@mysten/signers 0.6.2 → 1.0.1

package/dist/ledger/index.mjs

@@ -0,0 +1,110 @@
+import { getInputObjects } from "./objects.mjs";
+import { Signer, messageWithIntent, toSerializedSignature } from "@mysten/sui/cryptography";
+import { toBase64 } from "@mysten/sui/utils";
+import { Ed25519PublicKey } from "@mysten/sui/keypairs/ed25519";
+import { Transaction } from "@mysten/sui/transactions";
+import { bcs } from "@mysten/sui/bcs";
+
+//#region src/ledger/index.ts
+/**
+* Ledger integrates with the Sui blockchain to provide signing capabilities using Ledger devices.
+*/
+var LedgerSigner = class LedgerSigner extends Signer {
+	#derivationPath;
+	#publicKey;
+	#ledgerClient;
+	#suiClient;
+	/**
+	* Creates an instance of LedgerSigner. It's expected to call the static `fromDerivationPath` method to create an instance.
+	* @example
+	* ```
+	* const signer = await LedgerSigner.fromDerivationPath(derivationPath, options);
+	* ```
+	*/
+	constructor({ publicKey, derivationPath, ledgerClient, suiClient }) {
+		super();
+		this.#publicKey = publicKey;
+		this.#derivationPath = derivationPath;
+		this.#ledgerClient = ledgerClient;
+		this.#suiClient = suiClient;
+	}
+	/**
+	* Retrieves the key scheme used by this signer.
+	*/
+	getKeyScheme() {
+		return "ED25519";
+	}
+	/**
+	* Retrieves the public key associated with this signer.
+	* @returns The Ed25519PublicKey instance.
+	*/
+	getPublicKey() {
+		return this.#publicKey;
+	}
+	/**
+	* Signs the provided transaction bytes.
+	* @returns The signed transaction bytes and signature.
+	*/
+	async signTransaction(bytes, bcsObjects, resolution) {
+		const transactionOptions = bcsObjects ? { bcsObjects } : await getInputObjects(Transaction.from(bytes), this.#suiClient).catch(() => ({ bcsObjects: [] }));
+		const intentMessage = messageWithIntent("TransactionData", bytes);
+		const { signature } = await this.#ledgerClient.signTransaction(this.#derivationPath, intentMessage, transactionOptions, resolution);
+		return {
+			bytes: toBase64(bytes),
+			signature: toSerializedSignature({
+				signature,
+				signatureScheme: this.getKeyScheme(),
+				publicKey: this.#publicKey
+			})
+		};
+	}
+	/**
+	* Signs the provided personal message.
+	* @returns The signed message bytes and signature.
+	*/
+	async signPersonalMessage(bytes) {
+		const intentMessage = messageWithIntent("PersonalMessage", bcs.byteVector().serialize(bytes).toBytes());
+		const { signature } = await this.#ledgerClient.signTransaction(this.#derivationPath, intentMessage);
+		return {
+			bytes: toBase64(bytes),
+			signature: toSerializedSignature({
+				signature,
+				signatureScheme: this.getKeyScheme(),
+				publicKey: this.#publicKey
+			})
+		};
+	}
+	/**
+	* Prepares the signer by fetching and setting the public key from a Ledger device.
+	* It is recommended to initialize an `LedgerSigner` instance using this function.
+	* @returns A promise that resolves once a `LedgerSigner` instance is prepared (public key is set).
+	*/
+	static async fromDerivationPath(derivationPath, ledgerClient, suiClient) {
+		const { publicKey } = await ledgerClient.getPublicKey(derivationPath);
+		if (!publicKey) throw new Error("Failed to get public key from Ledger.");
+		return new LedgerSigner({
+			derivationPath,
+			publicKey: new Ed25519PublicKey(publicKey),
+			ledgerClient,
+			suiClient
+		});
+	}
+	/**
+	* Generic signing is not supported by Ledger.
+	* @throws Always throws an error indicating generic signing is unsupported.
+	*/
+	sign() {
+		throw new Error("Ledger Signer does not support generic signing.");
+	}
+	/**
+	* Generic signing is not supported by Ledger.
+	* @throws Always throws an error indicating generic signing is unsupported.
+	*/
+	signWithIntent() {
+		throw new Error("Ledger Signer does not support generic signing.");
+	}
+};
+
+//#endregion
+export { LedgerSigner, getInputObjects };
+//# sourceMappingURL=index.mjs.map

package/dist/ledger/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","names":["#publicKey","#derivationPath","#ledgerClient","#suiClient"],"sources":["../../src/ledger/index.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type SuiLedgerClient from '@mysten/ledgerjs-hw-app-sui';\nimport type { ClientWithCoreApi } from '@mysten/sui/client';\nimport type { SignatureWithBytes } from '@mysten/sui/cryptography';\nimport { messageWithIntent, Signer, toSerializedSignature } from '@mysten/sui/cryptography';\nimport { Ed25519PublicKey } from '@mysten/sui/keypairs/ed25519';\nimport { Transaction } from '@mysten/sui/transactions';\nimport { toBase64 } from '@mysten/sui/utils';\n\nimport { bcs } from '@mysten/sui/bcs';\nimport { getInputObjects } from './objects.js';\nimport type { Resolution } from '@mysten/ledgerjs-hw-app-sui';\n\nexport { getInputObjects } from './objects.js';\n\n/**\n * Configuration options for initializing the LedgerSigner.\n */\nexport interface LedgerSignerOptions {\n\tpublicKey: Ed25519PublicKey;\n\tderivationPath: string;\n\tledgerClient: SuiLedgerClient;\n\tsuiClient: ClientWithCoreApi;\n}\n\n/**\n * Ledger integrates with the Sui blockchain to provide signing capabilities using Ledger devices.\n */\nexport class LedgerSigner extends Signer {\n\t#derivationPath: string;\n\t#publicKey: Ed25519PublicKey;\n\t#ledgerClient: SuiLedgerClient;\n\t#suiClient: ClientWithCoreApi;\n\n\t/**\n\t * Creates an instance of LedgerSigner. It's expected to call the static `fromDerivationPath` method to create an instance.\n\t * @example\n\t * ```\n\t * const signer = await LedgerSigner.fromDerivationPath(derivationPath, options);\n\t * ```\n\t */\n\tconstructor({ publicKey, derivationPath, ledgerClient, suiClient }: LedgerSignerOptions) {\n\t\tsuper();\n\t\tthis.#publicKey = publicKey;\n\t\tthis.#derivationPath = derivationPath;\n\t\tthis.#ledgerClient = ledgerClient;\n\t\tthis.#suiClient = suiClient;\n\t}\n\n\t/**\n\t * Retrieves the key scheme used by this signer.\n\t */\n\toverride getKeyScheme() {\n\t\treturn 'ED25519' as const;\n\t}\n\n\t/**\n\t * Retrieves the public key associated with this signer.\n\t * @returns The Ed25519PublicKey instance.\n\t */\n\toverride getPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\t/**\n\t * Signs the provided transaction bytes.\n\t * @returns The signed transaction bytes and signature.\n\t */\n\toverride async signTransaction(\n\t\tbytes: Uint8Array,\n\t\tbcsObjects?: Uint8Array[],\n\t\tresolution?: Resolution,\n\t): Promise<SignatureWithBytes> {\n\t\tconst transactionOptions = bcsObjects\n\t\t\t? { bcsObjects }\n\t\t\t: await getInputObjects(Transaction.from(bytes), this.#suiClient).catch(() => ({\n\t\t\t\t\t// Fail gracefully so network errors or serialization issues don't break transaction signing:\n\t\t\t\t\tbcsObjects: [],\n\t\t\t\t}));\n\n\t\tconst intentMessage = messageWithIntent('TransactionData', bytes);\n\t\tconst { signature } = await this.#ledgerClient.signTransaction(\n\t\t\tthis.#derivationPath,\n\t\t\tintentMessage,\n\t\t\ttransactionOptions,\n\t\t\tresolution,\n\t\t);\n\n\t\treturn {\n\t\t\tbytes: toBase64(bytes),\n\t\t\tsignature: toSerializedSignature({\n\t\t\t\tsignature,\n\t\t\t\tsignatureScheme: this.getKeyScheme(),\n\t\t\t\tpublicKey: this.#publicKey,\n\t\t\t}),\n\t\t};\n\t}\n\n\t/**\n\t * Signs the provided personal message.\n\t * @returns The signed message bytes and signature.\n\t */\n\toverride async signPersonalMessage(bytes: Uint8Array): Promise<SignatureWithBytes> {\n\t\tconst intentMessage = messageWithIntent(\n\t\t\t'PersonalMessage',\n\t\t\tbcs.byteVector().serialize(bytes).toBytes(),\n\t\t);\n\t\tconst { signature } = await this.#ledgerClient.signTransaction(\n\t\t\tthis.#derivationPath,\n\t\t\tintentMessage,\n\t\t);\n\n\t\treturn {\n\t\t\tbytes: toBase64(bytes),\n\t\t\tsignature: toSerializedSignature({\n\t\t\t\tsignature,\n\t\t\t\tsignatureScheme: this.getKeyScheme(),\n\t\t\t\tpublicKey: this.#publicKey,\n\t\t\t}),\n\t\t};\n\t}\n\n\t/**\n\t * Prepares the signer by fetching and setting the public key from a Ledger device.\n\t * It is recommended to initialize an `LedgerSigner` instance using this function.\n\t * @returns A promise that resolves once a `LedgerSigner` instance is prepared (public key is set).\n\t */\n\tstatic async fromDerivationPath(\n\t\tderivationPath: string,\n\t\tledgerClient: SuiLedgerClient,\n\t\tsuiClient: ClientWithCoreApi,\n\t) {\n\t\tconst { publicKey } = await ledgerClient.getPublicKey(derivationPath);\n\t\tif (!publicKey) {\n\t\t\tthrow new Error('Failed to get public key from Ledger.');\n\t\t}\n\n\t\treturn new LedgerSigner({\n\t\t\tderivationPath,\n\t\t\tpublicKey: new Ed25519PublicKey(publicKey),\n\t\t\tledgerClient,\n\t\t\tsuiClient,\n\t\t});\n\t}\n\n\t/**\n\t * Generic signing is not supported by Ledger.\n\t * @throws Always throws an error indicating generic signing is unsupported.\n\t */\n\toverride sign(): never {\n\t\tthrow new Error('Ledger Signer does not support generic signing.');\n\t}\n\n\t/**\n\t * Generic signing is not supported by Ledger.\n\t * @throws Always throws an error indicating generic signing is unsupported.\n\t */\n\toverride signWithIntent(): never {\n\t\tthrow new Error('Ledger Signer does not support generic signing.');\n\t}\n}\n"],"mappings":";;;;;;;;;;;AA8BA,IAAa,eAAb,MAAa,qBAAqB,OAAO;CACxC;CACA;CACA;CACA;;;;;;;;CASA,YAAY,EAAE,WAAW,gBAAgB,cAAc,aAAkC;AACxF,SAAO;AACP,QAAKA,YAAa;AAClB,QAAKC,iBAAkB;AACvB,QAAKC,eAAgB;AACrB,QAAKC,YAAa;;;;;CAMnB,AAAS,eAAe;AACvB,SAAO;;;;;;CAOR,AAAS,eAAe;AACvB,SAAO,MAAKH;;;;;;CAOb,MAAe,gBACd,OACA,YACA,YAC8B;EAC9B,MAAM,qBAAqB,aACxB,EAAE,YAAY,GACd,MAAM,gBAAgB,YAAY,KAAK,MAAM,EAAE,MAAKG,UAAW,CAAC,aAAa,EAE7E,YAAY,EAAE,EACd,EAAE;EAEL,MAAM,gBAAgB,kBAAkB,mBAAmB,MAAM;EACjE,MAAM,EAAE,cAAc,MAAM,MAAKD,aAAc,gBAC9C,MAAKD,gBACL,eACA,oBACA,WACA;AAED,SAAO;GACN,OAAO,SAAS,MAAM;GACtB,WAAW,sBAAsB;IAChC;IACA,iBAAiB,KAAK,cAAc;IACpC,WAAW,MAAKD;IAChB,CAAC;GACF;;;;;;CAOF,MAAe,oBAAoB,OAAgD;EAClF,MAAM,gBAAgB,kBACrB,mBACA,IAAI,YAAY,CAAC,UAAU,MAAM,CAAC,SAAS,CAC3C;EACD,MAAM,EAAE,cAAc,MAAM,MAAKE,aAAc,gBAC9C,MAAKD,gBACL,cACA;AAED,SAAO;GACN,OAAO,SAAS,MAAM;GACtB,WAAW,sBAAsB;IAChC;IACA,iBAAiB,KAAK,cAAc;IACpC,WAAW,MAAKD;IAChB,CAAC;GACF;;;;;;;CAQF,aAAa,mBACZ,gBACA,cACA,WACC;EACD,MAAM,EAAE,cAAc,MAAM,aAAa,aAAa,eAAe;AACrE,MAAI,CAAC,UACJ,OAAM,IAAI,MAAM,wCAAwC;AAGzD,SAAO,IAAI,aAAa;GACvB;GACA,WAAW,IAAI,iBAAiB,UAAU;GAC1C;GACA;GACA,CAAC;;;;;;CAOH,AAAS,OAAc;AACtB,QAAM,IAAI,MAAM,kDAAkD;;;;;;CAOnE,AAAS,iBAAwB;AAChC,QAAM,IAAI,MAAM,kDAAkD"}

