Vault Raw Signing Overview
Overview
Raw Signing presents inherent security risks, as it involves signing transactions without contextual validation. However, with great power comes great responsibility. This document outlines best practices to ensure the secure and effective use of the raw signing feature.
Consequently, Raw Signing is considered a specialized feature, not included by default in your workspace, and is only accessible upon request for specific use cases. If you're interested in this feature and want to see if your use case is eligible for it, please contact your Technical Account Manager (TAM).
Raw Signing is a very powerful feature to be used within the Vault. As the Web3 world continues to rapidly evolve, LES provides an option to sign digests using the Vault infrastructure in order to support chains and actions that the Vault does not natively support.
Use Cases
When you want to sign a transaction or a digest on a blockchain that the Vault does not currently support.
When you want to perform an action that we don’t currently support (for example staking on a protocol where we don’t support staking) on a blockchain we do actively support.
When you want to prove messages on-chain (that are not supported by our Proof of Reserver feature with Message Signing).
How to enable Raw Signing ?
By default, Raw Signing is not available on your workspace. Contact your Technical Account Manager (TAM) Customer Success team to enable Raw Signing.
Raw Signing Example
Creating a request
First, let’s look at the schema for this request:
The request is built as follows:
Add digests_data
Within this object, add account_name and digests
DigestToSign
digest
string
A HexString digests. For currencies that use secp256K1, string must be 32 bytes long
derivation_path
string
Approving a request
How to retrieve the Account Public Key ?
As a first iteration, you cannot directly get the account address or Public Key (pub_key) from a HSM-secured channel.
Instead you need to sign a first message from the account: As a first iteration, you cannot directly get the account address or Public Key (pub_key) from a HSM-secured channel. Instead you need to sign a first message from the account:
Sign any message using the Raw Signing Request (it can be message signing)
Get the Digest via GET /digests/:id to retrieve the pub_key in the payload
You can derive addresses from the pub key
Last updated