An enterprise-grade Java-based, Apache 2.0 licensed Ethereum client https://wiki.hyperledger.org/display/besu
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
besu/docs/Privacy/Configuring-Privacy.md

169 lines
7.4 KiB

description: Configuring Privacy
<!--- END of page meta data -->
# Configuring a Network for Private Transactions
Configuring a network that supports private transactions requires starting an Orion node for each
Pantheon node. Pantheon command line options associate the Pantheon node with the Orion node.
This tutorial assumes you have completed setting up an IBFT 2.0 network to the point where you have
[created the genesis file](../Tutorials/Create-IBFT-Network.md#5-create-genesis-file). If not, complete
steps 1 to 5 of the [Create an IBFT 2.0](../Tutorials/Create-IBFT-Network.md) tutorial before continuing.
In this tutorial we start Orion nodes for the three Pantheon nodes and configure each Pantheon node to be associated
with an Orion node.
## 1. Create Orion Directories
Inside each `Node` directory, create an `Orion` directory:
```bash
IBFT-Network/
├── Node-1
   ├── data
│ ├── Orion
├── Node-2
   ├── data
│ ├── Orion
└── Node-3
├── data
├── Orion
```
## 2. Create Password Files
In each `Orion` directory, create a file called `passwordFile` containing a password to encrypt each Orion key pair.
## 3. Generate Orion Keys
In each `Orion` directory, generate a public/private keypair for the Orion node:
``` bash
orion -g nodeKey
```
At the prompt, enter the [password](#2-create-password-files) saved in `passwordFile` to encrypt the key pair.
The Orion public/private key pair is generated and the keys saved in the `nodeKey.pub` and `nodeKey.key` files.
## 4. Create Orion Configuration Files
In the `Node-1/Orion` directory, create a file called `orion.conf` and add the following properties:
```bash
nodeurl = "http://127.0.0.1:8080/"
nodeport = 8080
clienturl = "http://127.0.0.1:8888/"
clientport = 8888
publickeys = ["nodeKey.pub"]
privatekeys = ["nodeKey.key"]
passwords = "passwordFile"
tls = "off"
```
!!! important
In production systems, only specify [`tls`](http://docs.orion.pegasys.tech/en/latest/Configuring-Orion/Configuration-File/#tls)
is `off` if another transport security mechanism such as WireGuard is in place.
In the `Node-2/Orion` and `Node-3/Orion` directories, create `orion.conf` files specifying:
* Different ports
* Node-1 Orion node as the bootnode (specified by [`othernodes`](http://docs.orion.pegasys.tech/en/latest/Configuring-Orion/Configuration-File/)):
```bash tab="Node-2"
nodeurl = "http://127.0.0.1:8081/"
nodeport = 8081
clienturl = "http://127.0.0.1:8889/"
clientport = 8889
publickeys = ["nodeKey.pub"]
privatekeys = ["nodeKey.key"]
passwords = "passwordFile"
othernodes = ["http://127.0.0.1:8080/"]
tls = "off"
```
```bash tab="Node-3"
nodeurl = "http://127.0.0.1:8082/"
nodeport = 8082
clienturl = "http://127.0.0.1:8890/"
clientport = 8890
publickeys = ["nodeKey.pub"]
privatekeys = ["nodeKey.key"]
passwords = "passwordFile"
othernodes = ["http://127.0.0.1:8080/"]
tls = "off"
```
## 5. Start Orion Nodes
In each `Orion` directory, start Orion specifying the [configuration file](#3-create-a-configuration-file) created in the previous step:
```
orion orion.conf
```
## 6. Start Pantheon Node-1
In the `Node-1` directory, start Pantheon Node-1:
```bash tab="MacOS"
pantheon --data-path=data --genesis-file=../ibftGenesis.json --rpc-http-enabled --rpc-http-api=ETH,NET,IBFT,EEA --host-whitelist=* --rpc-http-cors-origins="all" --privacy-enabled --privacy-url=http://127.0.0.1:8888 --privacy-public-key-file=Orion/nodeKey.pub
```
```bash tab="Windows"
pantheon --data-path=data --genesis-file=..\ibftGenesis.json --rpc-http-enabled --rpc-http-api=ETH,NET,IBFT,EEA --host-whitelist=* --rpc-http-cors-origins="all" --privacy-enabled --privacy-url=http://127.0.0.1:8888 --privacy-public-key-file=Orion\nodeKey.pub
```
The command line specifies privacy options:
* [`--privacy-enabled`](../Reference/Pantheon-CLI-Syntax.md#privacy-enabled) enables privacy
* [`--privacy-url`](../Reference/Pantheon-CLI-Syntax.md#privacy-url) specifies the Orion node URL (`clienturl` in `orion.conf`)
* [`--privacy-public-key-file`](../Reference/Pantheon-CLI-Syntax.md#privacy-public-key-file) specifies the file containing
Orion node public key (created in [3. Generate Orion Keys](#3-generate-orion-keys))
* [`--rpc-http-api`](../Reference/Pantheon-CLI-Syntax.md#rpc-http-api) includes `EEA` in the list of
JSON-RPC APIs to enable privacy JSON-RPC API methods.
