signer

package

v0.2.2 Latest Latest Go to latest Published: May 8, 2026 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/strahe/synapse-go

Links

Open Source Insights

Documentation ¶

Overview ¶

Package signer provides signing abstractions for Filecoin and Ethereum transactions.

This is a leaf package. It defines the Signer and EVMSigner interfaces and provides concrete implementations:

Secp256k1Signer: dual-protocol signer using a single secp256k1 key for both Filecoin (blake2b) and Ethereum (keccak256) signing.
BLSSigner: Filecoin-only BLS signature support.

Consumers should accept the interface types; this package returns concrete types per Go convention.

Stability ¶

0.x phase: public API may change between minor releases.

Index ¶

Variables
func SignHash(s EVMSigner, hash []byte) ([]byte, error)
type BLSSigner
- func NewBLSSigner(raw []byte) (*BLSSigner, error)
- func (s *BLSSigner) FilecoinAddress() address.Address
- func (s *BLSSigner) Sign(msg []byte) (*crypto.Signature, error)
type EVMSigner
- func AsEVM(s Signer) (EVMSigner, bool)
type Secp256k1Signer
- func NewSecp256k1Signer(key *ecdsa.PrivateKey) (*Secp256k1Signer, error)
- func NewSecp256k1SignerFromBytes(raw []byte) (*Secp256k1Signer, error)
type Signer
- func FromLotusExport(exported string) (Signer, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrUnsupportedSigner = errors.New("signer: raw hash signing not supported by this signer")

ErrUnsupportedSigner is returned when an EVMSigner does not implement raw 32-byte hash signing. Only secp256k1-backed signers do.

Note: Wrappers, decorators, or any type that does not directly implement the internal hashSigner interface are also unsupported. This boundary is intentional and enforced.

Functions ¶

func SignHash ¶

func SignHash(s EVMSigner, hash []byte) ([]byte, error)

SignHash signs a pre-computed 32-byte hash using the underlying secp256k1 key, returning a 65-byte R‖S‖V signature. It is intended for internal SDK use (EIP-712 typed-data signing); user code should prefer Sign or one of the higher-level APIs that domain-separate the message.

Returns ErrUnsupportedSigner if s does not back its key with secp256k1, or if s is a wrapper/decorator that does not directly implement hashSigner.

Types ¶

type BLSSigner ¶

type BLSSigner struct {
	// contains filtered or unexported fields
}

BLSSigner implements Signer backed by a BLS12-381 private key. BLS keys can only sign Filecoin messages; EVM operations are not supported.

func NewBLSSigner ¶

func NewBLSSigner(raw []byte) (*BLSSigner, error)

NewBLSSigner creates a Filecoin-only signer from raw BLS secret key bytes in big-endian order (the native blst serialization format, as produced by blst.SecretKey.Serialize). For Lotus-exported keys (little-endian), use FromLotusExport which handles the byte-order conversion automatically.

func (*BLSSigner) FilecoinAddress ¶

func (s *BLSSigner) FilecoinAddress() address.Address

FilecoinAddress returns the Filecoin BLS protocol address.

func (*BLSSigner) Sign ¶

func (s *BLSSigner) Sign(msg []byte) (*crypto.Signature, error)

Sign produces a BLS signature over the raw message bytes. Unlike secp256k1, BLS signing does not pre-hash the message.

type EVMSigner ¶

type EVMSigner interface {
	Signer

	// EVMAddress returns the Ethereum address derived from this key.
	EVMAddress() common.Address

	// Transactor returns go-ethereum TransactOpts bound to the given chain ID.
	Transactor(chainID *big.Int) (*bind.TransactOpts, error)
}

EVMSigner extends Signer with Ethereum/FEVM transaction signing. Only secp256k1 keys support this.

func AsEVM ¶

func AsEVM(s Signer) (EVMSigner, bool)

AsEVM checks whether a Signer can also sign EVM transactions. Returns nil, false for key types that don't support EVM (e.g., BLS).

type Secp256k1Signer ¶

type Secp256k1Signer struct {
	// contains filtered or unexported fields
}

Secp256k1Signer implements EVMSigner backed by a secp256k1 private key. It can sign both Filecoin messages (blake2b hash) and Ethereum/FEVM transactions (keccak256 hash) from a single key.

Private-key lifecycle is the caller's responsibility: the SDK does not provide an in-place wipe primitive. To bound the in-memory exposure of the key, hold the signer for as short a lifetime as the workload allows and let it be garbage-collected.

func NewSecp256k1Signer ¶

func NewSecp256k1Signer(key *ecdsa.PrivateKey) (*Secp256k1Signer, error)

NewSecp256k1Signer creates a dual-protocol signer from a go-ethereum ECDSA private key. The key is deep-copied so the signer owns an independent copy; the caller may safely zero or mutate the original.

func NewSecp256k1SignerFromBytes ¶

func NewSecp256k1SignerFromBytes(raw []byte) (*Secp256k1Signer, error)

NewSecp256k1SignerFromBytes creates a dual-protocol signer from a raw 32-byte private key scalar. Shorter inputs are left-padded to 32 bytes to handle big.Int.Bytes() output that may drop leading zeros.

func (*Secp256k1Signer) EVMAddress ¶

func (s *Secp256k1Signer) EVMAddress() common.Address

EVMAddress returns the Ethereum address derived from the public key.

func (*Secp256k1Signer) FilecoinAddress ¶

func (s *Secp256k1Signer) FilecoinAddress() address.Address

FilecoinAddress returns the Filecoin secp256k1 protocol address.

func (*Secp256k1Signer) Sign ¶

func (s *Secp256k1Signer) Sign(msg []byte) (*crypto.Signature, error)

Sign produces a Filecoin-native secp256k1 signature. The message is hashed with blake2b-256 before signing, and the result is in R|S|V format (65 bytes).

func (*Secp256k1Signer) SignHash ¶

func (s *Secp256k1Signer) SignHash(hash []byte) ([]byte, error)

SignHash signs a pre-computed 32-byte hash using the secp256k1 key. Returns 65-byte R‖S‖V signature.

This method is intentionally not part of the EVMSigner interface: raw hash signing bypasses domain separation and is reserved for internal SDK use. Callers outside of internal packages should use the helper SignHash (which performs an interface-assertion) or one of the higher-level signing APIs.

func (*Secp256k1Signer) Transactor ¶

func (s *Secp256k1Signer) Transactor(chainID *big.Int) (*bind.TransactOpts, error)

Transactor returns bind.TransactOpts for signing Ethereum/FEVM transactions on the given chain. The returned opts embed their own key copy so they remain valid for the lifetime of the opts independent of the signer.

type Signer ¶

type Signer interface {
	// FilecoinAddress returns the Filecoin protocol address for this key.
	FilecoinAddress() address.Address

	// Sign produces a Filecoin-native signature over msg.
	Sign(msg []byte) (*crypto.Signature, error)
}

Signer signs native Filecoin messages. Every key type implements this.

func FromLotusExport ¶

func FromLotusExport(exported string) (Signer, error)

FromLotusExport creates a Signer from a Lotus wallet export string. The export format is a hex-encoded JSON object with Type and PrivateKey fields, as produced by `lotus wallet export`.

BLS private keys from Lotus are little-endian (filecoin-ffi convention), while blst expects big-endian. This function handles the byte-order conversion automatically.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL