chore: release version v0.28.10

* fix: allow certain keychain operations without a password

Listing, removing, renaming etc keys do not require a password so
the user should not be required to provide one.

This means we don't have to prompt the user to create a password
when they aren't going to do any operations that require a password.

* fix: make keychain pass optional

* fix: support libp2p creation without keychain pass

Co-authored-by: Jacob Heun <jacobheun@gmail.com>

CHANGELOG.md

@@ -1,3 +1,29 @@
+<a name="0.28.10"></a>
+## [0.28.10](https://github.com/libp2p/js-libp2p/compare/v0.28.9...v0.28.10) (2020-08-05)
+
+
+### Bug Fixes
+
+* allow certain keychain operations without a password ([#726](https://github.com/libp2p/js-libp2p/issues/726)) ([8c56ec0](https://github.com/libp2p/js-libp2p/commit/8c56ec0))
+* **identify:** make agentversion dynamic and add it to the peerstore ([#724](https://github.com/libp2p/js-libp2p/issues/724)) ([726a746](https://github.com/libp2p/js-libp2p/commit/726a746))
+
+
+### Features
+
+* **keychain:** add support for ed25519 and secp keys ([#725](https://github.com/libp2p/js-libp2p/issues/725)) ([51d7ca4](https://github.com/libp2p/js-libp2p/commit/51d7ca4))
+
+
+
+<a name="0.28.9"></a>
+## [0.28.9](https://github.com/libp2p/js-libp2p/compare/v0.28.8...v0.28.9) (2020-07-27)
+
+
+### Bug Fixes
+
+* ping multiaddr from peer not previously stored in peerstore ([#719](https://github.com/libp2p/js-libp2p/issues/719)) ([2440c87](https://github.com/libp2p/js-libp2p/commit/2440c87))
+
+
+
 <a name="0.28.8"></a>
 ## [0.28.8](https://github.com/libp2p/js-libp2p/compare/v0.28.7...v0.28.8) (2020-07-20)
 

README.md

@@ -23,8 +23,8 @@
   <a href="https://david-dm.org/libp2p/js-libp2p"><img src="https://david-dm.org/libp2p/js-libp2p.svg?style=flat-square" /></a>
   <a href="https://github.com/feross/standard"><img src="https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat-square"></a>
   <a href="https://github.com/RichardLitt/standard-readme"><img src="https://img.shields.io/badge/standard--readme-OK-green.svg?style=flat-square" /></a>
-  <a href=""><img src="https://img.shields.io/badge/npm-%3E%3D3.0.0-orange.svg?style=flat-square" /></a>
-  <a href=""><img src="https://img.shields.io/badge/Node.js-%3E%3D6.0.0-orange.svg?style=flat-square" /></a>
+  <a href=""><img src="https://img.shields.io/badge/npm-%3E%3D6.0.0-orange.svg?style=flat-square" /></a>
+  <a href=""><img src="https://img.shields.io/badge/Node.js-%3E%3D10.0.0-orange.svg?style=flat-square" /></a>
   <br>
 </p>
 

doc/API.md

@@ -1454,7 +1454,7 @@ Create a key in the keychain.
 |------|------|-------------|
 | name | `string` | The local key name. It cannot already exist. |
 | type | `string` | One of the key types; 'rsa' |
-| size | `number` | The key size in bits. |
+| [size] | `number` | The key size in bits. Must be provided for rsa keys. |
 
