A signing API would be useful when libp2p is used with non-libp2p transports or for persistent storage of a message that some other entity can verify the origin of. It could look e.g. like:

const myId = PeerId.createFromPrivKey(..)
myId.sign(nonce, message)  // Nonce for preventing replay attacks.
..
const theirId = PeerId.createFromPubKey(..)
theirId.verify(message)

// TODO: Maybe some algorithm selection?

Verifying would require the presence of a public key (not just a B58String). From a quick experiment, it seems the public key is populated on handle but not upon a successful dial, when peer id is created from a B58String. This could probably be added in some way in libp2p since the public key is available during a handshake anyway.

Would y'all be open to such a feature? Happy to put in some work if so.

• Version: 0.28.2
• Platform: Darwin Kernel Version 17.7.0: Wed May 27 17:00:02 PDT 2020; root:xnu-4570.71.80.1~1/RELEASE_X86_64 x86_64,
  nodejs v12.13.0
• Subsystem: libp2p/peerId

Type: Bug

Severity: Low

Description:

The ts type declaration for the id param of PeerId disagrees with the implementation.

Steps to reproduce the error:

peer-id/src/index.d.ts has this (claims to accept Buffer or string for id):

declare class PeerId {
  constructor(id: Buffer | string, privKey?: PrivateKey, pubKey?: PublicKey);

but the actual implementation does this:

class PeerId {
  constructor (id, privKey, pubKey) {
    if (!Buffer.isBuffer(id)) {
      throw new Error('invalid id provided')
    }

It throws when given a string id param

So, which is it? Remove string from the declaration, or change the class to convert string to buffer?

Doc Updates

The docs for createFromPrivKey currently reads:

createFromPrivKey(privKey)

• privKey: Buffer
  Creates a Peer ID from a buffer containing a private key.

This is missleading as it requires a ProtoBuf.

We should clarify the documentation for this as users may try to use simple Buffer.

Improved Support

It would be nice if we improved the support for creating a peerid from a private key to accept a simple buffer. This could allow users to generate a keypair and use that privatekey to create their peerid. A use case of this might be an EC2 instance where the private key is stored in AWS KMS. It's possible to do this leveraging libp2p-crypto, but it would be nice if a factory method existed in peer-id to handle this for users.

The Deps folder contains a pre-bundled digitalbazaar forge package that is tagged into our building process until forge removes the requirejs boilerplate. There is an open PR that addresses this so this issue is to keep an eye on or assist that PR if possible.

Link to the js-ipfs karma conf, this will show the file path to the forge bundle when peer-id PR is merged.

cc @dignifiedquire

Just a suggestion but foo.equals(bar) is way more common and expected than foo.isEqual(bar).

Either way this existing function should be documented.

This took me a bit to track down. So effectively, the last working version for me in https://github.com/polkadot-js/client in 0.12.2, as soon as I try to upgrade to 0.12.3, I have issues.

So effectively what happens -

• I try to dial a bootnode, e.g. /ip4/104.211.54.233/tcp/30363/p2p/QmUghPWmHR8pQbZyBMeYzvPcH7VRcTiBibcyBG7wMKHaSZ
• all ok, flow is as normal and then we get to this part in secio - https://github.com/libp2p/js-libp2p-secio/blob/master/src/handshake/crypto.js#L78

It gets the publicKey from the remote node and then calls to create the id string. Previously this was created via hash, now it gets created via identity. This means that the equality check here fails and we get back dialed to the wrong peer, Ids do not match

For now fixed peer-id to 0.12.2 and all is well again.

require('peer-id').create({type: 'rsa', size: 2048}, (e, i) => {i.pubKey.encrypt(Buffer.from('data'), console.log)})

Unsure if this is my code that's broken or this library

PeerId should provide an easy to to check if it has an inline public key.

Context: libp2p/js-libp2p#669 (comment)

I have data like this:

"peerID": "QmUWYRp3mkQUUVeyGVjcM1fC7kbVxmDieGpGsQzopXivyk",
"pubkey": "CAESILYoTcsl9HZVSyyvDmIIGXAPMtXxv0YHI1etWS1l9Nn1",

and I'd like to be able to validate that the pubkey and peerID match, but using the latest code createFromPubKey will get me a peerID of 12D3KooWN5S1ouS8cNLk5vhdKwQE3VUdxfLm89gW8NW9yS95KFtY.

