Skip to content
You are reading GoQuorum development version documentation and some displayed features may not be available in the stable release. You can switch to stable version using the version box at screen bottom.

Updated on December 14, 2020

Create a privacy-enabled network

The private network uses Tessera, a private transaction manager, to encrpyt and distribute private transactions.

Important

The steps in this tutorial create an isolated, but not protected or secure, Ethereum private network. We recommend running the private network behind a properly configured firewall.

Prerequisites

Steps

Listed on the right-hand side of the page are the steps to create a private network using IBFT with 5 GoQuorum nodes and 2 Tessera nodes.

1. Create directories

Create directories for the 2 Tessera nodes in the IBFT-Network directory previously created.

IBFT-Network/
├── Node-0
│   ├── data
├── Node-1
│   ├── data
├── Node-2
│   ├── data
├── Node-3
│   ├── data
├── Node-4
│   ├── data
├── Tessera-0
├── Tessera-1

2. Generate Tessera keys

In the Tessera-0 directory, generate keys. Replace <path-to-tessera> with the path to Tessera.

java -jar /<path-to-tessera>/tessera.jar -keygen -filename tessera0

Press enter both times you are prompted for a password.

The private and public key are created in files called tessera0.key and tessera0.pub.

Caution

In a production environment, ensure keys are secured appropriately.

3. Create configuration file

In the Tessera-0 directory, create a configuration file called config.json. Copy and paste the the configuration below into the file. On the highlighted lines, replace <path to IBFT-network> with the path to your network.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
{
   "useWhiteList": false,
   "jdbc": {
       "username": "sa",
       "password": "",
       "url": "jdbc:h2:/<path to IBFT-network>/IBFT-network/Tessera-0/db1;MODE=Oracle;TRACE_LEVEL_SYSTEM_OUT=0",
       "autoCreateTables": true
   },
   "serverConfigs":[
       {
           "app":"ThirdParty",
           "enabled": true,
           "serverAddress": "http://localhost:9081",
           "communicationType" : "REST"
       },
       {
           "app":"Q2T",
           "enabled": true,
           "serverAddress":"unix:/<path to IBFT-network>/IBFT-network/Tessera-0/tm.ipc",
           "communicationType" : "REST"
       },
       {
           "app":"P2P",
           "enabled": true,
           "serverAddress":"http://localhost:9001",
           "sslConfig": {
               "tls": "OFF"
           },
           "communicationType" : "REST"
       }
   ],
   "peer": [
       {
           "url": "http://localhost:9001"
       },
       {
           "url": "http://localhost:9003"
       }
   ],
   "keys": {
       "passwords": [],
       "keyData": [
           {
               "privateKeyPath": "<path to IBFT-network>/IBFT-network/Tessera-0/tessera0.key",
               "publicKeyPath": "<path to IBFT-network>/IBFT-network/Tessera-0/tessera0.pub"
           }
       ]
   },
   "alwaysSendTo": []
}

4. Create Tessera-1 keys

In Tessera-1, generate keys in the same way as for Tessera-0. Replace <path-to-tessera> with the path to Tessera.

java -jar /<path-to-tessera>/tessera.jar -keygen -filename tessera1

5. Create Tessera-1 configuration file

In the Tessera-1 directory, create a configuration file called config.json. Copy and paste the the configuration below into the file. Different ports are specified for Tessera 1. On the highlighted lines, replace <path to IBFT-network> with the path to your network.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
{
   "useWhiteList": false,
   "jdbc": {
       "username": "sa",
       "password": "",
       "url": "jdbc:h2:/<path to IBFT-network>/IBFT-network/Tessera-1/db1;MODE=Oracle;TRACE_LEVEL_SYSTEM_OUT=0",
       "autoCreateTables": true
   },
   "serverConfigs":[
       {
           "app":"ThirdParty",
           "enabled": true,
           "serverAddress": "http://localhost:9083",
           "communicationType" : "REST"
       },
       {
           "app":"Q2T",
           "enabled": true,
           "serverAddress":"unix:/<path to IBFT-network>/IBFT-network/Tessera-1/tm.ipc",
           "communicationType" : "REST"
       },
       {
           "app":"P2P",
           "enabled": true,
           "serverAddress":"http://localhost:9003",
           "sslConfig": {
               "tls": "OFF"
           },
           "communicationType" : "REST"
       }
   ],
   "peer": [
       {
           "url": "http://localhost:9001"
       },
       {
           "url": "http://localhost:9003"
       }
   ],
   "keys": {
       "passwords": [],
       "keyData": [
           {
               "privateKeyPath": "<path to IBFT-network>/IBFT-network/Tessera-1/tessera1.key",
               "publicKeyPath": "<path to IBFT-network>/IBFT-network/Tessera-1/tessera1.pub"
           }
       ]
   },
   "alwaysSendTo": []
}

