README
¶
ETH-KMS
This is a small golang library for using AWS KMS as an HSM for ethereum. It wraps the AWS KMS library so that it returns eth-compatible signatures.
Usage
See the tests (which, unfortunately cannot be run without modifying the variables at the top and supplying your own AWS credentials).
package main
import (
"context"
"encoding/base64"
"fmt"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/kms"
"github.com/ethereum/go-ethereum/crypto"
ethkms "github.com/quorumcontrol/eth-kms"
)
func main() {
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
awsSession := session.Must(session.NewSession())
kmsClient := kms.New(awsSession)
s, err := ethkms.CreateKey(ctx, kmsClient)
if err != nil {
panic(err)
}
// save s.KeyID for future invocations like so:
// s := ethkms.NewSignerFromID(keyID)
digest := crypto.Keccak256([]byte("test"))
sig, err := s.Sign(ctx, digest)
if err != nil {
panic(err)
}
fmt.Printf("signature: %s", base64.StdEncoding.EncodeToString(sig))
}
Tests
I recommend using aws-vault for credential management. I run the tests like this:
aws-vault exec myProfileName -- go test .
You'll need to modify the ethkms_test.go file to reflect your own actual values.
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Signer ¶
type Signer struct {
KeyID string
// contains filtered or unexported fields
}
Signer is a wrapper around a KMS instance that supports ethereum-style signatures
func CreateKey ¶
CreateKey returns a signer with a KeyID populated, save that KeyID to reconstruct a signer using the same id. CreateKey takes care of using the correct ethereum-style algorithms, curves, etc for you.
func NewSignerFromID ¶
NewSignerFromID returns a signer pre-populated with the keyID and the kmsCli
func (*Signer) PublicKey ¶
PublicKey returns the public key from the KMS (this will result in a network request before cacheing the results)
Source Files
Directories