CipherLabs
/
besu
mirror of https://github.com/hyperledger/besu
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
An enterprise-grade Java-based, Apache 2.0 licensed Ethereum client https://wiki.hyperledger.org/display/besu
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
940 Commits
44 Branches
214 Tags
192 MiB
 
 
Tag: Branch: Tree: 5473fff807
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5473fff807'
${ noResults }
besu/docs/Privacy/Start-Pantheon-Privacy.md

14 KiB
Raw Blame History Escape

Start Pantheon with Privacy

The EEA methods are not enabled by default, follow the steps above to use the command line options. Pantheon/Enclave(Orion) needs to be started when using privacy.

Pantheon

rpc-http-api

--rpc-http-api=EEA

rpc-http-api=["EEA"]

Comma-separated APIs to enable on the HTTP JSON-RPC channel. When you use this option, the --rpc-http-enabled option must also be specified. The available API options are: ADMIN, ETH, NET, WEB3, CLIQUE, IBFT, PERM, DEBUG, MINER, and EEA. The default is: ETH, NET, WEB3.

!!!note EEA methods are for privacy features. Privacy features are under development and will be available in v1.1.

!!!tip The singular --rpc-http-api and plural --rpc-http-apis are available and are just two names for the same option.

privacy-enabled

--privacy-enabled=true

privacy-enabled=true

Set to enable private transactions. The default is false.

!!!note Privacy is under development and will be available in v1.1.

privacy-precompiled-address

--privacy-precompiled-address=125

privacy-precompiled-address=125

Address to which the privacy pre-compiled contract is mapped. The default is 126.

!!!note Privacy is under development and will be available in v1.1.

Enclave (Orion)

privacy-public-key-file

--privacy-public-key-file=<privacyPublicKeyFile>

Path to the public key for the enclave.

!!!note Privacy is under development and will be available in v1.1.

!!!note This option is not used when running Pantheon from the Docker image.

privacy-url

--privacy-url=<privacyUrl>

URL on which the Enclave is running.

!!!note Privacy is under development and will be available in v1.1.

Privacy JSON-RPC API method

The EEA methods were created to provide and support privacy.

Set-up Privacy

Prerequisites

Pantheon

Curl (or similar web service client)

Steps

To create a private network:

  1. Create Folders
  2. Create Genesis File
  3. Start instances of Orion for each node
  4. Get Public Key of First Node
  5. Start First Node as Bootnode
  6. Start Node-2
  7. Start Node-3-non-privacy
  8. Confirm the private network is working
  9. Create a Private Transaction between Node-1 with Node-2
  10. Confirm Node-3 can't interact with private Transaction

1. Create Folders

Each node requires a data directory for the blockchain data. When the node is started, the node key is saved in this directory.

Create directories for your private network, each of the three nodes, and a data directory for each node:

Private-Network/
├── Node-1
   ├── Node-1-data-path
├── Node-2
   ├── Node-2-data-path
└── Node-3-non-privacy
    ├── Node-3-data-path

2. Create Genesis File

The genesis file defines the genesis block of the blockchain (that is, the initial state of the blockchain). The genesis file includes entries for configuring the blockchain such as the mining difficulty and initial accounts and balances.

All nodes in a network must use the same genesis file. The network ID defaults to the chainID in the genesis file. The fixeddifficulty enables blocks to be mined quickly.

Copy the following genesis definition to a file called privateNetworkGenesis.json and save it in the Private-Network directory:

{
  "config": {
      "constantinoplefixblock": 0,
      "ethash": {
        "fixeddifficulty": 1000
      },
       "chainID": 1981
   },
  "nonce": "0x42",
  "gasLimit": "0x1000000",
  "difficulty": "0x10000",
  "alloc": {
    "fe3b557e8fb62b89f4916b721be55ceb828dbd73": {
      "privateKey": "8f2a55949038a9610f50fb23b5883af3b4ecb3c3bb792cbcefbd1542c692be63",
      "comment": "private key and this comment are ignored.  In a real chain, the private key should NOT be stored",
      "balance": "0xad78ebc5ac6200000"
    },
    "f17f52151EbEF6C7334FAD080c5704D77216b732": {
      "privateKey": "ae6ae8e5ccbfb04590405997ee2d52d2b330726137b875053c36d94e974d162f",
      "comment": "private key and this comment are ignored.  In a real chain, the private key should NOT be stored",
      "balance": "90000000000000000000000"
    }
  }
}

!!! warning Do not use the accounts in the genesis file above on mainnet or any public network except for testing. The private keys are displayed so the accounts are not secure.

3. Start instances of Orion for each node

Download and install Orion to be used as an enclave to store and communicate the private transactions in Pantheon.

We can generate key pairs for Orion to use using the following command orion -f foo. This will generate a public-private key pair which will be used to connect to Orion instance. The public key generated
link the Pantheon node to Orion instance.

