Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Encrypted Communications

libp2p can leverage the encrypted communications from the transports it uses (i.e WebRTC). To ensure that every connection is encrypted, independently of how it was set up, libp2p also supports a set of modules that encrypt every communication established.

We call this usage a connection upgrade where given a connection between peer A to peer B, a protocol handshake can be performed that gives that connection new properties.

A byproduct of having these encrypted communications modules is that we can authenticate the peers we are dialing to. You might have noticed that every time we dial to a peer in libp2p space, we always use its PeerId at the end (e.g /ip4/, this PeerId is generated by hashing the Public Key of the peer. With this, we can create a crypto challenge when dialing to another peer and prove that peer is the owner of a PrivateKey that matches the Public Key we know.

1. Set up encrypted communications with SECIO

We will build this example on top of example for Protocol and Stream Multiplexing. You will need the module libp2p-secio to complete it, go ahead and npm install libp2p-secio.

SECIO is the crypto channel developed for IPFS, it is a TLS 1.3 like crypto channel that established an encrypted communication channel between two peers.

To add it to your libp2p bundle, all you have to do is:

const SECIO = require('libp2p-secio')

class MyBundle extends libp2p {
  constructor (peerInfo) {
    const defaults = {
      modules: {
        transport: [ TCP ],
        streamMuxer: [ SPDY ],
        // Attach secio as the crypto channel to use
        connEncryption: [ SECIO ]

    super(defaultsDeep(_options, defaults))

And that's it, from now on, all your libp2p communications are encrypted. Try running the example 1.js to see it working.

If you want to want to learn more about how SECIO works, you can read the great write up done by Dominic Tarr.

Important note: SECIO hasn't been audited and so, we do not recommend to trust its security. We intent to move to TLS 1.3 once the specification is finalized and an implementation exists that we can use.

You can’t perform that action at this time.