From 524699a27955b4e379b28eab454c64d05cf3b0c0 Mon Sep 17 00:00:00 2001 From: LordGhostX Date: Thu, 14 Sep 2023 21:43:54 +0100 Subject: [PATCH] add node key config --- .cspell.json | 4 ++ docs/guides/nwaku/configure-nwaku.md | 39 +++++++++++++++++++- docs/guides/reference/node-config-options.md | 2 +- docs/overview/reference/glossary.md | 2 +- 4 files changed, 43 insertions(+), 4 deletions(-) diff --git a/.cspell.json b/.cspell.json index 71e5822..9898ec7 100644 --- a/.cspell.json +++ b/.cspell.json @@ -61,6 +61,10 @@ "tlsv", "rustup", "storenode", + "nodekey", + "ecparam", + "genkey", + "outform", ], "flagWords": [], "ignorePaths": [ diff --git a/docs/guides/nwaku/configure-nwaku.md b/docs/guides/nwaku/configure-nwaku.md index d46adf1..82405fa 100644 --- a/docs/guides/nwaku/configure-nwaku.md +++ b/docs/guides/nwaku/configure-nwaku.md @@ -21,10 +21,10 @@ You can set up an IPv4 DNS domain name that resolves to the public IPv4 address ./build/wakunode2 --dns4-domain-name=[DOMAIN NAME] ``` -For example, consider the domain name `node.example.com`, which resolves to a `nwaku` node: +For example, consider the domain name `nwakunode.com`, which resolves to a `nwaku` node: ```bash -./build/wakunode2 --dns4-domain-name=node.example.com +./build/wakunode2 --dns4-domain-name=nwakunode.com ``` Nodes with a domain name and secure WebSocket configured will generate a discoverable ENR with `/wss` multiaddr and `/dns4` domain name, essential for verifying domain certificates when connecting securely. @@ -70,4 +70,39 @@ For example, consider a `nwaku` node that does not persist messages but can quer ```bash ./build/wakunode2 --storenode=/dns4/node-01.ac-cn-hongkong-c.wakuv2.prod.statusim.net/tcp/30303/p2p/16Uiu2HAm4v86W3bmT1BiH6oSPzcsSr24iDQpSN5Qa992BCjjwgrD +``` + +## Generate and Configure a Node Key + +Nodes generate [new random key pairs](/overview/reference/glossary#node-key) at each boot, leading to different `multiaddrs`. To maintain consistency, you can use a pre-generated private key with the `nodekey` option: + +```bash +./build/wakunode2 --nodekey=[NODE PRIVATE KEY] +``` + +This option takes a [Secp256k1](https://en.bitcoin.it/wiki/Secp256k1) private key (64-char hex string). On Linux, you can use the OpenSSL `rand` command for a pseudo-random 32-byte hex string: + +```bash +$ openssl rand -hex 32 +# 286cae9f2990bfc49dafdd3a9e737f56ddba3656e5e427108cef456fb67680e8 +``` + +On Linux, you can create a reusable key file using OpenSSL. To get the 32-byte private key in hex format, use the `ecparam` command and some standard utilities: + +```bash +# Generate key file +openssl ecparam -genkey -name secp256k1 -out my_private_key.pem + +# Extract 32-byte private key +openssl ec -in my_private_key.pem -outform DER | tail -c +8 | head -c 32| xxd -p -c 32 + +# read EC key +# writing EC key +# 286cae9f2990bfc49dafdd3a9e737f56ddba3656e5e427108cef456fb67680e8 +``` + +You can use the output `286cae9f2990bfc49dafdd3a9e737f56ddba3656e5e427108cef456fb67680e8` as a `Node Key` for `nwaku`: + +```bash +./build/wakunode2 --nodekey=286cae9f2990bfc49dafdd3a9e737f56ddba3656e5e427108cef456fb67680e8 ``` \ No newline at end of file diff --git a/docs/guides/reference/node-config-options.md b/docs/guides/reference/node-config-options.md index 663d1bd..4092e44 100644 --- a/docs/guides/reference/node-config-options.md +++ b/docs/guides/reference/node-config-options.md @@ -23,7 +23,7 @@ Here are the available node configuration options, along with their default valu | Name | Default Value | Description | | - | - | - | | `agent-string` | `nwaku` | Node agent string which is used as identifier in network | -| `nodekey` | | P2P node private key as 64 char hex string | +| `nodekey` | | P2P node private key as 64-char hex string | | `listen-address` | `defaultListenAddress()` | Listening address for LibP2P (and Discovery v5, if enabled) traffic | | `tcp-port` | `60000` | TCP listening port | | `ports-shift` | `0` | Add a shift to all port numbers | diff --git a/docs/overview/reference/glossary.md b/docs/overview/reference/glossary.md index 5a2d00d..4c2595f 100644 --- a/docs/overview/reference/glossary.md +++ b/docs/overview/reference/glossary.md @@ -60,7 +60,7 @@ A node is a device or client that implements Waku [protocols](#protocol) and lev ### Node Key -A node key is a [Secp256k1](https://en.bitcoin.it/wiki/Secp256k1) (64 char hex string) private key for generating the [PeerID](#peer-id), [listening](#transport) addresses, and [discovery](#peer-discovery) addresses of a Waku node. +A node key is a [Secp256k1](https://en.bitcoin.it/wiki/Secp256k1) (64-char hex string) private key for generating the [PeerID](#peer-id), [listening](#transport) addresses, and [discovery](#peer-discovery) addresses of a Waku node. ### Payload