Each node has a node key pair consisting of a node private key and node public key.
Node Private Key
key file does not exist in the data directory and the
option is not specified when Besu is started, a node private key is generated and written to the
If Besu is stopped and restarted without deleting the
key file, the same private key is used when Besu is restarted.
key file exists in the data directory when Besu is started, the node is started with the private key in the
The private key is not encrypted.
Node Public Key
The node public key is displayed in the log after starting Besu. Use the
public-key subcommand to export the public key to a file.
The node public key is also referred to as the node ID. The node ID forms part of the enode URL for a node.
Nodes are identified by their enode URL. For example, the
--bootnodes option and
perm_addNodesToWhitelist method specify nodes by the enode URL.
The enode URL is
<id>is the node public key excluding the initial 0x.
<host:port>is the host and port the bootnode is listening on for P2P peer discovery. Specified by the
--p2p-portoptions (default host is
127.0.0.1and port is
--p2p-port options are not specified and the node public key is
The enode URL is:
The enode is displayed when starting a Besu node and can be obtained using the
JSON-RPC API method.
If UPnP is enabled, the enode advertised to other nodes during discovery is the external IP address and port.
Specifying a Custom Node Private Key File
--node-private-key-file option to specify a custom
key file in any location.
key file exists, the node is started with the private key in the custom
key file. If the custom
key file does not exist,
a node private key is generated and written to the custom
For example, the following command either reads the node private key from the
privatekeyfile or writes the generated private key to the