package/dist/ledger/objects.d.mts

@@ -0,0 +1,10 @@
+import { Transaction } from "@mysten/sui/transactions";
+import { ClientWithCoreApi } from "@mysten/sui/client";
+
+//#region src/ledger/objects.d.ts
+declare const getInputObjects: (transaction: Transaction, client: ClientWithCoreApi) => Promise<{
+  bcsObjects: Uint8Array<ArrayBuffer>[];
+}>;
+//#endregion
+export { getInputObjects };
+//# sourceMappingURL=objects.d.mts.map

package/dist/ledger/objects.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"objects.d.mts","names":[],"sources":["../../src/ledger/objects.ts"],"sourcesContent":[],"mappings":";;;;cAMa,+BAAsC,qBAAqB,sBAAiB;;AAAzF,CAAA,CAAA"}

package/dist/ledger/objects.mjs

@@ -0,0 +1,16 @@
+//#region src/ledger/objects.ts
+const getInputObjects = async (transaction, client) => {
+	const data = transaction.getData();
+	const gasObjectIds = data.gasData.payment?.map((object) => object.objectId) ?? [];
+	const inputObjectIds = data.inputs.map((input) => {
+		return input.$kind === "Object" && input.Object.$kind === "ImmOrOwnedObject" ? input.Object.ImmOrOwnedObject.objectId : null;
+	}).filter((objectId) => !!objectId);
+	return { bcsObjects: (await client.core.getObjects({
+		objectIds: [...gasObjectIds, ...inputObjectIds],
+		include: { objectBcs: true }
+	})).objects.filter((obj) => !(obj instanceof Error)).map((object) => object.objectBcs).filter((bytes) => !!bytes) };
+};
+
+//#endregion
+export { getInputObjects };
+//# sourceMappingURL=objects.mjs.map

package/dist/ledger/objects.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"objects.mjs","names":[],"sources":["../../src/ledger/objects.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { Transaction } from '@mysten/sui/transactions';\nimport type { ClientWithCoreApi } from '@mysten/sui/client';\n\nexport const getInputObjects = async (transaction: Transaction, client: ClientWithCoreApi) => {\n\tconst data = transaction.getData();\n\n\tconst gasObjectIds = data.gasData.payment?.map((object) => object.objectId) ?? [];\n\tconst inputObjectIds = data.inputs\n\t\t.map((input) => {\n\t\t\treturn input.$kind === 'Object' && input.Object.$kind === 'ImmOrOwnedObject'\n\t\t\t\t? input.Object.ImmOrOwnedObject.objectId\n\t\t\t\t: null;\n\t\t})\n\t\t.filter((objectId): objectId is string => !!objectId);\n\n\tconst response = await client.core.getObjects({\n\t\tobjectIds: [...gasObjectIds, ...inputObjectIds],\n\t\tinclude: {\n\t\t\tobjectBcs: true,\n\t\t},\n\t});\n\n\tconst bcsObjects = response.objects\n\t\t.filter((obj): obj is Exclude<typeof obj, Error> => !(obj instanceof Error))\n\t\t.map((object) => object.objectBcs)\n\t\t.filter((bytes): bytes is Uint8Array<ArrayBuffer> => !!bytes);\n\n\treturn { bcsObjects };\n};\n"],"mappings":";AAMA,MAAa,kBAAkB,OAAO,aAA0B,WAA8B;CAC7F,MAAM,OAAO,YAAY,SAAS;CAElC,MAAM,eAAe,KAAK,QAAQ,SAAS,KAAK,WAAW,OAAO,SAAS,IAAI,EAAE;CACjF,MAAM,iBAAiB,KAAK,OAC1B,KAAK,UAAU;AACf,SAAO,MAAM,UAAU,YAAY,MAAM,OAAO,UAAU,qBACvD,MAAM,OAAO,iBAAiB,WAC9B;GACF,CACD,QAAQ,aAAiC,CAAC,CAAC,SAAS;AActD,QAAO,EAAE,aAZQ,MAAM,OAAO,KAAK,WAAW;EAC7C,WAAW,CAAC,GAAG,cAAc,GAAG,eAAe;EAC/C,SAAS,EACR,WAAW,MACX;EACD,CAAC,EAE0B,QAC1B,QAAQ,QAA2C,EAAE,eAAe,OAAO,CAC3E,KAAK,WAAW,OAAO,UAAU,CACjC,QAAQ,UAA4C,CAAC,CAAC,MAAM,EAEzC"}

package/dist/utils/utils.mjs

@@ -0,0 +1,71 @@
+import { p256 } from "@noble/curves/nist.js";
+import { secp256k1 } from "@noble/curves/secp256k1.js";
+import { ASN1Construction, ASN1TagClass, DERElement } from "asn1-ts";
+
+//#region src/utils/utils.ts
+/** The total number of bits in the DER bit string for the uncompressed public key. */
+const DER_BIT_STRING_LENGTH = 520;
+/** The total number of bytes corresponding to the DER bit string length. */
+const DER_BYTES_LENGTH = DER_BIT_STRING_LENGTH / 8;
+/**
+* Converts an array of bits into a byte array.
+*
+* @param bitsArray - A `Uint8ClampedArray` representing the bits to convert.
+* @returns A `Uint8Array` containing the corresponding bytes.
+*
+* @throws {Error} If the input array does not have the expected length.
+*/
+function bitsToBytes(bitsArray) {
+	const bytes = new Uint8Array(DER_BYTES_LENGTH);
+	for (let i = 0; i < DER_BIT_STRING_LENGTH; i++) if (bitsArray[i] === 1) bytes[Math.floor(i / 8)] |= 1 << 7 - i % 8;
+	return bytes;
+}
+function publicKeyFromDER(derBytes) {
+	const encodedData = derBytes;
+	const derElement = new DERElement();
+	derElement.fromBytes(encodedData);
+	if (!(derElement.tagClass === ASN1TagClass.universal && derElement.construction === ASN1Construction.constructed)) throw new Error("Unexpected ASN.1 structure");
+	const publicKeyElement = derElement.components[1];
+	if (!publicKeyElement) throw new Error("Public Key not found in the DER structure");
+	return compressPublicKeyClamped(publicKeyElement.bitString);
+}
+function getConcatenatedSignature(signature, keyScheme) {
+	if (!signature || signature.length === 0) throw new Error("Invalid signature");
+	const derElement = new DERElement();
+	derElement.fromBytes(signature);
+	const [r, s] = derElement.toJSON();
+	switch (keyScheme) {
+		case "Secp256k1": {
+			const sig = new secp256k1.Signature(BigInt(r), BigInt(s));
+			return (sig.hasHighS() ? new secp256k1.Signature(sig.r, secp256k1.Point.Fn.neg(sig.s)) : sig).toBytes("compact");
+		}
+		case "Secp256r1": {
+			const sig = new p256.Signature(BigInt(r), BigInt(s));
+			return (sig.hasHighS() ? new p256.Signature(sig.r, p256.Point.Fn.neg(sig.s)) : sig).toBytes("compact");
+		}
+		default: throw new Error("Unsupported key scheme");
+	}
+}
+/**
+* Compresses an uncompressed public key into its compressed form.
+*
+* The uncompressed key must follow the DER bit string format as specified in [RFC 5480](https://datatracker.ietf.org/doc/html/rfc5480#section-2.2)
+* and [SEC 1: Elliptic Curve Cryptography](https://www.secg.org/sec1-v2.pdf).
+*
+* @param uncompressedKey - A `Uint8ClampedArray` representing the uncompressed public key bits.
+* @returns A `Uint8Array` containing the compressed public key.
+*
+* @throws {Error} If the uncompressed key has an unexpected length or does not start with the expected prefix.
+*/
+function compressPublicKeyClamped(uncompressedKey) {
+	if (uncompressedKey.length !== DER_BIT_STRING_LENGTH) throw new Error("Unexpected length for an uncompressed public key");
+	const uncompressedBytes = bitsToBytes(uncompressedKey);
+	if (uncompressedBytes[0] !== 4) throw new Error("Public key does not start with 0x04");
+	const xCoord = uncompressedBytes.slice(1, 33);
+	const parityByte = uncompressedBytes[64] % 2 === 0 ? 2 : 3;
+	return new Uint8Array([parityByte, ...xCoord]);
+}
+
+//#endregion
+export { getConcatenatedSignature, publicKeyFromDER };
+//# sourceMappingURL=utils.mjs.map

