wshbair / hsm2eth Goto Github PK
View Code? Open in Web Editor NEWHSM-based Ethereum Key Management Soltuion
License: Apache License 2.0
HSM-based Ethereum Key Management Soltuion
License: Apache License 2.0
the code only shows generate key pairs, is there any way to get the key from HSM.
getting error Segmentation fault when invoking sign.once(msgHash)
Hi @wshbair, thank you for publishing this, your code has helped me a lot implementing AWS KMS based Ethereum signing. I really appreciate it. ๐
After days of messing with the ASN1 encoding and identifying the right r,s,v values to get on the "good" side of the curve, it's finally working.
Question for you, don't you need to sign the final Tx Object?
On line 52 of your script, you're signing the EthAddress of your account.
Lines 51 to 52 in 94292e7
On lines 106 and 107, you're not signing the transaction object itself. You're still using the r
and s
values from the original signature that was generated by signing the eth address.
Lines 96 to 109 in 94292e7
I'm doing the same thing in my script but the transaction won't go through if I'm not signing the actual transaction object again, i.e. if I'm using the initial values of r
and s
the transaction will fail. That's why I'm signing the actual transaction object again (see code below, you can see 2 signatures being generated).
let ethAddrHash = ethutil.keccak(Buffer.from(ethAddr));
// signing the 1st time
// we're signing the hash of our ethereum address
let sig = await findEthereumSig(ethAddrHash);
let recoveredPubAddr = findRightKey(ethAddrHash, sig.r, sig.s, ethAddr);
const txParams: TxData = {
nonce: await web3.eth.getTransactionCount(ethAddr),
gasPrice: '0x0918400000',
gasLimit: 160000,
to: '0x0000000000000000000000000000000000000000',
value: '0x00',
data: '0x00',
r: sig.r.toBuffer(), // using r from the first signature
s: sig.s.toBuffer(), // using s from the first signature
v: recoveredPubAddr.v
}
console.log(txParams);
const tx = new Transaction(txParams, {
chain: 'kovan',
});
// signing the 2nd time
// this time we're signing the hash of the actual transaction
let txHash = tx.hash(false);
sig = await findEthereumSig(txHash);
recoveredPubAddr = findRightKey(txHash, sig.r, sig.s, ethAddr);
tx.r = sig.r.toBuffer(); // replacing r based on 2nd sig
tx.s = sig.s.toBuffer(); // replacing s based on 2nd sig
tx.v = new BN(recoveredPubAddr.v).toBuffer();
console.log(tx.getSenderAddress().toString('hex'));
// Send signed tx to ethereum network
const serializedTx = tx.serialize().toString('hex');
web3.eth.sendSignedTransaction('0x' + serializedTx)
I was wondering if you have found a way to avoid the second signature. Since building the sig is a tedious process, I'd like to run it only once.
One more thing, if you want to avoid the while
loop, you can use the inverted value of s
to be on the good side of the curve. (I used BN instead of BigNumber) Code:
let secp256k1N = new BN("fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", 16); // max value on the curve
let secp256k1halfN = secp256k1N.div(new BN(2)); // half of the curve
// Because of EIP-2 not all elliptic curve signatures are accepted
// the value of s needs to be SMALLER than half of the curve
// i.e. we need to flip s if it's greater than half of the curve
if (s.gt(secp256k1halfN)) {
console.log("s is on the wrong side of the curve... flipping - tempsig: " + tempsig + " length: " + tempsig.length);
// According to EIP2 https://github.com/ethereum/EIPs/blob/master/EIPS/eip-2.md
// if s < half the curve we need to invert it
// s = curve.n - s
s = secp256k1N.sub(s);
console.log("new s: " + s.toString(10));
return { r, s }
}
// if s is less than half of the curve, we're on the "good" side of the curve, we can just return
return { r, s }
Thanks again for your code. It was fun implementing this based on your flow.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.