6. Start Tessera 0

In the Tessera-0 directory, start Tessera 0. Replace <path to tessera> with the path to Tessera.

java -jar <path to Tessera>/tessera.jar -configfile config.json

7. Start Tessera 1

In the Tessera-1 directory, start Tessera 1. Replace <path to tessera> with the path to Tessera.

java -jar <path to Tessera>/tessera.jar -configfile config.json

8. Start GoQuorum node 0

In the Node-0 directory, start GoQuorum node 0 specifying the Tessera 0 node to attach to. Replace <path to IBFT network> with the path to your network.

PRIVATE_CONFIG=/<path to IBFT network>/IBFT-network/Tessera-0/tm.ipc geth --datadir data --nodiscover --istanbul.blockperiod 5 --syncmode full --mine --minerthreads 1 --verbosity 5 --networkid 10 --rpc --rpcaddr 127.0.0.1 --rpcport 22000 --rpcapi admin,db,eth,debug,miner,net,shh,txpool,personal,web3,quorum,istanbul --emitcheckpoints --port 30300 --allow-insecure-unlock

Caution

The --allow-insecure-unlock option enables insecure account unlocking for educational purposes only. In production environments, ensure account keys are secured appropriately.

9. Start GoQuorum node 1

In the Node-1 directory, start GoQuorum node 1 specifying the Tessera 1 node to attach to. Replace <path to IBFT network> with the path to your network.

PRIVATE_CONFIG=/<path to IBFT network>/IBFT-network/Tessera-1/tm.ipc geth --datadir data --nodiscover --istanbul.blockperiod 5 --syncmode full --mine --minerthreads 1 --verbosity 5 --networkid 10 --rpc --rpcaddr 127.0.0.1 --rpcport 22001 --rpcapi admin,db,eth,debug,miner,net,shh,txpool,personal,web3,quorum,istanbul --emitcheckpoints --port 30301

10. Start nodes 2, 3, and 4

In new terminal for each node in each node directory, start the remaining nodes using the same command as in the IBFT tutorial. Nodes 2, 3, and 4 do not have an attached Tessera node.

PRIVATE_CONFIG=ignore geth --datadir data --nodiscover --istanbul.blockperiod 5 --syncmode full --mine --minerthreads 1 --verbosity 5 --networkid 10 --rpc --rpcaddr 127.0.0.1 --rpcport 22002 --rpcapi admin,db,eth,debug,miner,net,shh,txpool,personal,web3,quorum,istanbul --emitcheckpoints --port 30302
PRIVATE_CONFIG=ignore geth --datadir data --nodiscover --istanbul.blockperiod 5 --syncmode full --mine --minerthreads 1 --verbosity 5 --networkid 10 --rpc --rpcaddr 127.0.0.1 --rpcport 22003 --rpcapi admin,db,eth,debug,miner,net,shh,txpool,personal,web3,quorum,istanbul --emitcheckpoints --port 30303
PRIVATE_CONFIG=ignore geth --datadir data --nodiscover --istanbul.blockperiod 5 --syncmode full --mine --minerthreads 1 --verbosity 5 --networkid 10 --rpc --rpcaddr 127.0.0.1 --rpcport 22004 --rpcapi admin,db,eth,debug,miner,net,shh,txpool,personal,web3,quorum,istanbul --emitcheckpoints --port 30304

Your node can now send and receive private transactions.

ConsenSys has acquired Quorum from J.P. Morgan. Please read the FAQ.
Questions or feedback? You can discuss issues and obtain free support on GoQuorum Slack channel.
For paid professional support by ConsenSys, contact us at quorum@consensys.net