signer

package

v0.6.3 Latest Latest Go to latest Published: Mar 23, 2026 License: MIT Imports: 1 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/smartcontractkit/crec-sdk

Links

Open Source Insights

Documentation ¶

Overview ¶

Package signer provides signing interfaces for the CREC SDK.

This package defines the Signer interface and provides multiple implementations for different key management strategies:

github.com/smartcontractkit/crec-sdk/transact/signer/local - Local private key
github.com/smartcontractkit/crec-sdk/transact/signer/vault - HashiCorp Vault Transit
github.com/smartcontractkit/crec-sdk/transact/signer/kms - AWS KMS
github.com/smartcontractkit/crec-sdk/transact/signer/privy - Privy wallet-as-a-service
github.com/smartcontractkit/crec-sdk/transact/signer/fireblocks - Fireblocks custody

Signer Interface ¶

All signers implement the Signer interface:

type Signer interface {
    Sign(ctx context.Context, hash []byte) ([]byte, error)
}

This allows swapping between signing implementations without changing application code.

TypedDataSigner Interface ¶

Some signers also implement TypedDataSigner for EIP-712 typed data signing:

type TypedDataSigner interface {
    SignTypedData(ctx context.Context, typedData *TypedData) ([]byte, error)
}

This is useful for custody providers that need to see the full typed data structure for policy enforcement. Currently implemented by:

github.com/smartcontractkit/crec-sdk/transact/signer/fireblocks

Choosing a Signer ¶

LocalSigner is suitable for development and testing:

privateKey, _ := crypto.GenerateKey()
signer := local.NewSigner(privateKey)

TransitSigner provides enterprise-grade security with Vault:

signer, _ := vault.NewSigner(vaultURL, token, "transit", "my-key")

KMSSigner integrates with AWS infrastructure:

signer, _ := kms.NewSigner(ctx, "arn:aws:kms:...")

PrivySigner provides wallet-as-a-service for customer-facing apps:

signer, _ := privy.NewSignerFromEnv()

FireblocksSigner provides custody infrastructure:

signer, _ := fireblocks.NewSignerFromEnv()

Integration with Transact Client ¶

Use any signer with the transact client:

client, _ := crec.NewClient(baseURL, apiKey)
signature, err := client.Transact.SignOperation(operation, signer)

Production Considerations ¶

For production deployments:

Use TLS for all key management communication
Implement proper authentication (not root tokens)
Enable audit logging
Use least-privilege policies
Consider HSM integration for highest security
Implement key rotation policies

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Signer ¶

type Signer interface {
	Sign(ctx context.Context, hash []byte) ([]byte, error)
}

Signer signs pre-hashed messages (e.g., keccak256 digests)

type TypedData ¶

type TypedData struct {
	// Types contains type definitions for the structured data
	Types map[string][]TypedDataField `json:"types"`
	// PrimaryType is the primary type being signed
	PrimaryType string `json:"primaryType"`
	// Domain contains the signing domain separator parameters
	Domain TypedDataDomain `json:"domain"`
	// Message contains the structured data to be signed
	Message map[string]any `json:"message"`
}

TypedData represents EIP-712 typed structured data

type TypedDataDomain ¶

type TypedDataDomain struct {
	// Name is the user-readable name of the signing domain
	Name string `json:"name,omitempty"`
	// Version is the current major version of the signing domain
	Version string `json:"version,omitempty"`
	// ChainID is the EIP-155 chain ID
	ChainID int64 `json:"chainId,omitempty"`
	// VerifyingContract is the address of the contract that will verify the signature
	VerifyingContract string `json:"verifyingContract,omitempty"`
	// Salt is a disambiguating salt for the protocol
	Salt string `json:"salt,omitempty"`
}

TypedDataDomain contains the EIP-712 domain separator parameters for signing.

type TypedDataField ¶

type TypedDataField struct {
	Name string `json:"name"`
	Type string `json:"type"`
}

TypedDataField represents a single field in a struct type

type TypedDataSigner ¶

type TypedDataSigner interface {
	SignTypedData(ctx context.Context, typedData *TypedData) ([]byte, error)
}

TypedDataSigner signs EIP-712 typed structured data. This interface allows custody providers to see the full typed data for policy enforcement before signing.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
fireblocks Package fireblocks provides a signer.Signer implementation using Fireblocks' custody infrastructure.	Package fireblocks provides a signer.Signer implementation using Fireblocks' custody infrastructure.
kms Package kms provides a signer using AWS Key Management Service.	Package kms provides a signer using AWS Key Management Service.
mocks
local Package local provides a signer using local ECDSA private keys.	Package local provides a signer using local ECDSA private keys.
privy Package privy provides a signer using Privy's wallet-as-a-service platform.	Package privy provides a signer using Privy's wallet-as-a-service platform.
vault Package vault provides a signer using HashiCorp Vault Transit secrets engine.	Package vault provides a signer using HashiCorp Vault Transit secrets engine.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL