Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sign transactions with PKCS#11 #2637

Open
RNRetailer opened this issue Nov 22, 2024 · 6 comments
Open

Sign transactions with PKCS#11 #2637

RNRetailer opened this issue Nov 22, 2024 · 6 comments

Comments

@RNRetailer
Copy link

Hi,

It is possible to sign an Ethereum transaction with PKCS#11.

Here is a node implementation which I found easy to create public / private key pairs and sign transactions with:

https://github.com/suenchunhui/ethereumjs-tx-pkcs11

If you use this implementation then all sorts of HSM devices can be used instead of a Ledger.

Since Ledger can send its private key to the computer in shards, it is less secure then it was originally advertised as.

Furthermore, HSM devices are not specific to cryptocurrency, so if someone sees you carrying one they won't assume you own any cryptocurrency.

Thus, Rabby's security conscious users would benefit greatly from this feature.

Thanks,

  • Random Number Retailer LLC
@RNRetailer
Copy link
Author

Here is what you'd need from the user:

  1. Path to .so or .dll file
  2. Pin code

Then you can give them a button to generate a private / public key pair.

When generating a key pair, you would store the private key label so you can pass it to tx.signWithPKCS11

tx.getSenderAddress should give you the Ethereum address matching the private key.

@RNRetailer
Copy link
Author

RNRetailer commented Nov 22, 2024

Code for signing a tx:

const EthereumTx = require('ethereumjs-tx-pkcs11');

const txParams = {
  nonce: '0x00',
  gasPrice: '0x09184e72a000', 
  gasLimit: '0x2710',
  to: '0x0000000000000000000000000000000000000000', 
  value: '0x00', 
  data: '0x7f7465737432000000000000000000000000000000000000000000000000000000600057',
  // EIP 155 chainId - mainnet: 1, ropsten: 3
  chainId: 3
};

//PKCS parameters
const PKCSPath = "/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so";
const pin = "PIN";

const tx = new EthereumTx(txParams);

const privateKeyLabel = 'LABEL';

tx.signWithPKCS11(PKCSPath, pin, privateKeyLabel);

const isSignatureValid = tx.verifySignature();

if (!isSignatureValid){
    console.log('Failed to sign transaction.');
    process.exit(1);
}

const txHexString = tx.serialize().toString('hex');

console.log(txHexString);

@RNRetailer
Copy link
Author

RNRetailer commented Nov 22, 2024

Code for generating a new key pair:

const txParams = {
  nonce: '0x00',
  gasPrice: '0x09184e72a000', 
  gasLimit: '0x2710',
  to: '0x0000000000000000000000000000000000000000', 
  value: '0x00', 
  data: '0x7f7465737432000000000000000000000000000000000000000000000000000000600057',
  // EIP 155 chainId - mainnet: 1, ropsten: 3
  chainId: 3
};

const PKCSPath = "/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so";
const pin = "PIN";

const tx = new EthereumTx(txParams);
const keyPairLabels = tx.generatePKCS11Key(PKCSPath, pin);

console.log("Keypair labels:", keyPairLabels);

@RNRetailer
Copy link
Author

RNRetailer commented Nov 22, 2024

tx.getSenderAddress returns a Buffer which you can convert to a hex string:

senderAddress.serialize().toString('hex');

@RNRetailer
Copy link
Author

@keo
Copy link

keo commented Jan 2, 2025

👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants