Skip to content

Latest commit

 

History

History
52 lines (39 loc) · 1.32 KB

README.md

File metadata and controls

52 lines (39 loc) · 1.32 KB

Tezos HSM Signer

pipeline status coverage

Implement the Tezos HTTP signing interface, backed by an HSM over PKCS#11.

Usage

Install and start the signer:

go get -u gitlab.com/polychainlabs/tezos-hsm-signer

# Identify HSM keys and slots/labels
$ vi keys.yaml

# Launch an http signer backed by SoftHSM that can vote and 
# transfer up to 500 XTZ per day to the listed tz address
tezos-hsm-signer \
    --bind "localhost:6732" \
    --hsm-so "/usr/local/lib/softhsm/libsofthsm2.so" \
    --hsm-pin "1234" \
    --enable-voting \
    --enable-tx \
    --tx-daily-max 500 \
    --tx-whitelist-addresses "tz1...,tz2..." \
    --key-file "./keys.yaml"

Interact with the signer from tezos-client:

# Import keys to your client managed by this signer
tezos-client import secret key remote http://localhost:6732/tz...
# Sign an operation with the hsm signer
tezos-client transfer 1 from remote to remote

Development

go test ./...
go run main.go

Future Work

  • Improve request parsing
  • Validate signatures before returning
  • Finish functional testing w/ SoftHSM in Gitlab CI
  • Better testing of file and HSM locking