Skip to content

siler23/tezos-hsm-signer

Repository files navigation

Tezos HSM Signer pipeline status coverage

Implement the Tezos HTTP signing interface, backed by an HSM over PKCS#11.

Usage

Install and start the signer:

go get -u github.com/siler23/tezos-hsm-signer

# Identify HSM keys and slots/labels
$ vi keys.yaml

# Launch an http signer backed by SoftHSM that can vote and 
# transfer up to 500 XTZ per day to the listed tz address
tezos-hsm-signer \
    --bind "localhost:6732" \
    --hsm-so "/usr/local/lib/softhsm/libsofthsm2.so" \
    --hsm-pin "1234" \
    --enable-voting \
    --enable-tx \
    --tx-daily-max 500 \
    --tx-whitelist-addresses "tz1...,tz2..." \
    --key-file "./keys.yaml"

Interact with the signer from tezos-client:

# Import keys to your client managed by this signer
tezos-client import secret key remote http://localhost:6732/tz...
# Sign an operation with the hsm signer
tezos-client transfer 1 from remote to remote

Development

go test ./...
go run main.go

Future Work

  • Improve request parsing
  • Validate signatures before returning
  • Finish functional testing w/ SoftHSM in Gitlab CI
  • Better testing of file and HSM locking

About

Copy of unit 410 tezos-hsm-signer at https://gitlab.com/unit410/tezos-hsm-signer/

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published