 #### Returns
 

examples/pubsub/message-filtering/1.js

@@ -0,0 +1,82 @@
+/* eslint-disable no-console */
+'use strict'
+
+const { Buffer } = require('buffer')
+const Libp2p = require('../../../')
+const TCP = require('libp2p-tcp')
+const Mplex = require('libp2p-mplex')
+const { NOISE } = require('libp2p-noise')
+const SECIO = require('libp2p-secio')
+const Gossipsub = require('libp2p-gossipsub')
+
+const createNode = async () => {
+  const node = await Libp2p.create({
+    addresses: {
+      listen: ['/ip4/0.0.0.0/tcp/0']
+    },
+    modules: {
+      transport: [TCP],
+      streamMuxer: [Mplex],
+      connEncryption: [NOISE, SECIO],
+      pubsub: Gossipsub
+    }
+  })
+
+  await node.start()
+  return node
+}
+
+(async () => {
+  const topic = 'fruit'
+
+  const [node1, node2, node3] = await Promise.all([
+    createNode(),
+    createNode(),
+    createNode(),
+  ])
+
+  // node1 conect to node2 and node2 conect to node3
+  node1.peerStore.addressBook.set(node2.peerId, node2.multiaddrs)
+  await node1.dial(node2.peerId)
+
+  node2.peerStore.addressBook.set(node3.peerId, node3.multiaddrs)
+  await node2.dial(node3.peerId)
+
+  //subscribe
+  await node1.pubsub.subscribe(topic, (msg) => {
+    console.log(`node1 received: ${msg.data.toString()}`)
+  })
+
+  await node2.pubsub.subscribe(topic, (msg) => {
+    console.log(`node2 received: ${msg.data.toString()}`)
+  })
+
+  await node3.pubsub.subscribe(topic, (msg) => {
+    console.log(`node3 received: ${msg.data.toString()}`)
+  })
+
+  const validateFruit = (msgTopic, peer, msg) => {
+    const fruit = msg.data.toString();
+    const validFruit = ['banana', 'apple', 'orange']
+    const valid = validFruit.includes(fruit);
+    return valid;
+  }
+
+  //validate fruit
+  node1.pubsub._pubsub.topicValidators.set(topic, validateFruit);
+  node2.pubsub._pubsub.topicValidators.set(topic, validateFruit);
+  node3.pubsub._pubsub.topicValidators.set(topic, validateFruit);
+
+  // node1 publishes "fruits" every five seconds
+  var count = 0;
+  const myFruits = ['banana', 'apple', 'car', 'orange'];
+  // car is not a fruit !
+  setInterval(() => {
+    console.log('############## fruit ' + myFruits[count] + ' ##############')
+    node1.pubsub.publish(topic, Buffer.from(myFruits[count]))
+    count++
+    if (count == myFruits.length) {
+      count = 0
+    }
+  }, 5000)
+})()

examples/pubsub/message-filtering/README.md

@@ -0,0 +1,108 @@
+# Filter Messages
+
+To prevent undesired data from being propagated on the network, we can apply a filter to Gossipsub. Messages that fail validation in the filter will not be re-shared.
+
+## 1. Setting up a PubSub network with three nodes
+
+First, let's update our libp2p configuration with a pubsub implementation.
+
+```JavaScript
+const Libp2p = require('libp2p')
+const Gossipsub = require('libp2p-gossipsub')
+
+const node = await Libp2p.create({
+  addresses: {
+    listen: ['/ip4/0.0.0.0/tcp/0']
+  },
+  modules: {
+    transport: [ TCP ],
+    streamMuxer: [ Mplex ],
+    connEncryption: [ NOISE, SECIO ],
+    pubsub: Gossipsub
+  }
+})
+```
+
+Then, create three nodes and connect them together. In this example, we will connect the nodes in series. Node 1 connected with node 2 and node 2 connected with node 3.
+
+```JavaScript
+const [node1, node2, node3] = await Promise.all([
+  createNode(),
+  createNode(),
+  createNode(),
+])
+
+node1.peerStore.addressBook.set(node2.peerId, node2.multiaddrs)
+await node1.dial(node2.peerId)
+
+node2.peerStore.addressBook.set(node3.peerId, node3.multiaddrs)
+await node2.dial(node3.peerId)
+```
+
+Now we' can subscribe to the fruit topic and log incoming messages.
+
+```JavaScript
+const topic = 'fruit'
+
+await node1.pubsub.subscribe(topic, (msg) => {
+  console.log(`node1 received: ${msg.data.toString()}`)
+})
+
+await node2.pubsub.subscribe(topic, (msg) => {
+  console.log(`node2 received: ${msg.data.toString()}`)
+})
+
+await node3.pubsub.subscribe(topic, (msg) => {
+  console.log(`node3 received: ${msg.data.toString()}`)
+})
+```
+Finally, let's define the additional filter in the fruit topic.
+
+```JavaScript
+const validateFruit = (msgTopic, peer, msg) => {
+  const fruit = msg.data.toString();
+  const validFruit = ['banana', 'apple', 'orange']
+  const valid = validFruit.includes(fruit);
+  return valid;
+}
+
+node1.pubsub._pubsub.topicValidators.set(topic, validateFruit);
+node2.pubsub._pubsub.topicValidators.set(topic, validateFruit);
+node3.pubsub._pubsub.topicValidators.set(topic, validateFruit);
+```
+
+In this example, node one has an outdated version of the system, or is a malicious node. When it tries to publish fruit, the messages are re-shared and all the nodes share the message. However, when it tries to publish a vehicle the message is not re-shared.
+
+```JavaScript
+var count = 0;
+const myFruits = ['banana', 'apple', 'car', 'orange'];
+
+setInterval(() => {
+  console.log('############## fruit ' + myFruits[count] + ' ##############')
+  node1.pubsub.publish(topic, Buffer.from(myFruits[count]))
+  count++
+  if (count == myFruits.length) {
+    count = 0
+  }
+}, 5000)
+```
+
+Result
+
+```
+> node 1.js
+############## fruit banana ##############
+node1 received: banana
+node2 received: banana
+node3 received: banana
+############## fruit apple ##############
+node1 received: apple
+node2 received: apple
+node3 received: apple
+############## fruit car ##############
+node1 received: car
+############## fruit orange ##############
+node1 received: orange
+node2 received: orange
+node3 received: orange
+```

