README
¶
Wallet Provider Go SDK
A Go SDK for wallet provider backend services, featuring WebSocket communication with Silent Network.
Table of Contents
Features
- Distributed Key Generation.
- Distributed Signature Generation.
- Ephemeral key adding and revoking: To support delegated authentication.
- Quorum Change: Handle changes dynamically the set of participants.
Overview
-
The APIs are defined in network_client.go and network_client_with_chal_resp
-
Run distributed key generation:
client, err := sdk.NewNetworkClient(config)
keygenOpts := []wp_requests.KeygenOpts{
{
T: uint8(*3),
N: uint8(*5),
SignAlg: types.SECP256k1,
},
}
cfg := sdk.NewRequestConfig(sdk.ApiV2, "request_id")
result, err := client.Keygen(cfg, keygenOpts)
- Run distributed signature generation:
cfg := sdk.NewRequestConfig(sdk.ApiV2, "request_id")
dsgMessage, err := sdk.NewSignRequestBuilder().SetRequest("txID1", *message, txType).Build()
result, err := client.Signgen(cfg, &wp_requests.SigngenOpts{
T: uint8(*3),
KeyID: types.HexToBytes(*keyID),
Message: dsgMessage,
SignAlg: types.SECP256k1,
})
Installation
- Go 1.20+
- Read access to repository
wallet-provider-go-sdk
Git access configuration
-
Use SSH to get the package, run:
git config --global url."ssh://git@github.com/":.insteadOf https://github.com/ -
Use HTTPS to get the package, setup:
git config --global credential.helper store \ echo "$GH_PAT" > ~/.git-credentials
go get github.com/silence-laboratories/wallet-provider-go-sdk
Contribute
Prerequisites
- Go 1.20+
- GNU Make
First time installation
make install-tools tidy
Before committing
make
Build the SDK
make build
Running tests
make test
# or to see the coverage report, run and open coverage.html:
make test-coverage
Examples
Running WP backend examples
- Check examples/api/README.md for more details.
cd ./examples
# run each backend separately:
go run ./api -env=wpbe1
go run ./api -env=wpbe2
Running CLI examples
- Check examples/cmd/README.md for more details.
Documentation
¶
Overview ¶
Package walletprovidergosdk provides a client SDK for interacting with the Silence Laboratories Wallet Provider Network.
This SDK simplifies the process of integrating distributed key generation (DKG) and signing capabilities into your Go applications. It handles the complex networking and cryptographic protocols required to communicate with the Wallet Provider nodes.
Overview ¶
The SDK is designed to be easy to use while providing robust security and performance. The main entry point is the NetworkClient, which manages connections and executes protocols.
Features ¶
- Distributed Key Generation (DKG): Securely generate keys distributed across multiple parties.
- Distributed Signing: Sign transactions or messages without ever reconstructing the full private key.
- Quorum Change: Handle changes dynamically the set of participants by adding or removing nodes.
Getting Started ¶
To use the SDK, first create a NetworkClientConfig with your API key and the list of network nodes. Then, instantiate a NetworkClient using NewNetworkClient.
// 1. Setup client
config := &walletprovidergosdk.NetworkClientConfig{
APIKey: "your-api-key",
NetworkNodes: []networkclient.NetworkNode{
{
Endpoint: url.URL{
Scheme: "wss",
Host: "node1.example.com",
},
Attestation: types.NoneAttest,
},
{
Endpoint: url.URL{
Scheme: "wss",
Host: "node2.example.com",
},
Attestation: types.NoneAttest,
},
},
}
client, err := walletprovidergosdk.NewNetworkClient(config)
// 2. Prepare Keygen Options
opts := []wp_requests.KeygenOpts{
{
T: 2,
N: 2,
SignAlg: types.ED25519,
},
}
// 3. Create Request Config
reqCfg := &walletprovidergosdk.RequestConfig{
// Set necessary config fields
}
// 4. Execute Keygen
result, err := client.Keygen(reqCfg, opts)
Configuration ¶
- NetworkClientConfig: Configuration for the network client, including API key and network nodes.
- RequestConfig: Configuration for individual requests, including timeouts and protocol versions.
- github.com/silence-laboratories/wallet-provider-go-sdk/networkclient/wp_requests.KeygenOpts: Parameters for distributed key generation, including threshold, number of shares, metadata, and signature algorithm.
For more detailed examples, see the examples directory or the example tests in this package.
Index ¶
- type ApiVersion
- type ChallengeResponseExchanger
- type NetworkClient
- func (ws *NetworkClient) Keygen(cfg *RequestConfig, keygenOpts []wp_requests.KeygenOpts) (string, error)
- func (ws *NetworkClient) QuorumChange(cfg *RequestConfig, quorumChangeRequest *wp_requests.QuorumChangeRequest) (string, error)
- func (ws *NetworkClient) Signgen(cfg *RequestConfig, signOpts *wp_requests.SignOpts) (string, error)
- type NetworkClientConfig
- type NetworkClientWithChalResp
- func (ws *NetworkClientWithChalResp) AddEphKey(cfg *RequestConfig, addEphKeyReq *wp_requests.AddEphKeyRequest, ...) (string, error)
- func (ws *NetworkClientWithChalResp) Keygen(cfg *RequestConfig, keygenOpts []wp_requests.KeygenOpts, ...) (string, error)
- func (ws *NetworkClientWithChalResp) RevokeEphKey(cfg *RequestConfig, revokeEphKeyReq *wp_requests.RevokeEphKeyRequest, ...) (string, error)
- func (ws *NetworkClientWithChalResp) Signgen(cfg *RequestConfig, signOpts *wp_requests.SignOpts, ...) (string, error)
- type NetworkConn
- type NodeEndpoint
- type RRLoadBalancer
- type RequestConfig
- type SignRequestBuilder
- type SignRequestType
- type Slug
- type Transaction
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ApiVersion ¶
type ApiVersion string
const ( // v1 API requires challenge-response exchange. ApiV1 ApiVersion = "v1" // v2 API works without challenge-response exchange. ApiV2 ApiVersion = "v2" )
func (ApiVersion) String ¶
func (av ApiVersion) String() string
type ChallengeResponseExchanger ¶
type ChallengeResponseExchanger interface {
Next() (string, error) // Returns (message, error)
Send(msg string) error
RequestUserSignatures(finalChallenge string) (string, error) // Returns user signatures
}
ChallengeResponseExchanger is required for ApiV1. It abstracts a bidirectional message transport used to exchange challenges from the network with the user during challenge-response flows. Implementations are responsible for sending challenges to the user and collecting their signatures over the challenge.
type NetworkClient ¶
type NetworkClient struct {
// contains filtered or unexported fields
}
NetworkClient is responsible for connecting to the network nodes and exchanging messages with them. It exposes methods to run network functions such as keygen, signgen, etc.
func NewNetworkClient ¶
func NewNetworkClient(config *NetworkClientConfig) (*NetworkClient, error)
NewNetworkClient creates a new NetworkClient instance.
- `config`: configuration options for the network client.
func (*NetworkClient) Keygen ¶
func (ws *NetworkClient) Keygen( cfg *RequestConfig, keygenOpts []wp_requests.KeygenOpts, ) (string, error)
Keygen executes distributed key generation based on the provided options.
- `cfg`: configuration options of API routes: version, request_id... - `keygenOpts`: options for keygen operation.
Returns:
- `string`: the result of keygen operation in format "key_id={...}:pk={...}:sign_alg=secp256k1"
func (*NetworkClient) QuorumChange ¶
func (ws *NetworkClient) QuorumChange( cfg *RequestConfig, quorumChangeRequest *wp_requests.QuorumChangeRequest, ) (string, error)
QuorumChange executes quorum change protocol based on the provided options.
- `cfg`: configuration options of API routes: version, request_id... - `quorumChangeRequest`: options for quorum change operation.
Returns:
- `string`: the result of quorum change operation in format "key_id={...}:pk={...}"
func (*NetworkClient) Signgen ¶
func (ws *NetworkClient) Signgen( cfg *RequestConfig, signOpts *wp_requests.SignOpts, ) (string, error)
Signgen executes signing based on the provided options.
- `cfg`: configuration options of API routes: version, request_id... - `signOpts`: options for sign operation.
Returns:
- `string`: the result of sign operation in format "sign={...}:recid=1:transaction_id={...}"
type NetworkClientConfig ¶
type NetworkClientConfig struct {
// APIKey is the API key used for authentication with the network nodes.
APIKey string
// NetworkNodes is the list of network nodes to connect to.
NetworkNodes []networkclient.NetworkNode
// SetupSK is the setup signing key used for authentication with the network nodes.
SetupSK *setup_sk.WpSigningKey
}
NetworkClientConfig holds the required configuration for the NetworkClient construction.
type NetworkClientWithChalResp ¶
type NetworkClientWithChalResp struct {
// contains filtered or unexported fields
}
NetworkClientWithChalResp is responsible for connecting to the network nodes and exchanging messages with them using the challenge-response protocol ApiV1. It exposes methods to run network functions such as keygen, signgen, adding ephemeral keys, and revoking ephemeral keys.
func NewNetworkClientWithChalResp ¶
func NewNetworkClientWithChalResp(config *NetworkClientConfig) (*NetworkClientWithChalResp, error)
NewNetworkClientWithChalResp creates a new NetworkClientWithChalResp instance.
- `config`: configuration options for the network client.
func (*NetworkClientWithChalResp) AddEphKey ¶
func (ws *NetworkClientWithChalResp) AddEphKey( cfg *RequestConfig, addEphKeyReq *wp_requests.AddEphKeyRequest, chalRespExchanger ChallengeResponseExchanger, ) (string, error)
AddEphKey handles adding an ephemeral key using the ApiV1
- `cfg`: configuration options of API routes: version, request_id... - `addEphKeyReq`: request payload for adding an ephemeral key. - `chalRespExchanger`: transport to exchange messages with the user for collecting signatures.
