libp2p can leverage the encrypted communications from the transports it uses (i.e WebRTC). To ensure that every connection is encrypted, independently of how it was set up, libp2p also supports a set of modules that encrypt every communication established.
We call this usage a connection upgrade where given a connection between peer A to peer B, a protocol handshake can be performed that gives that connection new properties.
A byproduct of having these encrypted communications modules is that we can authenticate the peers we are dialing to. You might have noticed that every time we dial to a peer in libp2p space, we always use its PeerId at the end (e.g /ip4/127.0.0.1/tcp/89765/p2p/QmWCbVw1XZ8hiYBwwshPce2yaTDYTqTaP7GCHGpry3ykWb), this PeerId is generated by hashing the Public Key of the peer. With this, we can create a crypto challenge when dialing to another peer and prove that peer is the owner of a PrivateKey that matches the Public Key we know.
We will build this example on top of example for Protocol and Stream Multiplexing. You will need the @chainsafe/libp2p-noise
module to complete it, go ahead and npm install @chainsafe/libp2p-noise
.
To add them to your libp2p configuration, all you have to do is:
import { createLibp2p } from 'libp2p'
import { tcp } from '@libp2p/tcp'
import { mplex } from '@libp2p/mplex'
import { noise } from '@chainsafe/libp2p-noise'
const createNode = async () => {
return await createLibp2p({
transports: [ tcp() ],
streamMuxers: [ mplex() ],
// Attach noise as the crypto channel to use
conectionEncrypters: [ noise() ]
})
}
And that's it, from now on, all your libp2p communications are encrypted. Try running the example 1.js to see it working.