Ed25519 signing backend using Google Cloud KMS.
GCP KMS supports Ed25519 signing (algorithm EC_SIGN_ED25519) since
April 2024. This is the Solana equivalent of Cartouche.Signer.CloudKMS
for Ethereum.
Key differences from the Ethereum KMS signer:
- Uses
datafield (raw bytes) instead ofdigest.sha256(pre-hashed) - PEM contains Ed25519 SubjectPublicKeyInfo (RFC 8410), not an EC point
- Signature is raw 64 bytes, not DER-encoded
Implements Cartouche.Signer.Backend — its config is the
{credentials, project, location, keychain, key, version} key-coordinate
tuple. Ed25519 signs raw message bytes, so
Cartouche.Signer.Backend.sign_payload/2 is the raw-message signer.
Summary
Functions
Alias for public_key/1 (arg-spread form) — on Solana the public key is the
address.
Get the Ed25519 public key (32 bytes) from a KMS key version.
Back-compat alias for sign_payload/2 (arg-spread form).
Sign raw message bytes via a KMS Ed25519 key — the pure-payload contract.
Types
Functions
@spec get_address(term(), String.t(), String.t(), String.t(), String.t(), String.t()) :: {:ok, <<_::256>>} | {:error, term()}
Alias for public_key/1 (arg-spread form) — on Solana the public key is the
address.
Get the Ed25519 public key (32 bytes) from a KMS key version.
For Solana the public key is the address, so get_address/6 is an alias.
@spec sign( binary(), term(), String.t(), String.t(), String.t(), String.t(), String.t() ) :: {:ok, <<_::512>>} | {:error, term()}
Back-compat alias for sign_payload/2 (arg-spread form).
Sign raw message bytes via a KMS Ed25519 key — the pure-payload contract.
Ed25519 signs raw message bytes (no external hashing). The message is
sent to KMS via the data field (not digest).
Returns {:ok, signature} where signature is exactly 64 bytes.