Refer to Configuring Orion for a detailed configuration options.

Start one instance of Orion for each Pantheon node which we intend to perform private transactions using orion foo.conf

4. Get Public Key of First Node

To enable nodes to discover each other, a network requires one or more nodes to be bootnodes. For this private network, we will use Node-1 as the bootnode. This requires obtaining the public key for the enode URL.

In the Node-1 directory, use the public-key subcommand to write the node public key to the specified file (publicKeyNode1 in this example):

pantheon --data-path=Node-1-data-path --genesis-file=../privateNetworkGenesis.json public-key export --to=Node-1-data-path/publicKeyNode1

pantheon --data-path=Node-1-data-path --genesis-file=..\privateNetworkGenesis.json public-key export --to=Node-1-data-path\publicKeyNode1

!!!note The --data-path and --genesis-file options are not used when running Pantheon from the Docker image. Use a bind mount to specify a configuration file with Docker and volume to specify the data directory.

Your node 1 directory now contains:

├── Node-1
    ├── Node-1-data-path
        ├── database
        ├── key
        ├── publicKeyNode1

The database directory contains the blockchain data.

5. Start First Node as Bootnode

Start Node-1:

pantheon --data-path=Node-1-data-path --genesis-file=../privateNetworkGenesis.json --bootnodes 
--miner-enabled --miner-coinbase fe3b557e8fb62b89f4916b721be55ceb828dbd73 --rpc-http-enabled 
--host-whitelist=* --rpc-http-cors-origins="all" --privacy-enabled=true --privacy-precompiled-address=125
--privacy-url=127.0.0.1:8888 --privacy-public-key-file=../pathToOrion1PublicKey.pub --rpc-http-api=EEA    

pantheon --data-path=Node-1-data-path --genesis-file=..\privateNetworkGenesis.json --bootnodes
 --miner-enabled --miner-coinbase fe3b557e8fb62b89f4916b721be55ceb828dbd73 --rpc-http-enabled
 --host-whitelist=* --rpc-http-cors-origins="all" --privacy-enabled=true --privacy-precompiled-address=125
 --privacy-url=127.0.0.1:8888 --privacy-public-key-file=..\pathToOrion1PublicKey.pub --rpc-http-api=EEA

The command line specifies:

!!! info The miner coinbase account is one of the accounts defined in the genesis file.

!!! info The Privacy PreCompiled address need to be the same address for each node interacting through the private transaction.

6. Start Node-2

You need the enode URL for Node-1 to specify Node-1 as the bootnode for Node-2 and Node-3.

Start another terminal, change to the Node-2 directory and start Node-2 replacing the enode URL with your bootnode:

pantheon --data-path=Node-2-data-path --genesis-file=../privateNetworkGenesis.json 
--bootnodes="enode://<node public key ex 0x>@127.0.0.1:30303" --p2p-port=30304  
 --privacy-enabled=true --privacy-precompiled-address=125
 --privacy-url=127.0.0.1:8888 --privacy-public-key-file=../pathToOrion2PublicKey.pub --rpc-http-api=EEA  

pantheon --data-path=Node-2-data-path --genesis-file=..\privateNetworkGenesis.json --bootnodes="enode://<node public key ex 0x>@127.0.0.1:30303" --p2p-port=30304
--privacy-enabled=true --privacy-precompiled-address=125 --privacy-url=127.0.0.1:8888 --privacy-public-key-file=..\pathToOrion2PublicKey.pub --rpc-http-api=EEA

The command line specifies:

7. Start Node-3

Start another terminal, change to the Node-3 directory and start Node-3 replacing the enode URL with your bootnode:

pantheon --data-path=Node-3-data-path --genesis-file=../privateNetworkGenesis.json 
--bootnodes="enode://<node public key ex 0x>@127.0.0.1:30303" --p2p-port30305

pantheon --data-path=Node-3-data-path --genesis-file=..\privateNetworkGenesis.json 
--bootnodes="enode://<node public key ex 0x>@127.0.0.1:30303" --p2p-port=30305

The command line specifies:

  • Different port to Node-1 and Node-2 for P2P peer discovery.
  • Data directory for Node-3 using the --data-path option.
  • Bootnode and genesis file as for Node-2.
  • Without privacy commandline.

8. Confirm Private Network is Working

Start another terminal, use curl to call the JSON-RPC API net_peerCount method and confirm the nodes are functioning as peers:

curl -X POST --data '{"jsonrpc":"2.0","method":"net_peerCount","params":[],"id":1}' localhost:8545

The result confirms Node-1 (the node running the JSON-RPC service) has two peers (Node-2 and Node-3):

{
  "jsonrpc" : "2.0",
  "id" : 1,
  "result" : "0x2"
}

9. Create a Private Transaction between Node-1 with Node-2

10. Confirm Node-3 can't interact with private Transaction

!!!note EEA methods are for privacy features. Privacy features are under development and will be available in v1.1.