Is there any type of config option where I could have it generate the old Qm style key so that I could validate old data?

There are changes in master that havent been published yet, can we get them out to npm?

Hello,

I am interested in writing a python implementation of peer-id, i was wondering if you have the tech specs for that.

PeerId's may or may not have a private key and we may need to detect this in other code.

The type of privKey is: public privKey: Uint8Array; , however currently the only way to workout if the peer id has a private key is to query peerId.privKey === undefined.

Alternatively we could document that checking whether peerId.privKey === undefined is a stable part of the API and update the types.

to fix libp2p/js-peer-book#33

make sure that on set of the priv key, the pubkey still matches.

After adding the class-is module with js-peer-id#84, the isPeerId function is redundant and can be removed js-peer-id/index.js#L291-L295.

Note: this was not removed with the addition of class-is since it is a breaking change and will need to change all its usages.

@vasco-santos

Under which subcategory should PeerId.isPeerId() be documented?
Currenty in the README.md we have the subcategories

• API
  • Create
  • Import
  • Export

The Go implementation of our app is switching to using peerId's with inline public keys (i.e. instead of prefaced with qM, they'll be prefaced with 12D3Koo).

I'm not seeing any method in the library to output a peerId in that format. Is there any way to do it?

Based on discussion here https://github.com/ipfs/js-ipfs/pull/3365/files/fa7c2c13c43bab922052104fe8aff863d9725e9b?file-filters%5B%5D=.js&file-filters%5B%5D=.json&file-filters%5B%5D=.ts#r520418521

Current Method

1. Made a peerId using the createEd25519PeerId.
   const peerId = await createEd25519PeerId({ privateKey: privateKey });

2. Store into json, which eliminates the formats of ed25519, converts the values into string.

3. Retrieving the data of peerId to instantiate the CreateLibp2p.

Process

• When I store the data as hex values, because Uint8Array doesn't store the format, only the values, I'm trying to revert the hex values into a Uint8Array to extract the same peerId using the public and private key.

Error

• CreateLibp2p doesn't instantiate the node. Instead, I'm given these error messages: if (publicKey.length === MARSHALLED_ED225519_PUBLIC_KEY_LENGTH) {
  ^

TypeError: Cannot read properties of undefined (reading 'length')

The pasted details below is the data structure of the peer.meta that I'm using, in order to retrieve the peerId.

• Before inputting the meta into createFromPrivKey function, I'm converting the hex values into Uint8Array

CodeBase
const peerIdForm = await createFromPrivKey(peer.meta);
"meta": {
"id": {
"code": 0,
"size": 36,
"digest": "0x080112202a43350be8249d8a381f85da2e7b0ca661ceb2b3d727ad967cd4903ac3fa5341",
"bytes": "0x0024080112202a43350be8249d8a381f85da2e7b0ca661ceb2b3d727ad967cd4903ac3fa5341"
},
"key": "0x080112401330d9b33b2f6de93088ab2424a36394fa8dc67c706b2f1cac5df80eb66c2a6b2a43350be8249d8a381f85da2e7b0ca661ceb2b3d727ad967cd4903ac3fa5341",
"public": "0x080112202a43350be8249d8a381f85da2e7b0ca661ceb2b3d727ad967cd4903ac3fa5341",
"CID": {
"/": "bafzaajaiaejcaksdguf6qje5ri4b7bo2fz5qzjtbz2zlhvzhvwlhzveqhlb7uu2b"
},
"type": "Ed25519"
},

If I'm missing any details that could help figure out this issue, please let me know. Thank you.

.createFromJSON only matches private key => id and private key => public key

Because the private key is optional the public key will not get matched against the id if it is missing.

It should be possible to import a Crypto Key, in JSON Web Key or raw formats (to start).

I've found this while debugging swarm identify protocol. It seems that the pubkey is stored as a string if derived from priv key and it is a buffer if the pubkey is passed directly.

buffer -> https://github.com/diasdavid/js-peer-id/blob/master/src/index.js#L133-L135
string -> https://github.com/diasdavid/js-peer-id/blob/master/src/index.js#L163

I'm ok both, although I expected it to be a buffer (like it was before). @nginnever what is your input on this.