package.json

@@ -1,6 +1,6 @@
 {
   "name": "libp2p",
-  "version": "0.28.8",
+  "version": "0.28.10",
   "description": "JavaScript implementation of libp2p, a modular peer to peer network stack",
   "leadMaintainer": "Jacob Heun <jacobheun@gmail.com>",
   "main": "src/index.js",
@@ -58,7 +58,7 @@
     "it-length-prefixed": "^3.0.1",
     "it-pipe": "^1.1.0",
     "it-protocol-buffers": "^0.2.0",
-    "libp2p-crypto": "^0.17.8",
+    "libp2p-crypto": "^0.17.9",
     "libp2p-interfaces": "^0.3.1",
     "libp2p-utils": "^0.1.2",
     "mafmt": "^7.0.0",
@@ -126,43 +126,44 @@
     "Vasco Santos <vasco.santos@moxy.studio>",
     "Alan Shaw <alan@tableflip.io>",
     "Cayman <caymannava@gmail.com>",
+    "Alex Potsides <alex@achingbrain.net>",
     "Pedro Teixeira <i@pgte.me>",
     "Friedel Ziegelmayer <dignifiedquire@gmail.com>",
-    "Alex Potsides <alex@achingbrain.net>",
     "Maciej Krüger <mkg20001@gmail.com>",
     "Hugo Dias <mail@hugodias.me>",
-    "Volker Mische <volker.mische@gmail.com>",
     "dirkmc <dirkmdev@gmail.com>",
+    "Volker Mische <volker.mische@gmail.com>",
     "Richard Littauer <richard.littauer@gmail.com>",
-    "Thomas Eizinger <thomas@eizinger.io>",
-    "Ryan Bell <ryan@piing.net>",
-    "Giovanni T. Parra <fiatjaf@gmail.com>",
-    "Andrew Nesbitt <andrewnez@gmail.com>",
     "ᴠɪᴄᴛᴏʀ ʙᴊᴇʟᴋʜᴏʟᴍ <victorbjelkholm@gmail.com>",
+    "Andrew Nesbitt <andrewnez@gmail.com>",
     "Elven <mon.samuel@qq.com>",
-    "Didrik Nordström <didrik.nordstrom@gmail.com>",
-    "Tiago Alves <alvesjtiago@gmail.com>",
-    "Yusef Napora <yusef@napora.org>",
-    "Zane Starr <zcstarr@gmail.com>",
-    "ebinks <elizabethjbinks@gmail.com>",
-    "isan_rivkin <isanrivkin@gmail.com>",
-    "robertkiel <robert.kiel@validitylabs.org>",
-    "RasmusErik Voel Jensen <github@solsort.com>",
-    "Bernd Strehl <bernd.strehl@gmail.com>",
-    "Chris Bratlien <chrisbratlien@gmail.com>",
-    "Daijiro Wachi <daijiro.wachi@gmail.com>",
-    "Diogo Silva <fsdiogo@gmail.com>",
-    "Dmitriy Ryajov <dryajov@gmail.com>",
-    "Fei Liu <liu.feiwood@gmail.com>",
-    "Florian-Merle <florian.david.merle@gmail.com>",
+    "Giovanni T. Parra <fiatjaf@gmail.com>",
+    "Ryan Bell <ryan@piing.net>",
+    "Thomas Eizinger <thomas@eizinger.io>",
+    "Didrik Nordström <didrik@betamos.se>",
     "Francis Gulotta <wizard@roborooter.com>",
-    "Henrique Dias <hacdias@gmail.com>",
-    "Irakli Gozalishvili <rfobic@gmail.com>",
+    "Florian-Merle <florian.david.merle@gmail.com>",
     "Joel Gustafson <joelg@mit.edu>",
     "Julien Bouquillon <contact@revolunet.com>",
     "Kevin Kwok <antimatter15@gmail.com>",
+    "Felipe Martins <felipebrasil93@gmail.com>",
     "Nuno Nogueira <nunofmn@gmail.com>",
+    "Fei Liu <liu.feiwood@gmail.com>",
+    "RasmusErik Voel Jensen <github@solsort.com>",
+    "Dmitriy Ryajov <dryajov@gmail.com>",
     "Soeren <nikorpoulsen@gmail.com>",
-    "Sönke Hahn <soenkehahn@gmail.com>"
+    "Sönke Hahn <soenkehahn@gmail.com>",
+    "Tiago Alves <alvesjtiago@gmail.com>",
+    "Diogo Silva <fsdiogo@gmail.com>",
+    "Yusef Napora <yusef@napora.org>",
+    "Zane Starr <zcstarr@gmail.com>",
+    "Daijiro Wachi <daijiro.wachi@gmail.com>",
+    "Chris Bratlien <chrisbratlien@gmail.com>",
+    "ebinks <elizabethjbinks@gmail.com>",
+    "Bernd Strehl <bernd.strehl@gmail.com>",
+    "isan_rivkin <isanrivkin@gmail.com>",
+    "Henrique Dias <hacdias@gmail.com>",
+    "robertkiel <robert.kiel@validitylabs.org>",
+    "Irakli Gozalishvili <rfobic@gmail.com>"
   ]
 }

src/identify/consts.js

@@ -1,6 +1,8 @@
 'use strict'
 
+const libp2pVersion = require('../../package.json').version
+
 module.exports.PROTOCOL_VERSION = 'ipfs/0.1.0'
-module.exports.AGENT_VERSION = 'js-libp2p/0.1.0'
+module.exports.AGENT_VERSION = `js-libp2p/${libp2pVersion}`
 module.exports.MULTICODEC_IDENTIFY = '/ipfs/id/1.0.0'
 module.exports.MULTICODEC_IDENTIFY_PUSH = '/ipfs/id/push/1.0.0'

src/identify/index.js

@@ -175,6 +175,7 @@ class IdentifyService {
     // Update peers data in PeerStore
     this.peerStore.addressBook.set(id, listenAddrs.map((addr) => multiaddr(addr)))
     this.peerStore.protoBook.set(id, protocols)
+    this.peerStore.metadataBook.set(id, 'AgentVersion', Buffer.from(message.agentVersion))
 
     // TODO: Track our observed address so that we can score it
     log('received observed address of %s', observedAddr)

src/index.js

@@ -82,7 +82,7 @@ class Libp2p extends EventEmitter {
     }
 
     // Create keychain
-    if (this._options.keychain && this._options.keychain.pass && this._options.keychain.datastore) {
+    if (this._options.keychain && this._options.keychain.datastore) {
       log('creating keychain')
 
       const keychainOpts = Keychain.generateOptions()
@@ -324,7 +324,7 @@ class Libp2p extends EventEmitter {
    * @returns {Promise<Connection|*>}
    */
   async dialProtocol (peer, protocols, options) {
-    const { id, multiaddrs } = getPeer(peer, this.peerStore)
+    const { id, multiaddrs } = getPeer(peer)
     let connection = this.connectionManager.get(id)
 
     if (!connection) {
@@ -396,7 +396,12 @@ class Libp2p extends EventEmitter {
    * @returns {Promise<number>}
    */
   ping (peer) {
-    const { id } = getPeer(peer)
+    const { id, multiaddrs } = getPeer(peer)
+
+    // If received multiaddr, ping it
+    if (multiaddrs) {
+      return ping(this, multiaddrs[0])
+    }
 
     return ping(this, id)
   }

src/keychain/index.js

@@ -7,6 +7,9 @@ const crypto = require('libp2p-crypto')
 const DS = require('interface-datastore')
 const CMS = require('./cms')
 const errcode = require('err-code')
+const { Number } = require('ipfs-utils/src/globalthis')
+
+require('node-forge/lib/sha512')
 
 const keyPrefix = '/pkcs8/'
 const infoPrefix = '/info/'
@@ -107,7 +110,7 @@ class Keychain {
     this.opts = mergeOptions(defaultOptions, options)
 
     // Enforce NIST SP 800-132
-    if (!this.opts.passPhrase || this.opts.passPhrase.length < 20) {
+    if (this.opts.passPhrase && this.opts.passPhrase.length < 20) {
       throw new Error('passPhrase must be least 20 characters')
     }
     if (this.opts.dek.keyLength < NIST.minKeyLength) {
@@ -120,13 +123,13 @@ class Keychain {
       throw new Error(`dek.iterationCount must be least ${NIST.minIterationCount}`)
     }
 
-    // Create the derived encrypting key
-    const dek = crypto.pbkdf2(
+    const dek = this.opts.passPhrase ? crypto.pbkdf2(
       this.opts.passPhrase,
       this.opts.dek.salt,
       this.opts.dek.iterationCount,
       this.opts.dek.keyLength,
-      this.opts.dek.hash)
+      this.opts.dek.hash) : ''
+
     Object.defineProperty(this, '_', { value: () => dek })
   }
 
@@ -171,8 +174,8 @@ class Keychain {
    *
    * @param {string} name - The local key name; cannot already exist.
    * @param {string} type - One of the key types; 'rsa'.
-   * @param {int} size - The key size in bits.
-    * @returns {KeyInfo}
+   * @param {int} [size] - The key size in bits. Used for rsa keys only.
+   * @returns {KeyInfo}
    */
   async createKey (name, type, size) {
     const self = this
@@ -185,17 +188,13 @@ class Keychain {
       return throwDelayed(errcode(new Error(`Invalid key type '${type}'`), 'ERR_INVALID_KEY_TYPE'))
     }
 
-    if (!Number.isSafeInteger(size)) {
-      return throwDelayed(errcode(new Error(`Invalid key size '${size}'`), 'ERR_INVALID_KEY_SIZE'))
-    }
-
     const dsname = DsName(name)
     const exists = await self.store.has(dsname)
     if (exists) return throwDelayed(errcode(new Error(`Key '${name}' already exists`), 'ERR_KEY_ALREADY_EXISTS'))
 
     switch (type.toLowerCase()) {
       case 'rsa':
-        if (size < 2048) {
+        if (!Number.isSafeInteger(size) || size < 2048) {
           return throwDelayed(errcode(new Error(`Invalid RSA key size ${size}`), 'ERR_INVALID_KEY_SIZE'))
         }
         break

src/ping/index.js

@@ -15,11 +15,11 @@ const { PROTOCOL, PING_LENGTH } = require('./constants')
 /**
  * Ping a given peer and wait for its response, getting the operation latency.
  * @param {Libp2p} node
- * @param {PeerId} peer
+ * @param {PeerId|multiaddr} peer
  * @returns {Promise<Number>}
  */
 async function ping (node, peer) {
-  log('dialing %s to %s', PROTOCOL, peer.toB58String())
+  log('dialing %s to %s', PROTOCOL, peer.toB58String ? peer.toB58String() : peer)
 
   const { stream } = await node.dialProtocol(peer, PROTOCOL)
 

test/core/ping.node.js

@@ -17,7 +17,7 @@ describe('ping', () => {
 
   beforeEach(async () => {
     nodes = await peerUtils.createPeer({
-      number: 2,
+      number: 3,
       config: baseOptions
     })
 
@@ -25,7 +25,14 @@ describe('ping', () => {
     nodes[1].peerStore.addressBook.set(nodes[0].peerId, nodes[0].multiaddrs)
   })
 
-  it('ping once from peer0 to peer1', async () => {
+  it('ping once from peer0 to peer1 using a multiaddr', async () => {
+    const ma = `${nodes[2].multiaddrs[0]}/p2p/${nodes[2].peerId.toB58String()}`
+    const latency = await nodes[0].ping(ma)
+
+    expect(latency).to.be.a('Number')
+  })
+
+  it('ping once from peer0 to peer1 using a peerId', async () => {
     const latency = await nodes[0].ping(nodes[1].peerId)
 
     expect(latency).to.be.a('Number')