package/dist/utils/utils.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.mjs","names":["secp256r1"],"sources":["../../src/utils/utils.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { p256 as secp256r1 } from '@noble/curves/nist.js';\nimport { secp256k1 } from '@noble/curves/secp256k1.js';\nimport { ASN1Construction, ASN1TagClass, DERElement } from 'asn1-ts';\n\n/** The total number of bits in the DER bit string for the uncompressed public key. */\nexport const DER_BIT_STRING_LENGTH = 520;\n\n/** The total number of bytes corresponding to the DER bit string length. */\nexport const DER_BYTES_LENGTH = DER_BIT_STRING_LENGTH / 8;\n\n// Reference Specifications:\n// https://datatracker.ietf.org/doc/html/rfc5480#section-2.2\n// https://www.secg.org/sec1-v2.pdf\n\n/**\n * Converts an array of bits into a byte array.\n *\n * @param bitsArray - A `Uint8ClampedArray` representing the bits to convert.\n * @returns A `Uint8Array` containing the corresponding bytes.\n *\n * @throws {Error} If the input array does not have the expected length.\n */\nfunction bitsToBytes(bitsArray: Uint8ClampedArray): Uint8Array {\n\tconst bytes = new Uint8Array(DER_BYTES_LENGTH);\n\tfor (let i = 0; i < DER_BIT_STRING_LENGTH; i++) {\n\t\tif (bitsArray[i] === 1) {\n\t\t\tbytes[Math.floor(i / 8)] |= 1 << (7 - (i % 8));\n\t\t}\n\t}\n\treturn bytes;\n}\n\nexport function publicKeyFromDER(derBytes: Uint8Array) {\n\tconst encodedData: Uint8Array = derBytes;\n\tconst derElement = new DERElement();\n\tderElement.fromBytes(encodedData);\n\n\t// Validate the ASN.1 structure of the public key\n\tif (\n\t\t!(\n\t\t\tderElement.tagClass === ASN1TagClass.universal &&\n\t\t\tderElement.construction === ASN1Construction.constructed\n\t\t)\n\t) {\n\t\tthrow new Error('Unexpected ASN.1 structure');\n\t}\n\n\tconst components = derElement.components;\n\tconst publicKeyElement = components[1];\n\n\tif (!publicKeyElement) {\n\t\tthrow new Error('Public Key not found in the DER structure');\n\t}\n\n\treturn compressPublicKeyClamped(publicKeyElement.bitString);\n}\n\nexport function getConcatenatedSignature(signature: Uint8Array, keyScheme: string) {\n\tif (!signature || signature.length === 0) {\n\t\tthrow new Error('Invalid signature');\n\t}\n\n\t// Initialize a DERElement to parse the DER-encoded signature\n\tconst derElement = new DERElement();\n\tderElement.fromBytes(signature);\n\n\tconst [r, s] = derElement.toJSON() as [string, string];\n\n\tswitch (keyScheme) {\n\t\tcase 'Secp256k1': {\n\t\t\tconst sig = new secp256k1.Signature(BigInt(r), BigInt(s));\n\t\t\tconst normalized = sig.hasHighS()\n\t\t\t\t? new secp256k1.Signature(sig.r, secp256k1.Point.Fn.neg(sig.s))\n\t\t\t\t: sig;\n\n\t\t\treturn normalized.toBytes('compact') as Uint8Array<ArrayBuffer>;\n\t\t}\n\t\tcase 'Secp256r1': {\n\t\t\tconst sig = new secp256r1.Signature(BigInt(r), BigInt(s));\n\t\t\tconst normalized = sig.hasHighS()\n\t\t\t\t? new secp256r1.Signature(sig.r, secp256r1.Point.Fn.neg(sig.s))\n\t\t\t\t: sig;\n\n\t\t\treturn normalized.toBytes('compact') as Uint8Array<ArrayBuffer>;\n\t\t}\n\t\tdefault:\n\t\t\tthrow new Error('Unsupported key scheme');\n\t}\n}\n\n/**\n * Compresses an uncompressed public key into its compressed form.\n *\n * The uncompressed key must follow the DER bit string format as specified in [RFC 5480](https://datatracker.ietf.org/doc/html/rfc5480#section-2.2)\n * and [SEC 1: Elliptic Curve Cryptography](https://www.secg.org/sec1-v2.pdf).\n *\n * @param uncompressedKey - A `Uint8ClampedArray` representing the uncompressed public key bits.\n * @returns A `Uint8Array` containing the compressed public key.\n *\n * @throws {Error} If the uncompressed key has an unexpected length or does not start with the expected prefix.\n */\nexport function compressPublicKeyClamped(uncompressedKey: Uint8ClampedArray): Uint8Array {\n\tif (uncompressedKey.length !== DER_BIT_STRING_LENGTH) {\n\t\tthrow new Error('Unexpected length for an uncompressed public key');\n\t}\n\n\t// Convert bits to bytes\n\tconst uncompressedBytes = bitsToBytes(uncompressedKey);\n\n\t// Ensure the public key starts with the standard uncompressed prefix 0x04\n\tif (uncompressedBytes[0] !== 0x04) {\n\t\tthrow new Error('Public key does not start with 0x04');\n\t}\n\n\t// Extract X-Coordinate (skip the first byte, which is the prefix 0x04)\n\tconst xCoord = uncompressedBytes.slice(1, 33);\n\n\t// Determine parity byte for Y coordinate based on the last byte\n\tconst yCoordLastByte = uncompressedBytes[64];\n\tconst parityByte = yCoordLastByte % 2 === 0 ? 0x02 : 0x03;\n\n\t// Return the compressed public key consisting of the parity byte and X-coordinate\n\treturn new Uint8Array([parityByte, ...xCoord]);\n}\n"],"mappings":";;;;;;AAQA,MAAa,wBAAwB;;AAGrC,MAAa,mBAAmB,wBAAwB;;;;;;;;;AAcxD,SAAS,YAAY,WAA0C;CAC9D,MAAM,QAAQ,IAAI,WAAW,iBAAiB;AAC9C,MAAK,IAAI,IAAI,GAAG,IAAI,uBAAuB,IAC1C,KAAI,UAAU,OAAO,EACpB,OAAM,KAAK,MAAM,IAAI,EAAE,KAAK,KAAM,IAAK,IAAI;AAG7C,QAAO;;AAGR,SAAgB,iBAAiB,UAAsB;CACtD,MAAM,cAA0B;CAChC,MAAM,aAAa,IAAI,YAAY;AACnC,YAAW,UAAU,YAAY;AAGjC,KACC,EACC,WAAW,aAAa,aAAa,aACrC,WAAW,iBAAiB,iBAAiB,aAG9C,OAAM,IAAI,MAAM,6BAA6B;CAI9C,MAAM,mBADa,WAAW,WACM;AAEpC,KAAI,CAAC,iBACJ,OAAM,IAAI,MAAM,4CAA4C;AAG7D,QAAO,yBAAyB,iBAAiB,UAAU;;AAG5D,SAAgB,yBAAyB,WAAuB,WAAmB;AAClF,KAAI,CAAC,aAAa,UAAU,WAAW,EACtC,OAAM,IAAI,MAAM,oBAAoB;CAIrC,MAAM,aAAa,IAAI,YAAY;AACnC,YAAW,UAAU,UAAU;CAE/B,MAAM,CAAC,GAAG,KAAK,WAAW,QAAQ;AAElC,SAAQ,WAAR;EACC,KAAK,aAAa;GACjB,MAAM,MAAM,IAAI,UAAU,UAAU,OAAO,EAAE,EAAE,OAAO,EAAE,CAAC;AAKzD,WAJmB,IAAI,UAAU,GAC9B,IAAI,UAAU,UAAU,IAAI,GAAG,UAAU,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC,GAC7D,KAEe,QAAQ,UAAU;;EAErC,KAAK,aAAa;GACjB,MAAM,MAAM,IAAIA,KAAU,UAAU,OAAO,EAAE,EAAE,OAAO,EAAE,CAAC;AAKzD,WAJmB,IAAI,UAAU,GAC9B,IAAIA,KAAU,UAAU,IAAI,GAAGA,KAAU,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC,GAC7D,KAEe,QAAQ,UAAU;;EAErC,QACC,OAAM,IAAI,MAAM,yBAAyB;;;;;;;;;;;;;;AAe5C,SAAgB,yBAAyB,iBAAgD;AACxF,KAAI,gBAAgB,WAAW,sBAC9B,OAAM,IAAI,MAAM,mDAAmD;CAIpE,MAAM,oBAAoB,YAAY,gBAAgB;AAGtD,KAAI,kBAAkB,OAAO,EAC5B,OAAM,IAAI,MAAM,sCAAsC;CAIvD,MAAM,SAAS,kBAAkB,MAAM,GAAG,GAAG;CAI7C,MAAM,aADiB,kBAAkB,MACL,MAAM,IAAI,IAAO;AAGrD,QAAO,IAAI,WAAW,CAAC,YAAY,GAAG,OAAO,CAAC"}