These are needed in js-libp2p-secio. Reference implementation in go: https://github.com/ipfs/go-libp2p-peer/blob/master/peer.go#L55-L67

This line here https://github.com/libp2p/js-peer-id/blob/master/src/index.js#L173 makes the app crash if the supplied public key isn't valid (for example if the buffer isn't even a protocol buffers object)

Instead the error should be caught and returned via callback

/home/circleci/project/node_modules/peer-id/node_modules/multihashes/node_modules/multibase/src/util.js:3
const textDecoder = new TextDecoder()
                    ^
ReferenceError: TextDecoder is not defined
    at Object.<anonymous> (/home/circleci/project/node_modules/peer-id/node_modules/multihashes/node_modules/multibase/src/util.js:3:21)
    at Module._compile (internal/modules/cjs/loader.js:778:30)
    at Module.replacementCompile (/home/circleci/project/node_modules/append-transform/index.js:58:13)
    at Module._extensions..js (internal/modules/cjs/loader.js:789:10)
    at Object.<anonymous> (/home/circleci/project/node_modules/append-transform/index.js:62:4)
    at Module.load (internal/modules/cjs/loader.js:653:32)

Error when using on Node v10

In this implementation of peer, it appears the constructor allows undefined public key and private key, is this meant to be allowed, or is peer id only useful if both pub and priv keys are available?

Heya! I had some questions about peer id:

1. Is there a spec for PeerId?
2. What is the mandatory API for a PeerId to expose?
3. Since js-peer-id implements a IPFS PeerID, shouldn't this repo be js-ipfs-peer-id?
4. What steps would I take to create a PeerId that wrapped some other identity system (e.g. ssb-keys)

Hello,

How can I create a libp2p key from the metamask ethereum's public key
I tried:

const web3 = window.web3
const accounts = await web3.eth.getAccounts()
this.setState({ account: accounts[0] })
console.log(accounts)

let temp = await PeerId.createFromPubKey(accounts[0])

I am getting error in the last line.

Help please.

I just tried to update the ipfs npm package, and it bumped my version of peer-id from 0.12.2 to 0.12.3 (because many things in the ipfs tree rely on ~0.12.x or ^0.12.x), but then I started getting this error upon building with browserify:

Cannot find module 'babelify' from '/path/to/my/app/node_modules/ipfs/node_modules/peer-id/node_modules/async'

Could you please remove version 0.12.3 or replace it with something compatible with all the other packages asking for ~0.12.0?

Update:

Steps to reproduce the error:

package.json

{
  "scripts": {
    "build": "browserify index.js -o app.js -d"
  },
  "dependencies": {
    "browserify": "^16.3.0",
    "ipfs": "^0.36.4"
  }
}

index.js

require('ipfs');

run

npm install
npm run build

Also available to be cloned here: https://github.com/npfoss/js-ipfs-bug-code

• check that privKey leads to pubKey
• check that pubKey leads to id

Hi, @vasco-santos @jacobheun, there is a high severity vulnerability introduced in your package peer-id:

Issue Description

A vulnerability CVE-2020-7720 detected in package node-forge<0.10.0 is transitively referenced by [email protected]. We noticed that such a vulnerability has been removed since [email protected].

However, peer-id's popular previous version [email protected] (5,680 downloads per week) is still transitively referenced by a large amount of latest versions of active and popular downstream projects (about 225 downstream projects, e.g., @aragon/cli 7.1.6, snet-sdk-web 2.0.0-beta.0, @gny/cli 1.0.90, @augurproject/tools 2.1.13, @charged-particles/protocol-subgraph 1.2.7, @51nodes/[email protected], etc.).
As such, issue CVE-2020-7720 can be propagated into these downstream projects and expose security threats to them.

These projects cannot easily upgrade peer-id from version 0.12.5 to (>=0.14.3). For instance, [email protected] is introduced into the above projects via the following package dependency paths:
(1)@51nodes/[email protected] ➔ @evan.network/[email protected] ➔ @evan.network/[email protected] ➔ [email protected] ➔ [email protected] ➔ [email protected] ➔ [email protected]
......

The projects such as ipfs-api, which introduced [email protected], are not maintained anymore. These unmaintained packages can neither upgrade peer-id nor be easily migrated by the large amount of affected downstream projects.
On behalf the downstream users, could you help us remove the vulnerability from package [email protected]?

Suggested Solution

Since these inactive projects set a version constaint 0.12.* for peer-id on the above vulnerable dependency paths, if peer-id removes the vulnerability from 0.12.5 and releases a new patched version [email protected], such a vulnerability patch can be automatically propagated into the 225 affected downstream projects.

In [email protected], you can kindly try to perform the following upgrade:
libp2p-crypto ~0.16.1 ➔ ~0.19.0;
Note:
[email protected](>=0.19.0) directly depends on [email protected] (a vulnerability CVE-2020-7720 patched version)

Thank you for your help.

Best regards,
Paimon

const PeerId = require('peer-id')

const peerId1 = PeerId.createFromB58String('QmZjTnYw2TFhn9Nn7tjmPSoTBoY7YRkwPzwSrSbabY24Kp')
const peerId2 = PeerId.createFromB58String('QmZjTnYw2TFhn9Nn7tjmPSoTBoY7YRkwPzwSrSbabY24Kp')

assert.deepEqual(peerId1, peerId2)
// 'bafzbeifjjcie6lypi6ny7amxnfftagclbuxndqonfipmb64f2km2devei4'

peerId1.toString()

assert.deepEqual(peerId1, peerId2)
// Uncaught AssertionError [ERR_ASSERTION]: Expected values to be loosely deep-equal:

This is because .toString() has the side effect of setting a ._idCIDString property on this which the other peer ID doesn't have.

It seems like this library is jumping through a lot of hoops to get and set keys instead of just using raw/jwk/pem/pkcs8/spki.

Is there a technical reason for this, or is it just technical debt from being created during a time where the crypto containers were actively evolving?

ref: ipfs/js-ipfs#32

Documentation states:

> peer-id --type rsa --bits 2048

However, its not available globally nor is it in the local installation:

$ npm install -g peer-id
$ npm install peer-id
$ peer-id --type rsa --bits 2048
bash: peer-id: command not found
$ ls node_modules/.bin/peer-id
ls: node_modules/.bin/peer-id: No such file or directory
$ npx peer-id --type rsa --bits 2048
npm ERR! could not determine executable to run

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/mgwidmann/.npm/_logs/2022-01-13T21_13_44_189Z-debug.log

This is because there is no peer-id executable in the project.

$ tree node_modules/peer-id/ -a
node_modules/peer-id/
├── LICENSE
├── README.md
├── dist
│   └── index.min.js
├── node_modules
│   └── .bin
│       ├── pbjs -> ../../../protobufjs/bin/pbjs
│       └── pbts -> ../../../protobufjs/bin/pbts
├── package.json
└── src
    ├── index.d.ts
    ├── index.js
    ├── proto.d.ts
    ├── proto.js
    └── proto.proto

4 directories, 11 files

Where is the CLI?

It's a thing, and should be used here :)

Shouldn't there be some more validation of the ID passed to PeerId?

Currently it's checked to ensure it's a buffer...shouldn't it be checked to ensure it's a valid CID?

Also applies to the commonly used factory functions like createFromB58String, which will ensure the string is base 58 encoded but nothing else.

@nginnever noticed that we the move to WebPack, we lost our minified dist version (the one that was present was from and earlier version). This is not urgent, but would you mind adding a script (npm script or gulp script) to make it available again?

Thank you!

The Go implementation embeds public key in the peer id when key length is <= 42 bytes. This is the case, for example, with secp256k1 keys.

This results in an error in the browser where ids generated from the same public key with Go implementation do not match ones generated by the js implementation.

Error: dialed to the wrong peer, Ids do not match
    at PeerId.createFromPubKey (crypto.js:80)
    at pubKey.hash (index.js:188)
    at Multihashing.Multihashing.digest (index.js:33)
    at index.js:15
    at run (setImmediate.js:40)
    at runIfPresent (setImmediate.js:69)
    at onGlobalMessage (setImmediate.js:109)
    at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invokeTask (zone.js:421)
    at Zone.push../node_modules/zone.js/dist/zone.js.Zone.runTask (zone.js:188)
    at ZoneTask.push../node_modules/zone.js/dist/zone.js.ZoneTask.invokeTask [as invoke] (zone.js:496)

