wshbair / hsm2eth Goto Github PK
View Code? Open in Web Editor NEWHSM-based Ethereum Key Management Soltuion
License: Apache License 2.0
hsm2eth's People
Contributors
Stargazers
Watchers
Forkers
abdelrahmanhafez mz7mz7mz7 mhishami ibndias bitcoinbrisbane powehiforce thsamranrit0193 saamimufin sakuratakahaashihsm2eth's Issues
is there any way to get private key from HSM
the code only shows generate key pairs, is there any way to get the key from HSM.
Signing txObject vs. keccak(EthAddress)
Hi @wshbair, thank you for publishing this, your code has helped me a lot implementing AWS KMS based Ethereum signing. I really appreciate it. ๐
After days of messing with the ASN1 encoding and identifying the right r,s,v values to get on the "good" side of the curve, it's finally working.
Question for you, don't you need to sign the final Tx Object?
On line 52 of your script, you're signing the EthAddress of your account.
Lines 51 to 52 in 94292e7
On lines 106 and 107, you're not signing the transaction object itself. You're still using the r and s values from the original signature that was generated by signing the eth address.
Lines 96 to 109 in 94292e7
I'm doing the same thing in my script but the transaction won't go through if I'm not signing the actual transaction object again, i.e. if I'm using the initial values of r and s the transaction will fail. That's why I'm signing the actual transaction object again (see code below, you can see 2 signatures being generated).
let ethAddrHash = ethutil.keccak(Buffer.from(ethAddr));
// signing the 1st time
// we're signing the hash of our ethereum address
let sig = await findEthereumSig(ethAddrHash);
let recoveredPubAddr = findRightKey(ethAddrHash, sig.r, sig.s, ethAddr);
const txParams: TxData = {
nonce: await web3.eth.getTransactionCount(ethAddr),
gasPrice: '0x0918400000',
gasLimit: 160000,
to: '0x0000000000000000000000000000000000000000',
value: '0x00',
data: '0x00',
r: sig.r.toBuffer(), // using r from the first signature
s: sig.s.toBuffer(), // using s from the first signature
v: recoveredPubAddr.v
}
console.log(txParams);
const tx = new Transaction(txParams, {
chain: 'kovan',
});
// signing the 2nd time
// this time we're signing the hash of the actual transaction
let txHash = tx.hash(false);
sig = await findEthereumSig(txHash);
recoveredPubAddr = findRightKey(txHash, sig.r, sig.s, ethAddr);
tx.r = sig.r.toBuffer(); // replacing r based on 2nd sig
tx.s = sig.s.toBuffer(); // replacing s based on 2nd sig
tx.v = new BN(recoveredPubAddr.v).toBuffer();
console.log(tx.getSenderAddress().toString('hex'));
// Send signed tx to ethereum network
const serializedTx = tx.serialize().toString('hex');
web3.eth.sendSignedTransaction('0x' + serializedTx)I was wondering if you have found a way to avoid the second signature. Since building the sig is a tedious process, I'd like to run it only once.
One more thing, if you want to avoid the while loop, you can use the inverted value of s to be on the good side of the curve. (I used BN instead of BigNumber) Code:
let secp256k1N = new BN("fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", 16); // max value on the curve
let secp256k1halfN = secp256k1N.div(new BN(2)); // half of the curve
// Because of EIP-2 not all elliptic curve signatures are accepted
// the value of s needs to be SMALLER than half of the curve
// i.e. we need to flip s if it's greater than half of the curve
if (s.gt(secp256k1halfN)) {
console.log("s is on the wrong side of the curve... flipping - tempsig: " + tempsig + " length: " + tempsig.length);
// According to EIP2 https://github.com/ethereum/EIPs/blob/master/EIPS/eip-2.md
// if s < half the curve we need to invert it
// s = curve.n - s
s = secp256k1N.sub(s);
console.log("new s: " + s.toString(10));
return { r, s }
}
// if s is less than half of the curve, we're on the "good" side of the curve, we can just return
return { r, s }Thanks again for your code. It was fun implementing this based on your flow.
getting Segmentation fault during signing
getting error Segmentation fault when invoking sign.once(msgHash)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.