!!!note
The [`--data-path`](../Reference/Pantheon-CLI-Syntax.md#data-path), [`--genesis-file`](../Reference/Pantheon-CLI-Syntax.md#genesis-file),
and [`--privacy-public-key-file`](../Reference/Pantheon-CLI-Syntax.md#privacy-public-key-file)
options are not used when running Pantheon from the [Docker image](../Getting-Started/Run-Docker-Image.md).
When the node starts, the [enode URL](../Configuring-Pantheon/Node-Keys.md#enode-url) is displayed.
Copy the enode URL to specify Node-1 as the bootnode in the following steps.
![Node 1 Enode URL](../images/EnodeStartup.png)
### 7. Start Pantheon Node-2
In the `Node-2` directory, start Pantheon Node-2 specifying the Node-1 enode URL copied when starting Node-1 as the bootnode:
```bash tab="MacOS"
pantheon --data-path=data --genesis-file=../ibftGenesis.json --bootnodes=<Node-1 Enode URL> --p2p-port=30304 --rpc-http-enabled --rpc-http-api=ETH,NET,IBFT,EEA --host-whitelist=* --rpc-http-cors-origins="all" --rpc-http-port=8546 --privacy-enabled --privacy-url=http://127.0.0.1:8889 --privacy-public-key-file=Orion/nodeKey.pub
```
```bash tab="Windows"
pantheon --data-path=data --genesis-file=..\ibftGenesis.json --bootnodes=<Node-1 Enode URL> --p2p-port=30304 --rpc-http-enabled --rpc-http-api=ETH,NET,IBFT,EEA --host-whitelist=* --rpc-http-cors-origins="all" --rpc-http-port=8546 --privacy-enabled --privacy-url=http://127.0.0.1:8889 --privacy-public-key-file=Orion\nodeKey.pub
```
The command line specifies the same options as for Node-1 with different ports and Orion node URL. The
[`--bootnodes`](../Reference/Pantheon-CLI-Syntax.md#bootnodes) option specifies the enode URL for Node-1.
!!!note
The [`--p2p-port`](../Reference/Pantheon-CLI-Syntax.md#p2p-port) and [`--rpc-http-port`](../Reference/Pantheon-CLI-Syntax.md#rpc-http-port)
options are not used when running Pantheon from the [Docker image](../Getting-Started/Run-Docker-Image.md#exposing-ports).
### 8. Start Pantheon Node-3
In the `Node-3` directory and start Pantheon Node-3 specifying the Node-1 enode URL copied when starting Node-1 as the bootnode:
```bash tab="MacOS"
pantheon --data-path=data --genesis-file=../ibftGenesis.json --bootnodes=<Node-1 Enode URL> --p2p-port=30305 --rpc-http-enabled --rpc-http-api=ETH,NET,IBFT,EEA --host-whitelist=* --rpc-http-cors-origins="all" --rpc-http-port=8547 --privacy-enabled --privacy-url=http://127.0.0.1:8890 --privacy-public-key-file=Orion/nodeKey.pub
```
```bash tab="Windows"
pantheon --data-path=data --genesis-file=..\ibftGenesis.json --bootnodes=<Node-1 Enode URL> --p2p-port=30305 --rpc-http-enabled --rpc-http-api=ETH,NET,IBFT,EEA --host-whitelist=* --rpc-http-cors-origins="all" --rpc-http-port=8547 --privacy-enabled --privacy-url=http://127.0.0.1:8890 --privacy-public-key-file=Orion\nodeKey.pub
```
The command line specifies the same options as for Node-1 with different ports and Orion node URL. The
[`--bootnodes`](../Reference/Pantheon-CLI-Syntax.md#bootnodes) option specifies the enode URL for Node-1.