View Source Signet.Solana.Signer.CloudKMS (Signet v1.6.0)

Ed25519 signing backend using Google Cloud KMS.

GCP KMS supports Ed25519 signing (algorithm EC_SIGN_ED25519) since April 2024. This is the Solana equivalent of Signet.Signer.CloudKMS for Ethereum.

Key differences from the Ethereum KMS signer:

  • Uses data field (raw bytes) instead of digest.sha256 (pre-hashed)
  • PEM contains Ed25519 SubjectPublicKeyInfo (RFC 8410), not an EC point
  • Signature is raw 64 bytes, not DER-encoded

Requires the google_api_cloud_kms optional dependency.

Summary

Functions

get_address(cred, project, location, keychain, key, version)

Get the Ed25519 public key (32 bytes) from a KMS key version.

sign(message, cred, project, location, keychain, key, version)

Sign message bytes using a KMS Ed25519 key.

Functions

Link to this function

get_address(cred, project, location, keychain, key, version)

View Source 
@spec get_address(term(), String.t(), String.t(), String.t(), String.t(), String.t()) ::
  {:ok, <<_::256>>} | {:error, term()}

Get the Ed25519 public key (32 bytes) from a KMS key version.

Link to this function

sign(message, cred, project, location, keychain, key, version)

View Source 
@spec sign(
  binary(),
  term(),
  String.t(),
  String.t(),
  String.t(),
  String.t(),
  String.t()
) ::
  {:ok, <<_::512>>} | {:error, term()}

Sign message bytes using a KMS Ed25519 key.

Ed25519 signs raw message bytes (no external hashing). The message is sent to KMS via the data field (not digest).

Returns {:ok, signature} where signature is exactly 64 bytes.