package/dist/webcrypto/index.d.mts

@@ -0,0 +1,32 @@
+import { SignatureScheme, Signer } from "@mysten/sui/cryptography";
+import { Secp256r1PublicKey } from "@mysten/sui/keypairs/secp256r1";
+
+//#region src/webcrypto/index.d.ts
+interface ExportedWebCryptoKeypair {
+  privateKey: CryptoKey;
+  publicKey: Uint8Array<ArrayBuffer>;
+}
+declare class WebCryptoSigner extends Signer {
+  #private;
+  privateKey: CryptoKey;
+  static generate({
+    extractable
+  }?: {
+    extractable?: boolean;
+  }): Promise<WebCryptoSigner>;
+  /**
+   * Imports a keypair using the value returned by `export()`.
+   */
+  static import(data: ExportedWebCryptoKeypair): WebCryptoSigner;
+  getKeyScheme(): SignatureScheme;
+  constructor(privateKey: CryptoKey, publicKey: Uint8Array);
+  /**
+   * Exports the keypair so that it can be stored in IndexedDB.
+   */
+  export(): ExportedWebCryptoKeypair;
+  getPublicKey(): Secp256r1PublicKey;
+  sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>>;
+}
+//#endregion
+export { ExportedWebCryptoKeypair, WebCryptoSigner };
+//# sourceMappingURL=index.d.mts.map

package/dist/webcrypto/index.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.mts","names":[],"sources":["../../src/webcrypto/index.ts"],"sourcesContent":[],"mappings":";;;;UAuBiB,wBAAA;EAAA,UAAA,EACJ,SADI;EACJ,SAAA,EACD,UADC,CACU,WADV,CAAA;;AACD,cAGC,eAAA,SAAwB,MAAA,CAHzB;EAAU,CAAA,OAAA;EAGT,UAAA,EACA,SADgB;EAChB,OAAA,QAAA,CAAA;IAAA;EAIiE,CAAA,CAJjE,EAAA;IAIY,WAAA,CAAA,EAAA,OAAA;EAAqD,CAAA,CAAA,EAAA,OAAA,CAAA,eAAA,CAAA;EAAA;;;EAyB7D,OAAA,MAAA,CAAA,IAAA,EAJI,wBAIJ,CAAA,EAJ4B,eAI5B;EAIQ,YAAA,CAAA,CAAA,EAJR,eAIQ;EAAsB,WAAA,CAAA,UAAA,EAAtB,SAAsB,EAAA,SAAA,EAAA,UAAA;EASpC;;;EAsBwC,MAAA,CAAA,CAAA,EAtBxC,wBAsBwC;EAAX,YAAA,CAAA,CAAA,EAJ3B,kBAI2B;EAAR,IAAA,CAAA,KAAA,EAAb,UAAa,CAAA,EAAA,OAAA,CAAQ,UAAR,CAAmB,WAAnB,CAAA,CAAA"}

package/dist/webcrypto/index.mjs

@@ -0,0 +1,70 @@
+import { Signer } from "@mysten/sui/cryptography";
+import { p256 } from "@noble/curves/nist.js";
+import { Secp256r1PublicKey } from "@mysten/sui/keypairs/secp256r1";
+
+//#region src/webcrypto/index.ts
+function getCompressedPublicKey(publicKey) {
+	const rawBytes = new Uint8Array(publicKey);
+	const x = rawBytes.slice(1, 33);
+	const prefix = (rawBytes.slice(33, 65)[31] & 1) === 0 ? 2 : 3;
+	const compressed = new Uint8Array(Secp256r1PublicKey.SIZE);
+	compressed[0] = prefix;
+	compressed.set(x, 1);
+	return compressed;
+}
+var WebCryptoSigner = class WebCryptoSigner extends Signer {
+	#publicKey;
+	static async generate({ extractable = false } = {}) {
+		const keypair = await globalThis.crypto.subtle.generateKey({
+			name: "ECDSA",
+			namedCurve: "P-256"
+		}, extractable, ["sign", "verify"]);
+		const publicKey = await globalThis.crypto.subtle.exportKey("raw", keypair.publicKey);
+		return new WebCryptoSigner(keypair.privateKey, getCompressedPublicKey(new Uint8Array(publicKey)));
+	}
+	/**
+	* Imports a keypair using the value returned by `export()`.
+	*/
+	static import(data) {
+		return new WebCryptoSigner(data.privateKey, data.publicKey);
+	}
+	getKeyScheme() {
+		return "Secp256r1";
+	}
+	constructor(privateKey, publicKey) {
+		super();
+		this.privateKey = privateKey;
+		this.#publicKey = new Secp256r1PublicKey(publicKey);
+	}
+	/**
+	* Exports the keypair so that it can be stored in IndexedDB.
+	*/
+	export() {
+		const exportedKeypair = {
+			privateKey: this.privateKey,
+			publicKey: this.#publicKey.toRawBytes()
+		};
+		Object.defineProperty(exportedKeypair, "toJSON", {
+			enumerable: false,
+			value: () => {
+				throw new Error("The exported keypair must not be serialized. It must be stored in IndexedDB directly.");
+			}
+		});
+		return exportedKeypair;
+	}
+	getPublicKey() {
+		return this.#publicKey;
+	}
+	async sign(bytes) {
+		const rawSignature = await globalThis.crypto.subtle.sign({
+			name: "ECDSA",
+			hash: "SHA-256"
+		}, this.privateKey, bytes);
+		const signature = p256.Signature.fromBytes(new Uint8Array(rawSignature));
+		return (signature.hasHighS() ? new p256.Signature(signature.r, p256.Point.Fn.neg(signature.s)) : signature).toBytes("compact");
+	}
+};
+
+//#endregion
+export { WebCryptoSigner };
+//# sourceMappingURL=index.mjs.map

package/dist/webcrypto/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","names":["#publicKey","secp256r1"],"sources":["../../src/webcrypto/index.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { SignatureScheme } from '@mysten/sui/cryptography';\nimport { Signer } from '@mysten/sui/cryptography';\nimport { Secp256r1PublicKey } from '@mysten/sui/keypairs/secp256r1';\nimport { p256 as secp256r1 } from '@noble/curves/nist.js';\n\n// Convert from uncompressed (65 bytes) to compressed (33 bytes) format\nfunction getCompressedPublicKey(publicKey: Uint8Array) {\n\tconst rawBytes = new Uint8Array(publicKey);\n\tconst x = rawBytes.slice(1, 33);\n\tconst y = rawBytes.slice(33, 65);\n\n\tconst prefix = (y[31] & 1) === 0 ? 0x02 : 0x03;\n\n\tconst compressed = new Uint8Array(Secp256r1PublicKey.SIZE);\n\tcompressed[0] = prefix;\n\tcompressed.set(x, 1);\n\n\treturn compressed;\n}\n\nexport interface ExportedWebCryptoKeypair {\n\tprivateKey: CryptoKey;\n\tpublicKey: Uint8Array<ArrayBuffer>;\n}\n\nexport class WebCryptoSigner extends Signer {\n\tprivateKey: CryptoKey;\n\n\t#publicKey: Secp256r1PublicKey;\n\n\tstatic async generate({ extractable = false }: { extractable?: boolean } = {}) {\n\t\tconst keypair = await globalThis.crypto.subtle.generateKey(\n\t\t\t{\n\t\t\t\tname: 'ECDSA',\n\t\t\t\tnamedCurve: 'P-256',\n\t\t\t},\n\t\t\textractable,\n\t\t\t['sign', 'verify'],\n\t\t);\n\n\t\tconst publicKey = await globalThis.crypto.subtle.exportKey('raw', keypair.publicKey);\n\n\t\treturn new WebCryptoSigner(\n\t\t\tkeypair.privateKey,\n\t\t\tgetCompressedPublicKey(new Uint8Array(publicKey)),\n\t\t);\n\t}\n\n\t/**\n\t * Imports a keypair using the value returned by `export()`.\n\t */\n\tstatic import(data: ExportedWebCryptoKeypair) {\n\t\treturn new WebCryptoSigner(data.privateKey, data.publicKey);\n\t}\n\n\tgetKeyScheme(): SignatureScheme {\n\t\treturn 'Secp256r1';\n\t}\n\n\tconstructor(privateKey: CryptoKey, publicKey: Uint8Array) {\n\t\tsuper();\n\t\tthis.privateKey = privateKey;\n\t\tthis.#publicKey = new Secp256r1PublicKey(publicKey);\n\t}\n\n\t/**\n\t * Exports the keypair so that it can be stored in IndexedDB.\n\t */\n\texport(): ExportedWebCryptoKeypair {\n\t\tconst exportedKeypair = {\n\t\t\tprivateKey: this.privateKey,\n\t\t\tpublicKey: this.#publicKey.toRawBytes(),\n\t\t};\n\n\t\tObject.defineProperty(exportedKeypair, 'toJSON', {\n\t\t\tenumerable: false,\n\t\t\tvalue: () => {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t'The exported keypair must not be serialized. It must be stored in IndexedDB directly.',\n\t\t\t\t);\n\t\t\t},\n\t\t});\n\n\t\treturn exportedKeypair;\n\t}\n\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n\n\tasync sign(bytes: Uint8Array): Promise<Uint8Array<ArrayBuffer>> {\n\t\tconst rawSignature = await globalThis.crypto.subtle.sign(\n\t\t\t{\n\t\t\t\tname: 'ECDSA',\n\t\t\t\thash: 'SHA-256',\n\t\t\t},\n\t\t\tthis.privateKey,\n\t\t\tbytes as BufferSource,\n\t\t);\n\n\t\tconst signature = secp256r1.Signature.fromBytes(new Uint8Array(rawSignature));\n\t\tconst normalizedSig = signature.hasHighS()\n\t\t\t? new secp256r1.Signature(signature.r, secp256r1.Point.Fn.neg(signature.s))\n\t\t\t: signature;\n\n\t\treturn normalizedSig.toBytes('compact') as Uint8Array<ArrayBuffer>;\n\t}\n}\n"],"mappings":";;;;;AASA,SAAS,uBAAuB,WAAuB;CACtD,MAAM,WAAW,IAAI,WAAW,UAAU;CAC1C,MAAM,IAAI,SAAS,MAAM,GAAG,GAAG;CAG/B,MAAM,UAFI,SAAS,MAAM,IAAI,GAAG,CAEd,MAAM,OAAO,IAAI,IAAO;CAE1C,MAAM,aAAa,IAAI,WAAW,mBAAmB,KAAK;AAC1D,YAAW,KAAK;AAChB,YAAW,IAAI,GAAG,EAAE;AAEpB,QAAO;;AAQR,IAAa,kBAAb,MAAa,wBAAwB,OAAO;CAG3C;CAEA,aAAa,SAAS,EAAE,cAAc,UAAqC,EAAE,EAAE;EAC9E,MAAM,UAAU,MAAM,WAAW,OAAO,OAAO,YAC9C;GACC,MAAM;GACN,YAAY;GACZ,EACD,aACA,CAAC,QAAQ,SAAS,CAClB;EAED,MAAM,YAAY,MAAM,WAAW,OAAO,OAAO,UAAU,OAAO,QAAQ,UAAU;AAEpF,SAAO,IAAI,gBACV,QAAQ,YACR,uBAAuB,IAAI,WAAW,UAAU,CAAC,CACjD;;;;;CAMF,OAAO,OAAO,MAAgC;AAC7C,SAAO,IAAI,gBAAgB,KAAK,YAAY,KAAK,UAAU;;CAG5D,eAAgC;AAC/B,SAAO;;CAGR,YAAY,YAAuB,WAAuB;AACzD,SAAO;AACP,OAAK,aAAa;AAClB,QAAKA,YAAa,IAAI,mBAAmB,UAAU;;;;;CAMpD,SAAmC;EAClC,MAAM,kBAAkB;GACvB,YAAY,KAAK;GACjB,WAAW,MAAKA,UAAW,YAAY;GACvC;AAED,SAAO,eAAe,iBAAiB,UAAU;GAChD,YAAY;GACZ,aAAa;AACZ,UAAM,IAAI,MACT,wFACA;;GAEF,CAAC;AAEF,SAAO;;CAGR,eAAe;AACd,SAAO,MAAKA;;CAGb,MAAM,KAAK,OAAqD;EAC/D,MAAM,eAAe,MAAM,WAAW,OAAO,OAAO,KACnD;GACC,MAAM;GACN,MAAM;GACN,EACD,KAAK,YACL,MACA;EAED,MAAM,YAAYC,KAAU,UAAU,UAAU,IAAI,WAAW,aAAa,CAAC;AAK7E,UAJsB,UAAU,UAAU,GACvC,IAAIA,KAAU,UAAU,UAAU,GAAGA,KAAU,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC,GACzE,WAEkB,QAAQ,UAAU"}

package/package.json

@@ -1,26 +1,30 @@
 {
   "name": "@mysten/signers",
-  "version": "0.6.2",
+  "version": "1.0.1",
   "description": "A collection of signers for various providers",
   "license": "Apache-2.0",
   "author": "Mysten Labs <build@mystenlabs.com>",
-  "type": "commonjs",
+  "type": "module",
   "exports": {
     "./aws": {
-      "import": "./dist/esm/aws/index.js",
-      "require": "./dist/cjs/aws/index.js"
+      "types": "./dist/aws/index.d.mts",
+      "import": "./dist/aws/index.mjs",
+      "default": "./dist/aws/index.mjs"
     },
     "./gcp": {
-      "import": "./dist/esm/gcp/index.js",
-      "require": "./dist/cjs/gcp/index.js"
+      "types": "./dist/gcp/index.d.mts",
+      "import": "./dist/gcp/index.mjs",
+      "default": "./dist/gcp/index.mjs"
     },
     "./ledger": {
-      "import": "./dist/esm/ledger/index.js",
-      "require": "./dist/cjs/ledger/index.js"
+      "types": "./dist/ledger/index.d.mts",
+      "import": "./dist/ledger/index.mjs",
+      "default": "./dist/ledger/index.mjs"
     },
     "./webcrypto": {
-      "import": "./dist/esm/webcrypto/index.js",
-      "require": "./dist/cjs/webcrypto/index.js"
+      "types": "./dist/webcrypto/index.d.mts",
+      "import": "./dist/webcrypto/index.mjs",
+      "default": "./dist/webcrypto/index.mjs"
     }
   },
   "sideEffects": false,
@@ -38,39 +42,41 @@
   ],
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/mystenlabs/ts-sdks.git"
+    "url": "git+https://github.com/MystenLabs/ts-sdks.git"
   },
   "bugs": {
     "url": "https://github.com/mystenlabs/ts-sdks/issues"
   },
   "homepage": "https://github.com/MystenLabs/ts-sdks/tree/main/packages/signers#readme",
   "devDependencies": {
-    "@types/node": "^22.15.29",
-    "dotenv": "^17.2.2",
-    "typescript": "^5.9.2",
-    "vitest": "^3.2.4",
-    "@mysten/build-scripts": "0.0.0"
+    "@types/node": "^25.0.8",
+    "dotenv": "^17.2.3",
+    "typescript": "^5.9.3",
+    "vitest": "^4.0.17",
+    "@mysten/sui": "^2.3.2"
   },
   "dependencies": {
-    "@google-cloud/kms": "^4.5.0",
-    "@noble/curves": "=1.9.4",
-    "@noble/hashes": "^1.8.0",
-    "asn1-ts": "^8.0.2",
-    "@mysten/ledgerjs-hw-app-sui": "0.7.0",
-    "@mysten/sui": "1.45.2"
+    "@google-cloud/kms": "^5.2.1",
+    "@noble/curves": "^2.0.1",
+    "@noble/hashes": "^2.0.1",
+    "asn1-ts": "^11.0.5",
+    "@mysten/ledgerjs-hw-app-sui": "^0.7.1"
   },
   "engines": {
-    "node": ">=20"
+    "node": ">=22"
+  },
+  "peerDependencies": {
+    "@mysten/sui": "^2.3.2"
   },
   "scripts": {
     "clean": "rm -rf tsconfig.tsbuildinfo ./dist",
-    "build": "build-package",
+    "build": "rm -rf dist && tsc --noEmit && tsdown",
     "prettier:check": "prettier -c --ignore-unknown .",
     "prettier:fix": "prettier -w --ignore-unknown .",
-    "eslint:check": "eslint --max-warnings=0 .",
-    "eslint:fix": "pnpm run eslint:check --fix",
-    "lint": "pnpm run eslint:check && pnpm run prettier:check",
-    "lint:fix": "pnpm run eslint:fix && pnpm run prettier:fix",
+    "oxlint:check": "oxlint  .",
+    "oxlint:fix": "oxlint --fix",
+    "lint": "pnpm run oxlint:check && pnpm run prettier:check",
+    "lint:fix": "pnpm run oxlint:fix && pnpm run prettier:fix",
     "test": "vitest run"
   }
 }

package/src/aws/aws-kms-signer.ts

@@ -83,15 +83,6 @@ export class AwsKmsSigner extends Signer {
 		return getConcatenatedSignature(fromBase64(signResponse.Signature), this.getKeyScheme());
 	}
 
-	/**
-	 * Synchronous signing is not supported by AWS KMS.
-	 * @throws Always throws an error indicating synchronous signing is unsupported.
-	 * @deprecated use `sign` instead
-	 */
-	signData(): never {
-		throw new Error('KMS Signer does not support sync signing');
-	}
-
 	/**
 	 * Prepares the signer by fetching and setting the public key from AWS KMS.
 	 * It is recommended to initialize an `AwsKmsSigner` instance using this function.

package/src/gcp/gcp-kms-client.ts

@@ -86,15 +86,6 @@ export class GcpKmsSigner extends Signer {
 		return getConcatenatedSignature(signResponse.signature as Uint8Array, this.getKeyScheme());
 	}
 
-	/**
-	 * Synchronous signing is not supported by GCP KMS.
-	 * @throws Always throws an error indicating synchronous signing is unsupported.
-	 * @deprecated use `sign` instead
-	 */
-	signData(): never {
-		throw new Error('GCP Signer does not support sync signing');
-	}
-
 	/**
 	 * Creates a GCP KMS signer from the provided options.
 	 * Expects the credentials file to be set as an env variable

package/src/ledger/index.ts

@@ -2,7 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 
 import type SuiLedgerClient from '@mysten/ledgerjs-hw-app-sui';
-import type { SuiClient } from '@mysten/sui/client';
+import type { ClientWithCoreApi } from '@mysten/sui/client';
 import type { SignatureWithBytes } from '@mysten/sui/cryptography';
 import { messageWithIntent, Signer, toSerializedSignature } from '@mysten/sui/cryptography';
 import { Ed25519PublicKey } from '@mysten/sui/keypairs/ed25519';
@@ -13,7 +13,6 @@ import { bcs } from '@mysten/sui/bcs';
 import { getInputObjects } from './objects.js';
 import type { Resolution } from '@mysten/ledgerjs-hw-app-sui';
 
-export { SuiMoveObject } from './bcs.js';
 export { getInputObjects } from './objects.js';
 
 /**
@@ -23,7 +22,7 @@ export interface LedgerSignerOptions {
 	publicKey: Ed25519PublicKey;
 	derivationPath: string;
 	ledgerClient: SuiLedgerClient;
-	suiClient: SuiClient;
+	suiClient: ClientWithCoreApi;
 }
 
 /**
@@ -33,7 +32,7 @@ export class LedgerSigner extends Signer {
 	#derivationPath: string;
 	#publicKey: Ed25519PublicKey;
 	#ledgerClient: SuiLedgerClient;
-	#suiClient: SuiClient;
+	#suiClient: ClientWithCoreApi;
 
 	/**
 	 * Creates an instance of LedgerSigner. It's expected to call the static `fromDerivationPath` method to create an instance.
@@ -131,7 +130,7 @@ export class LedgerSigner extends Signer {
 	static async fromDerivationPath(
 		derivationPath: string,
 		ledgerClient: SuiLedgerClient,
-		suiClient: SuiClient,
+		suiClient: ClientWithCoreApi,
 	) {
 		const { publicKey } = await ledgerClient.getPublicKey(derivationPath);
 		if (!publicKey) {

package/src/ledger/objects.ts

@@ -2,10 +2,9 @@
 // SPDX-License-Identifier: Apache-2.0
 
 import type { Transaction } from '@mysten/sui/transactions';
-import type { SuiClient } from '@mysten/sui/client';
-import { SuiMoveObject } from './bcs.js';
+import type { ClientWithCoreApi } from '@mysten/sui/client';
 
-export const getInputObjects = async (transaction: Transaction, client: SuiClient) => {
+export const getInputObjects = async (transaction: Transaction, client: ClientWithCoreApi) => {
 	const data = transaction.getData();
 
 	const gasObjectIds = data.gasData.payment?.map((object) => object.objectId) ?? [];
@@ -17,40 +16,17 @@ export const getInputObjects = async (transaction: Transaction, client: SuiClien
 		})
 		.filter((objectId): objectId is string => !!objectId);
 
-	const objects = await client.multiGetObjects({
-		ids: [...gasObjectIds, ...inputObjectIds],
-		options: {
-			showBcs: true,
-			showPreviousTransaction: true,
-			showStorageRebate: true,
-			showOwner: true,
+	const response = await client.core.getObjects({
+		objectIds: [...gasObjectIds, ...inputObjectIds],
+		include: {
+			objectBcs: true,
 		},
 	});
 
-	// NOTE: We should probably get rid of this manual serialization logic in favor of using the
-	// already serialized object bytes from the GraphQL API once there is more mainstream support
-	// for it + we can enforce the transport type on the Sui client.
-	const bcsObjects = objects
-		.map((object) => {
-			if (object.error || !object.data || object.data.bcs?.dataType !== 'moveObject') {
-				return null;
-			}
-
-			return SuiMoveObject.serialize({
-				data: {
-					MoveObject: {
-						type: object.data.bcs.type,
-						hasPublicTransfer: object.data.bcs.hasPublicTransfer,
-						version: object.data.bcs.version,
-						contents: object.data.bcs.bcsBytes,
-					},
-				},
-				owner: object.data.owner!,
-				previousTransaction: object.data.previousTransaction!,
-				storageRebate: object.data.storageRebate!,
-			}).toBytes();
-		})
-		.filter((bcsBytes): bcsBytes is Uint8Array<ArrayBuffer> => !!bcsBytes);
+	const bcsObjects = response.objects
+		.filter((obj): obj is Exclude<typeof obj, Error> => !(obj instanceof Error))
+		.map((object) => object.objectBcs)
+		.filter((bytes): bytes is Uint8Array<ArrayBuffer> => !!bytes);
 
 	return { bcsObjects };
 };