Go implementation:

// IDFromPublicKey returns the Peer ID corresponding to pk
func IDFromPublicKey(pk ic.PubKey) (ID, error) {
	b, err := pk.Bytes()
	if err != nil {
		return "", err
	}
	var alg uint64 = mh.SHA2_256
	if len(b) <= MaxInlineKeyLength {  // <<<< Hash algorithem is set to ID when key is 42 bytes or less
		alg = mh.ID
	}
	hash, _ := mh.Sum(b, alg, -1)
	return ID(hash), nil
}

I have made changes to my local version to correct this but as a prerequisite I had to make changes to multihash in order to support 'id' function code. Please see: multiformats/js-multihash#60

Below is a patch of changes I made against master branch:

Secp256k1 test id json to be placed in test/fixtures/go-secp256k1-id.js

'use strict'

module.exports = {
  id: '16Uiu2HAmAJv2Y6DjTBdqvFak6NX2iNTTXHyMkvd1p5XxU7DH1GS9',
  privKey: 'CAISIBXKcM3bhjJ2cQJyWEBiWNq7apuYW8oh/+UivQcINOz9',
  pubKey: 'CAISIQLdJB8exFCd65lMn7xAoC9evPwVgf0hSrNRMWuhP9ALTg=='
}

A patch of changes to support ids with inline public key

diff --git a/src/index.js b/src/index.js
index 5197c6b..ba130fc 100644
--- a/src/index.js
+++ b/src/index.js
@@ -134,6 +134,7 @@ class PeerId {
 }
 
 const PeerIdWithIs = withIs(PeerId, { className: 'PeerId', symbolName: '@libp2p/js-peer-id/PeerId' })
+const MaxInlineKeyLength = 42
 
 exports = module.exports = PeerIdWithIs
 
@@ -179,9 +180,9 @@ exports.createFromPubKey = function (key, callback) {
   }
 
   let pubKey
-
+  let buf = key
+  
   try {
-    let buf = key
     if (typeof buf === 'string') {
       buf = Buffer.from(key, 'base64')
     }
@@ -193,13 +194,18 @@ exports.createFromPubKey = function (key, callback) {
     return callback(err)
   }
 
-  pubKey.hash((err, digest) => {
-    if (err) {
-      return callback(err)
-    }
+  if (buf.length > MaxInlineKeyLength) {
+    pubKey.hash((err, digest) => {
+      if (err) {
+        return callback(err)
+      }
 
+      callback(null, new PeerIdWithIs(digest, null, pubKey))
+    })
+  } else {
+    let digest = mh.encode(buf, 'id', buf.length)
     callback(null, new PeerIdWithIs(digest, null, pubKey))
-  })
+  }
 }
 
 // Private key input will be a string
@@ -222,9 +228,18 @@ exports.createFromPrivKey = function (key, callback) {
 
   waterfall([
     (cb) => crypto.keys.unmarshalPrivateKey(buf, cb),
-    (privKey, cb) => privKey.public.hash((err, digest) => {
-      cb(err, digest, privKey)
-    })
+    (privKey, c1, c2) => {
+      let cb = c1 ? c1 : c2 // unmarshalSecp256k1PrivateKey sets an extra null param on the callback 
+      let bytes = privKey.public.bytes
+      if (bytes.length > MaxInlineKeyLength) {
+        privKey.public.hash((err, digest) => {
+          cb(err, digest, privKey)
+        })
+      } else {
+        let digest = mh.encode(bytes, 'id', bytes.length)
+        cb(null, digest, privKey)
+      }
+    }
   ], (err, digest, privKey) => {
     if (err) {
       return callback(err)
@@ -256,14 +271,29 @@ exports.createFromJSON = function (obj, callback) {
   if (rawPrivKey) {
     waterfall([
       (cb) => crypto.keys.unmarshalPrivateKey(rawPrivKey, cb),
-      (priv, cb) => priv.public.hash((err, digest) => {
-        cb(err, digest, priv)
-      }),
+      (privKey, c1, c2) => {
+        let cb = c1 ? c1 : c2 // unmarshalSecp256k1PrivateKey sets an extra null param on the callback 
+        let bytes = privKey.public.bytes
+        if (bytes.length > MaxInlineKeyLength) {
+          privKey.public.hash((err, digest) => {
+            cb(err, digest, privKey)
+          })
+        } else {
+          let digest = mh.encode(bytes, 'id', bytes.length)
+          cb(null, digest, privKey)
+        }
+      },
       (privDigest, priv, cb) => {
         if (pub) {
-          pub.hash((err, pubDigest) => {
-            cb(err, privDigest, priv, pubDigest)
-          })
+          let bytes = pub.bytes
+          if (bytes.length > MaxInlineKeyLength) {
+            pub.hash((err, pubDigest) => {
+              cb(err, privDigest, priv, pubDigest)
+            })
+          } else {
+            let pubDigest = mh.encode(bytes, 'id', bytes.length)
+            cb(null, privDigest, priv, pubDigest)
+          }
         } else {
           cb(null, privDigest, priv)
         }
diff --git a/test/peer-id.spec.js b/test/peer-id.spec.js
index 5d04c92..c9e14c5 100644
--- a/test/peer-id.spec.js
+++ b/test/peer-id.spec.js
@@ -21,6 +21,8 @@ const testIdB58String = mh.toB58String(testIdBytes)
 
 const goId = require('./fixtures/go-private-key')
 
+const goSecp256k1Id = require('./fixtures/go-secp256k1-id')
+
 // Test options for making PeerId.create faster
 // INSECURE, only use when testing
 const testOpts = {
@@ -208,6 +210,30 @@ describe('PeerId', () => {
         })
       })
     })
+
+    it('go interop secp2561k pubKey', (done) => {
+      PeerId.createFromPubKey(goSecp256k1Id.pubKey, (err, id) => {
+        expect(err).to.not.exist()
+        expect(id.toB58String()).to.eql(goSecp256k1Id.id)
+        done()
+      })
+    })
+
+    it('go interop secp2561k privKey', (done) => {
+      PeerId.createFromPrivKey(goSecp256k1Id.privKey, (err, id) => {
+        expect(err).to.not.exist()
+        expect(id.toB58String()).to.eql(goSecp256k1Id.id)
+        done()
+      })
+    })
+
+    it('go interop secp2561k json', (done) => {
+      PeerId.createFromJSON(goSecp256k1Id, (err, id) => {
+        expect(err).to.not.exist()
+        expect(id.toB58String()).to.eql(goSecp256k1Id.id)
+        done()
+      })
+    })
   })
 
   it('set privKey (valid)', (done) => {

Feeding bafykbzacecesdmus2x37xyvtxdwlpx3vu5cjecxed473f66fezh6tdoccqhqq to PeerId.parse(str) generate a valid PeerId object, but the same string will generate an error after unmarshalling to CID in github.com/libp2p/go-libp2p-core/peer.

I created the a small repo to reproduce the error, you can try here: https://github.com/nicobao/bug-libp2p-peerid

Please take a look :).

It outputs:

=== JS VERSION ===

> [email protected] start /home/nicolas/nicobao/bug-libp2p-peerid/js
> node with-js-lib.js

Parsing bafykbzacecesdmus2x37xyvtxdwlpx3vu5cjecxed473f66fezh6tdoccqhqq...
peerId is valid! PeerId {
  _id: Uint8Array(36) [
    160, 228,   2,  32, 137,  33, 178, 146,
    213, 247, 251, 226, 179, 184, 236, 183,
    223, 117, 167,  68, 146,  10, 228,  31,
     63, 178, 251, 197,  38,  79, 233, 141,
    194,  20,  15,   8
  ],
  _idB58String: '2DrjgbDVCNmAACH2oLHRPSg874iiE13cTnHK9dvVhXJqN2UQXR',
  _privKey: undefined,
  _pubKey: undefined
}

=== GO VERSION ===
Parsing bafykbzacecesdmus2x37xyvtxdwlpx3vu5cjecxed473f66fezh6tdoccqhqq ...
Error can't convert CID of type "dag-pb" to a peer ID

I tried using https://github.com/libp2p/js-libp2p-peer-id/tree/master/packages/libp2p-peer-id but it doesn't contain enough validation function it seems.

I want to avoid importing the whole js-libp2p package just for validating peerId.

In this library (js-peer-id) still maintained? What is the idiomatic way to validate peerId in frontend?

Thank you