test/identify/index.spec.js

@@ -19,6 +19,7 @@ const { IdentifyService, multicodecs } = require('../../src/identify')
 const Peers = require('../fixtures/peers')
 const Libp2p = require('../../src')
 const baseOptions = require('../utils/base-options.browser')
+const pkg = require('../../package.json')
 
 const { MULTIADDRS_WEBSOCKETS } = require('../fixtures/browser')
 const remoteAddr = MULTIADDRS_WEBSOCKETS[0]
@@ -53,6 +54,9 @@ describe('Identify', () => {
           },
           protoBook: {
             set: () => { }
+          },
+          metadataBook: {
+            set: () => { }
           }
         },
         multiaddrs: []
@@ -77,6 +81,7 @@ describe('Identify', () => {
 
     sinon.spy(localIdentify.peerStore.addressBook, 'set')
     sinon.spy(localIdentify.peerStore.protoBook, 'set')
+    sinon.spy(localIdentify.peerStore.metadataBook, 'set')
 
     // Run identify
     await Promise.all([
@@ -90,6 +95,12 @@ describe('Identify', () => {
 
     expect(localIdentify.peerStore.addressBook.set.callCount).to.equal(1)
     expect(localIdentify.peerStore.protoBook.set.callCount).to.equal(1)
+
+    const metadataArgs = localIdentify.peerStore.metadataBook.set.firstCall.args
+    expect(metadataArgs[0].id.bytes).to.equal(remotePeer.bytes)
+    expect(metadataArgs[1]).to.equal('AgentVersion')
+    expect(metadataArgs[2].toString()).to.equal(`js-libp2p/${pkg.version}`)
+
     // Validate the remote peer gets updated in the peer store
     const call = localIdentify.peerStore.addressBook.set.firstCall
     expect(call.args[0].id.bytes).to.equal(remotePeer.bytes)

test/keychain/keychain.spec.js

@@ -2,10 +2,8 @@
 /* eslint-env mocha */
 'use strict'
 
-const chai = require('chai')
-const { expect } = chai
+const { chai, expect } = require('aegir/utils/chai')
 const fail = expect.fail
-chai.use(require('dirty-chai'))
 chai.use(require('chai-string'))
 
 const peerUtils = require('../utils/creators/peer')
@@ -40,8 +38,8 @@ describe('keychain', () => {
     emptyKeystore = new Keychain(datastore1, { passPhrase: passPhrase })
   })
 
-  it('needs a pass phrase to encrypt a key', () => {
-    expect(() => new Keychain(datastore2)).to.throw()
+  it('can start without a password', () => {
+    expect(() => new Keychain(datastore2)).to.not.throw()
   })
 
   it('needs a NIST SP 800-132 non-weak pass phrase', () => {
@@ -56,12 +54,48 @@ describe('keychain', () => {
     expect(Keychain.options).to.exist()
   })
 
-  it('needs a supported hashing alorithm', () => {
+  it('supports supported hashing alorithms', () => {
     const ok = new Keychain(datastore2, { passPhrase: passPhrase, dek: { hash: 'sha2-256' } })
     expect(ok).to.exist()
+  })
+
+  it('does not support unsupported hashing alorithms', () => {
     expect(() => new Keychain(datastore2, { passPhrase: passPhrase, dek: { hash: 'my-hash' } })).to.throw()
   })
 
+  it('can list keys without a password', async () => {
+    const keychain = new Keychain(datastore2)
+
+    expect(await keychain.listKeys()).to.have.lengthOf(0)
+  })
+
+  it('can find a key without a password', async () => {
+    const keychain = new Keychain(datastore2)
+    const keychainWithPassword = new Keychain(datastore2, { passPhrase: `hello-${Date.now()}-${Date.now()}` })
+    const id = `key-${Math.random()}`
+
+    await keychainWithPassword.createKey(id, 'rsa', 2048)
+
+    await expect(keychain.findKeyById(id)).to.eventually.be.ok()
+  })
+
+  it('can remove a key without a password', async () => {
+    const keychainWithoutPassword = new Keychain(datastore2)
+    const keychainWithPassword = new Keychain(datastore2, { passPhrase: `hello-${Date.now()}-${Date.now()}` })
+    const name = `key-${Math.random()}`
+
+    expect(await keychainWithPassword.createKey(name, 'rsa', 2048)).to.have.property('name', name)
+    expect(await keychainWithoutPassword.findKeyByName(name)).to.have.property('name', name)
+    await keychainWithoutPassword.removeKey(name)
+    await expect(keychainWithoutPassword.findKeyByName(name)).to.be.rejectedWith(/does not exist/)
+  })
+
+  it('requires a key to create a password', async () => {
+    const keychain = new Keychain(datastore2)
+
+    await expect(keychain.createKey('derp')).to.be.rejected()
+  })
+
   it('can generate options', () => {
     const options = Keychain.generateOptions()
     options.passPhrase = passPhrase
@@ -149,6 +183,70 @@ describe('keychain', () => {
     })
   })
 
+  describe('ed25519 keys', () => {
+    const keyName = 'my custom key'
+    it('can be an ed25519 key', async () => {
+      const keyInfo = await ks.createKey(keyName, 'ed25519')
+      expect(keyInfo).to.exist()
+      expect(keyInfo).to.have.property('name', keyName)
+      expect(keyInfo).to.have.property('id')
+    })
+
+    it('does not overwrite existing key', async () => {
+      const err = await ks.createKey(keyName, 'ed25519').then(fail, err => err)
+      expect(err).to.have.property('code', 'ERR_KEY_ALREADY_EXISTS')
+    })
+
+    it('can export/import a key', async () => {
+      const keyName = 'a new key'
+      const password = 'my sneaky password'
+      const keyInfo = await ks.createKey(keyName, 'ed25519')
+      const exportedKey = await ks.exportKey(keyName, password)
+      // remove it so we can import it
+      await ks.removeKey(keyName)
+      const importedKey = await ks.importKey(keyName, exportedKey, password)
+      expect(importedKey.id).to.eql(keyInfo.id)
+    })
+
+    it('cannot create the "self" key', async () => {
+      const err = await ks.createKey('self', 'ed25519').then(fail, err => err)
+      expect(err).to.exist()
+      expect(err).to.have.property('code', 'ERR_INVALID_KEY_NAME')
+    })
+  })
+
+  describe('secp256k1 keys', () => {
+    const keyName = 'my secp256k1 key'
+    it('can be an secp256k1 key', async () => {
+      const keyInfo = await ks.createKey(keyName, 'secp256k1')
+      expect(keyInfo).to.exist()
+      expect(keyInfo).to.have.property('name', keyName)
+      expect(keyInfo).to.have.property('id')
+    })
+
+    it('does not overwrite existing key', async () => {
+      const err = await ks.createKey(keyName, 'secp256k1').then(fail, err => err)
+      expect(err).to.have.property('code', 'ERR_KEY_ALREADY_EXISTS')
+    })
+
+    it('can export/import a key', async () => {
+      const keyName = 'a new secp256k1 key'
+      const password = 'my sneaky password'
+      const keyInfo = await ks.createKey(keyName, 'secp256k1')
+      const exportedKey = await ks.exportKey(keyName, password)
+      // remove it so we can import it
+      await ks.removeKey(keyName)
+      const importedKey = await ks.importKey(keyName, exportedKey, password)
+      expect(importedKey.id).to.eql(keyInfo.id)
+    })
+
+    it('cannot create the "self" key', async () => {
+      const err = await ks.createKey('self', 'secp256k1').then(fail, err => err)
+      expect(err).to.exist()
+      expect(err).to.have.property('code', 'ERR_INVALID_KEY_NAME')
+    })
+  })
+
   describe('query', () => {
     it('finds all existing keys', async () => {
       const keys = await ks.listKeys()
@@ -411,7 +509,7 @@ describe('libp2p.keychain', () => {
     throw new Error('should throw an error using the keychain if no passphrase provided')
   })
 
-  it('can be used if a passphrase is provided', async () => {
+  it('can be used when a passphrase is provided', async () => {
     const [libp2p] = await peerUtils.createPeer({
       started: false,
       config: {
@@ -428,6 +526,22 @@ describe('libp2p.keychain', () => {
     expect(kInfo).to.exist()
   })
 
+  it('does not require a keychain passphrase', async () => {
+    const [libp2p] = await peerUtils.createPeer({
+      started: false,
+      config: {
+        keychain: {
+          datastore: new MemoryDatastore()
+        }
+      }
+    })
+
+    await libp2p.loadKeychain()
+
+    const kInfo = await libp2p.keychain.createKey('keyName', 'ed25519')
+    expect(kInfo).to.exist()
+  })
+
   it('can reload keys', async () => {
     const datastore = new MemoryDatastore()
     const [libp2p] = await peerUtils.createPeer({