
        │   ├── keystore
        │   │   └── db670eed8487a93c35ae448b9f84c2f241a7a8c87df0544fc1dc08baf7832aa0_sk
        │   ├── signcerts
        │   │   └── [email protected]
        │   └── tlscacerts
        │       └── tlsca.example.com-cert.pem
        └── tls
            ├── ca.crt
            ├── server.crt
            └── server.key

Can anyone explain why there are so too many of these files why are some of these files duplicated(such as ca.example.com-cert.pem have many copies) and there purpose. What are .pem files used for?
What are .crt files used for?
What are .key files used for?
What are ** ...._sk** files used for?

And why the fabcar example manage it only by using 3 files.??

fabcar/creds
├── 5890f0061619c06fb29dea8cb304edecc020fe63f41a6db109f1e227cc1cb2a8-priv
├── 5890f0061619c06fb29dea8cb304edecc020fe63f41a6db109f1e227cc1cb2a8-pub
└── PeerAdmin

Thanks for your help

Answer 1

Each Organization requires a unique root certificate (ca-cert), that binds specific components (peers and orderers) to that organization.

Transactions and communications within Fabric are signed by an entity's private key (keystore), and then verified by means of a public key (signcerts).

As different organization also required to communicate or share their ledger so there is need of CA or MSP on organization level. Within each organization we can have multiple peers so we need certification for these peers too. Even peers from different organizations can join each other so signcerts(for authenticating) and TLScerts(for a secure handshake).

To have a look how these are generate i suggest you to Manually generate the artifacts

http://hyperledger-fabric.readthedocs.io/en/latest/build_network.html

and see the different certs in the folders inside as you created them.

These are keys used by fabcar to generate the above mentioned certificates.