Ed25519 signing backend using Google Cloud KMS.
GCP KMS supports Ed25519 signing (algorithm EC_SIGN_ED25519) since
April 2024. This is the Solana equivalent of Cartouche.Signer.CloudKMS
for Ethereum.
Key differences from the Ethereum KMS signer:
- Uses
datafield (raw bytes) instead ofdigest.sha256(pre-hashed) - PEM contains Ed25519 SubjectPublicKeyInfo (RFC 8410), not an EC point
- Signature is raw 64 bytes, not DER-encoded
Requires the google_api_cloud_kms optional dependency.
Summary
Functions
Get the Ed25519 public key (32 bytes) from a KMS key version.
Sign message bytes using a KMS Ed25519 key.
Functions
@spec get_address(term(), String.t(), String.t(), String.t(), String.t(), String.t()) :: {:ok, <<_::256>>} | {:error, term()}
Get the Ed25519 public key (32 bytes) from a KMS key version.
@spec sign( binary(), term(), String.t(), String.t(), String.t(), String.t(), String.t() ) :: {:ok, <<_::512>>} | {:error, term()}
Sign message bytes using a KMS Ed25519 key.
Ed25519 signs raw message bytes (no external hashing). The message is
sent to KMS via the data field (not digest).
Returns {:ok, signature} where signature is exactly 64 bytes.