Returns:
- `string`: the result of the add ephemeral key operation returned by the network ("success" or error messages).
func (*NetworkClientWithChalResp) Keygen ¶
func (ws *NetworkClientWithChalResp) Keygen( cfg *RequestConfig, keygenOpts []wp_requests.KeygenOpts, chalRespExchanger ChallengeResponseExchanger, ) (string, error)
Keygen executes distributed key generation based on the provided options using ApiV1.
- `cfg`: configuration options of API routes: version, request_id... - `keygenOpts`: options for keygen operation. - `chalRespExchanger`: transport to exchange messages with the user for collecting signatures.
Returns:
- `string`: the result of keygen operation in format "key_id={...}:pk={...}:sign_alg=secp256k1"
func (*NetworkClientWithChalResp) RevokeEphKey ¶
func (ws *NetworkClientWithChalResp) RevokeEphKey( cfg *RequestConfig, revokeEphKeyReq *wp_requests.RevokeEphKeyRequest, chalRespExchanger ChallengeResponseExchanger, ) (string, error)
RevokeEphKey handles revoking an ephemeral key using the ApiV1
- `cfg`: configuration options of API routes: version, request_id... - `revokeEphKeyReq`: request payload for revoking an ephemeral key. - `chalRespExchanger`: transport to exchange messages with the user for collecting signatures.
Returns:
- `string`: the result of the revoke ephemeral key operation returned by the network ("success" or error messages).
func (*NetworkClientWithChalResp) Signgen ¶
func (ws *NetworkClientWithChalResp) Signgen( cfg *RequestConfig, signOpts *wp_requests.SignOpts, chalRespExchanger ChallengeResponseExchanger, ) (string, error)
Signgen executes signing based on the provided options using the ApiV1
- `cfg`: configuration options of API routes: version, request_id... - `signOpts`: options for sign operation. - `chalRespExchanger`: transport to exchange messages with the user for collecting signatures.
Returns:
- `string`: the result of sign operation in format "sign={...}:recid=1:transaction_id={...}"
type NetworkConn ¶
type NetworkConn struct {
// contains filtered or unexported fields
}
NetworkConn encapsulates a WebSocket connection to the Initiator node along with the API key used for authentication. It provides primitives to send requests and receive responses from/to the Initiator node.
type NodeEndpoint ¶
type RRLoadBalancer ¶
type RRLoadBalancer struct {
// contains filtered or unexported fields
}
type RequestConfig ¶
type RequestConfig struct {
// Version is the API version (current supported: "v1", "v2").
Version ApiVersion
// RequestID is a unique identifier for the request.
RequestID string
}
RequestConfig holds the configuration for a request to the wallet provider API.
func NewRequestConfig ¶
func NewRequestConfig(version ApiVersion, requestID string) *RequestConfig
type SignRequestBuilder ¶
type SignRequestBuilder struct {
// contains filtered or unexported fields
}
SignRequestBuilder constructs the canonicalized JSON request payload for DSG. The value returned by Build() should be assigned to SignOpts.Message.
func NewSignRequestBuilder ¶
func NewSignRequestBuilder() *SignRequestBuilder
NewSignRequestBuilder creates a new SignRequestBuilder.
func (*SignRequestBuilder) Build ¶
func (b *SignRequestBuilder) Build() (string, error)
Build builds and returns the Map<string, Transaction> as canonicalized JSON. Returns the canonicalized JSON of Map<string, Transaction>.
func (*SignRequestBuilder) SetRequest ¶
func (b *SignRequestBuilder) SetRequest(transactionID string, message string, requestType SignRequestType) *SignRequestBuilder
SetRequest sets the transaction ID, message, and request type for the sign request. Ensures that each transaction ID is only set once.
- transactionID: The transaction ID.
- message: The message to be signed.
- requestType: The type of the sign request. See SignRequestType.
Returns the builder instance to allow chaining.
type SignRequestType ¶
type SignRequestType string
SignRequestType represents the type of signing transaction. For eddsa it is REQUIRED to encode the message in hex.
const ( SignRequestTypeAccountAbstractionTx SignRequestType = "accountAbstractionTx" SignRequestTypeEIP712 SignRequestType = "EIP712" SignRequestTypeEIP191 SignRequestType = "EIP191" SignRequestTypeRawBytes SignRequestType = "rawBytes" SignRequestTypeEDDSA SignRequestType = "eddsa" )
func (SignRequestType) String ¶
func (srt SignRequestType) String() string
type Transaction ¶
type Transaction struct {
SigningMessage string `json:"signingMessage"`
RequestType SignRequestType `json:"requestType"`
}
Transaction represents a single signing transaction descriptor.
Source Files
Directories