signer

package
v0.0.50 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 17, 2023 License: MIT Imports: 7 Imported by: 17

README

Ethereum Transaction Signer

This Go library provides support for signing Ethereum transactions using three different signers: AwsSigner, GcpSigner, and LocalSigner.

Local Signer

The LocalSigner is an option for signing transactions on a single machine. It requires the user to provide their private key, which is stored unencrypted in memory and used to sign the transactions. While this approach is straightforward to set up and use, it is not suitable for production environments.

In a multi-user environment, it is important to secure private keys. The use of an Hardware Security Module (HSM) is a good idea for storing the private keys of the secp256k1 curve, which is used in the Ethereum blockchain. An HSM provides an extra layer of security by storing the private keys in a physically secure device and limiting access to the keys through strict authentication methods.

AWS Signer

The AwsSigner leverages Amazon Web Services' (AWS) authentication methods to sign transactions. This signer is ideal for use in an AWS cloud environment and allows for efficient scaling and management of the signing process. However, it is important for the user to check that their AWS Identity and Access Management (IAM) permissions are secure before using this signer.

GCP Signer

The GcpSigner leverages Google Cloud Platform's (GCP) authentication methods to sign transactions. This signer is ideal for use in a GCP cloud environment and allows for efficient scaling and management of the signing process. However, it is important for the user to check that their Google Cloud Identity and Access Management (IAM) permissions are secure before using this signer.

Authorization & Authentication

The recommended approach for signing transactions in a production kubernetes cluster is through workload identity federation, which offers a completely keyless solution. Unlike JSON-based service accounts or Hashicorp Vault, there is no need to store or manage private keys with this method.

Workload identity federation leverages the built-in security features of the kubernetes cluster, such as OpenID Connect (OIDC) or Identity and Access Management (IAM), to authenticate the signer without the use of private keys. This eliminates the risk of key theft or unauthorized access, and makes the signing process more secure.

Additionally, workload identity federation is fully integrated with kubernetes, making it easier to manage and maintain in a production environment. It also eliminates the need for additional infrastructure, as opposed to Hashicorp Vault, which requires setup and maintenance.

Documentation

Overview

Package signer provides a common interface for signing

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Encode

func Encode(sg Signature) []byte

Encode encodes a signature.

func IsEqual added in v0.0.37

func IsEqual(sig1, sig2 Signature) bool

IsEqual checks if two signatures are equal.

Types

type Signature

type Signature interface {
	V() *big.Int
	R() *big.Int
	S() *big.Int
}

Signature is an ecdsa signature interface.

func DecodeSignature added in v0.0.37

func DecodeSignature(sig []byte) Signature

DecodeSignature decodes a signature.

func NewSignature

func NewSignature(v, r, s *big.Int) Signature

NewSignature creates a new signature using the v, r, and s params.

type Signer

type Signer interface {
	// SignMessage signs a message
	SignMessage(ctx context.Context, message []byte, hash bool) (Signature, error)
	// GetTransactor gets the transactor for a tx manager.
	// TODO: this doesn't support pre-london txes yet
	GetTransactor(ctx context.Context, chainID *big.Int) (*bind.TransactOpts, error)
	// Address gets the address of the address of the signer
	Address() ethCommon.Address
}

Signer provides a common interface for signing/transacting.

Directories

Path Synopsis
Package awssigner contains a new signer that uses aws-kms as an hsm
Package awssigner contains a new signer that uses aws-kms as an hsm
kmsmock
Package kmsmock sets up a mock kms server that is used for testing our kms driver TODO: we should consider moving this to a common testutils/mocking folder or something internal to avoid exporting
Package kmsmock sets up a mock kms server that is used for testing our kms driver TODO: we should consider moving this to a common testutils/mocking folder or something internal to avoid exporting
kmsmock/internal
Package internal contains modules exported from local-kms in order to avoid rewriting code
Package internal contains modules exported from local-kms in order to avoid rewriting code
Package gcpsigner utilizes the Key Management Service (KMS) from the Google Cloud Platform (GCP).
Package gcpsigner utilizes the Key Management Service (KMS) from the Google Cloud Platform (GCP).
gcpmock
Package gcpmock provides a mock client for testing purposes.
Package gcpmock provides a mock client for testing purposes.
Package localsigner is a local signer
Package localsigner is a local signer

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL