Cartouche.Signer.CloudKMS (Cartouche v0.5.0)

Copy Markdown View Source

Signer backend that signs with a Google Cloud KMS secp256k1 key.

Implements Cartouche.Signer.Backend — its config is the {credentials, project, location, keychain, key, version} key-coordinate tuple. Cartouche.Signer.Backend.sign_payload/2 sends the 32-byte digest to KMS directly (no internal keccak); sign/7 is a back-compat wrapper that keccaks a raw message first.

Summary

Types

Cloud KMS key coordinates: {credentials, project, location, keychain, key, version}.

Functions

Get the Ethereum address associated with the given KMS key version.

Get the uncompressed secp256k1 public key for the given KMS key version.

Signs a raw message via KMS, keccak-digesting it first.

Signs the 32-byte digest it is handed directly via KMS — the pure-payload contract. Performs no hashing; the caller owns digest computation.

Types

config()

@type config() :: {term(), String.t(), String.t(), String.t(), String.t(), String.t()}

Cloud KMS key coordinates: {credentials, project, location, keychain, key, version}.

Functions

get_address(cred, project, location, keychain, key, version)

@spec get_address(term(), String.t(), String.t(), String.t(), String.t(), String.t()) ::
  {:ok, binary()} | {:error, term()}

Get the Ethereum address associated with the given KMS key version.

Examples

iex> {:ok, address} = Cartouche.Signer.CloudKMS.get_address("token", "project", "location", "keychain", "key", "version")
iex> Cartouche.Hex.to_hex(address)
"0xdda641b2a76a4a7c3617815bb13281dd207b74d5"

public_key(arg)

@spec public_key(config()) :: {:ok, binary()} | {:error, term()}

Get the uncompressed secp256k1 public key for the given KMS key version.

sign(message, cred, project, location, keychain, key, version)

@spec sign(
  String.t(),
  term(),
  String.t(),
  String.t(),
  String.t(),
  String.t(),
  String.t()
) ::
  {:ok, Curvy.Signature.t()} | {:error, term()}

Signs a raw message via KMS, keccak-digesting it first.

Back-compat convenience over sign_payload/2.

Examples

iex> use Cartouche.Hex
iex> {:ok, sig} = Cartouche.Signer.CloudKMS.sign("test", "token", "project", "location", "keychain", "key", "version")
iex> {:ok, recid} = Cartouche.Recover.find_recid("test", sig, ~h[0xDDA641B2A76A4A7C3617815BB13281DD207B74D5])
iex> Cartouche.Recover.recover_eth("test", %{sig|recid: recid}) |> Hex.to_address()
"0xDDa641B2A76a4A7c3617815bb13281DD207b74d5"

sign_payload(digest, arg)

@spec sign_payload(binary(), config()) ::
  {:ok, Curvy.Signature.t()} | {:error, term()}

Signs the 32-byte digest it is handed directly via KMS — the pure-payload contract. Performs no hashing; the caller owns digest computation.