evm-kms-signer 1.0.0

package/dist/utils/der.js

@@ -0,0 +1,100 @@
+import { DerParsingError } from '../errors';
+/**
+ * Parse DER-encoded ECDSA signature into r and s components
+ *
+ * DER structure:
+ * SEQUENCE (0x30) [total_length]
+ *   INTEGER (0x02) [r_length] [r_bytes]
+ *   INTEGER (0x02) [s_length] [s_bytes]
+ *
+ * @param der - DER-encoded signature from AWS KMS
+ * @returns Object with r and s as 32-byte Uint8Arrays
+ * @throws DerParsingError if signature format is invalid
+ */
+export function parseDerSignature(der) {
+    // Validate minimum length
+    if (der.length === 0) {
+        throw new DerParsingError('Invalid DER signature: empty buffer');
+    }
+    if (der.length < 8) {
+        throw new DerParsingError('Invalid DER signature: buffer too short');
+    }
+    // Validate SEQUENCE tag
+    if (der[0] !== 0x30) {
+        throw new DerParsingError('Invalid DER signature: expected SEQUENCE tag (0x30)');
+    }
+    const sequenceLength = der[1];
+    if (der.length < sequenceLength + 2) {
+        throw new DerParsingError('Invalid DER signature: SEQUENCE length exceeds buffer size');
+    }
+    let offset = 2; // Skip SEQUENCE tag and length
+    // Parse r INTEGER
+    if (offset >= der.length) {
+        throw new DerParsingError('Invalid DER signature: missing r INTEGER tag');
+    }
+    if (der[offset] !== 0x02) {
+        throw new DerParsingError('Invalid DER signature: expected INTEGER tag (0x02) for r');
+    }
+    offset++;
+    if (offset >= der.length) {
+        throw new DerParsingError('Invalid DER signature: missing r length');
+    }
+    let rLength = der[offset];
+    offset++;
+    // Validate r length
+    if (rLength === 0) {
+        throw new DerParsingError('Invalid DER signature: r length cannot be 0');
+    }
+    if (rLength > 33) {
+        throw new DerParsingError('Invalid DER signature: r length exceeds maximum (33 bytes)');
+    }
+    if (offset + rLength > der.length) {
+        throw new DerParsingError('Invalid DER signature: r value exceeds buffer length');
+    }
+    let r = der.slice(offset, offset + rLength);
+    // Remove leading 0x00 (negative number prevention padding)
+    if (rLength === 33 && r[0] === 0x00) {
+        r = r.slice(1);
+    }
+    // Left-pad with zeros to 32 bytes
+    if (r.length < 32) {
+        const padded = new Uint8Array(32);
+        padded.set(r, 32 - r.length);
+        r = padded;
+    }
+    offset += rLength;
+    // Parse s INTEGER
+    if (offset >= der.length) {
+        throw new DerParsingError('Invalid DER signature: missing s INTEGER tag');
+    }
+    if (der[offset] !== 0x02) {
+        throw new DerParsingError('Invalid DER signature: expected INTEGER tag (0x02) for s');
+    }
+    offset++;
+    if (offset >= der.length) {
+        throw new DerParsingError('Invalid DER signature: missing s length');
+    }
+    let sLength = der[offset];
+    offset++;
+    // Validate s length
+    if (sLength === 0) {
+        throw new DerParsingError('Invalid DER signature: s length cannot be 0');
+    }
+    if (sLength > 33) {
+        throw new DerParsingError('Invalid DER signature: s length exceeds maximum (33 bytes)');
+    }
+    if (offset + sLength > der.length) {
+        throw new DerParsingError('Invalid DER signature: s value exceeds buffer length');
+    }
+    let s = der.slice(offset, offset + sLength);
+    if (sLength === 33 && s[0] === 0x00) {
+        s = s.slice(1);
+    }
+    if (s.length < 32) {
+        const padded = new Uint8Array(32);
+        padded.set(s, 32 - s.length);
+        s = padded;
+    }
+    return { r, s };
+}
+//# sourceMappingURL=der.js.map

package/dist/utils/der.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"der.js","sourceRoot":"","sources":["../../src/utils/der.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAA;AAE3C;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,iBAAiB,CAAC,GAAe;IAC/C,0BAA0B;IAC1B,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrB,MAAM,IAAI,eAAe,CAAC,qCAAqC,CAAC,CAAA;IAClE,CAAC;IAED,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,eAAe,CAAC,yCAAyC,CAAC,CAAA;IACtE,CAAC;IAED,wBAAwB;IACxB,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACpB,MAAM,IAAI,eAAe,CAAC,qDAAqD,CAAC,CAAA;IAClF,CAAC;IAED,MAAM,cAAc,GAAG,GAAG,CAAC,CAAC,CAAC,CAAA;IAC7B,IAAI,GAAG,CAAC,MAAM,GAAG,cAAc,GAAG,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,eAAe,CAAC,4DAA4D,CAAC,CAAA;IACzF,CAAC;IAED,IAAI,MAAM,GAAG,CAAC,CAAA,CAAC,+BAA+B;IAE9C,kBAAkB;IAClB,IAAI,MAAM,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;QACzB,MAAM,IAAI,eAAe,CAAC,8CAA8C,CAAC,CAAA;IAC3E,CAAC;IAED,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC;QACzB,MAAM,IAAI,eAAe,CAAC,0DAA0D,CAAC,CAAA;IACvF,CAAC;IACD,MAAM,EAAE,CAAA;IAER,IAAI,MAAM,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;QACzB,MAAM,IAAI,eAAe,CAAC,yCAAyC,CAAC,CAAA;IACtE,CAAC;IAED,IAAI,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,CAAA;IACzB,MAAM,EAAE,CAAA;IAER,oBAAoB;IACpB,IAAI,OAAO,KAAK,CAAC,EAAE,CAAC;QAClB,MAAM,IAAI,eAAe,CAAC,6CAA6C,CAAC,CAAA;IAC1E,CAAC;IAED,IAAI,OAAO,GAAG,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,eAAe,CAAC,4DAA4D,CAAC,CAAA;IACzF,CAAC;IAED,IAAI,MAAM,GAAG,OAAO,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC;QAClC,MAAM,IAAI,eAAe,CAAC,sDAAsD,CAAC,CAAA;IACnF,CAAC;IAED,IAAI,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,CAAA;IAC3C,2DAA2D;IAC3D,IAAI,OAAO,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACpC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAChB,CAAC;IACD,kCAAkC;IAClC,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAClB,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAA;QACjC,MAAM,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,CAAA;QAC5B,CAAC,GAAG,MAAM,CAAA;IACZ,CAAC;IACD,MAAM,IAAI,OAAO,CAAA;IAEjB,kBAAkB;IAClB,IAAI,MAAM,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;QACzB,MAAM,IAAI,eAAe,CAAC,8CAA8C,CAAC,CAAA;IAC3E,CAAC;IAED,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC;QACzB,MAAM,IAAI,eAAe,CAAC,0DAA0D,CAAC,CAAA;IACvF,CAAC;IACD,MAAM,EAAE,CAAA;IAER,IAAI,MAAM,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;QACzB,MAAM,IAAI,eAAe,CAAC,yCAAyC,CAAC,CAAA;IACtE,CAAC;IAED,IAAI,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,CAAA;IACzB,MAAM,EAAE,CAAA;IAER,oBAAoB;IACpB,IAAI,OAAO,KAAK,CAAC,EAAE,CAAC;QAClB,MAAM,IAAI,eAAe,CAAC,6CAA6C,CAAC,CAAA;IAC1E,CAAC;IAED,IAAI,OAAO,GAAG,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,eAAe,CAAC,4DAA4D,CAAC,CAAA;IACzF,CAAC;IAED,IAAI,MAAM,GAAG,OAAO,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC;QAClC,MAAM,IAAI,eAAe,CAAC,sDAAsD,CAAC,CAAA;IACnF,CAAC;IAED,IAAI,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,CAAA;IAC3C,IAAI,OAAO,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACpC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAChB,CAAC;IACD,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAClB,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAA;QACjC,MAAM,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,CAAA;QAC5B,CAAC,GAAG,MAAM,CAAA;IACZ,CAAC;IAED,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAA;AACjB,CAAC"}

package/dist/utils/signature.d.ts

@@ -0,0 +1,95 @@
+import type { Hex, Address } from 'viem';
+/**
+ * secp256k1 curve order (n)
+ * Maximum value for ECDSA signature components r and s
+ */
+export declare const SECP256K1_N = 115792089237316195423570985008687907852837564279074904382605163141518161494337n;
+/**
+ * Half of secp256k1 curve order
+ * Used for EIP-2 signature normalization
+ */
+export declare const SECP256K1_N_HALF: bigint;
+/**
+ * Normalizes the s value of an ECDSA signature according to EIP-2.
+ *
+ * EIP-2 requires that s must be in the lower half of the curve order
+ * to prevent signature malleability attacks. If s > n/2, it is converted
+ * to s' = n - s.
+ *
+ * @param s - The s component of the ECDSA signature
+ * @returns The normalized s value
+ * @throws {SignatureNormalizationError} If s is out of valid range
+ *
+ * @example
+ * ```typescript
+ * const s = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000000000000000000000000001n
+ * const normalizedS = normalizeS(s)
+ * // normalizedS will be less than SECP256K1_N_HALF
+ * ```
+ */
+export declare function normalizeS(s: bigint): bigint;
+/**
+ * Calculates the recovery ID (0-3) for an ECDSA signature.
+ *
+ * The recovery ID is needed to recover the public key from a signature.
+ * This function tries all 4 possible recovery IDs and returns the one
+ * that produces a public key matching the expected address.
+ *
+ * @param messageHash - The hash of the signed message (32 bytes)
+ * @param r - The r component of the signature as hex string
+ * @param s - The s component of the signature as hex string
+ * @param expectedAddress - The expected Ethereum address
+ * @returns The recovery ID (0, 1, 2, or 3)
+ * @throws {RecoveryIdCalculationError} If no valid recovery ID is found
+ *
+ * @example
+ * ```typescript
+ * const recoveryId = await calculateRecoveryId(
+ *   '0x1234...', // message hash
+ *   '0xabcd...', // r value
+ *   '0xef01...', // s value
+ *   '0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb'
+ * )
+ * // recoveryId will be 0, 1, 2, or 3
+ * ```
+ */
+export declare function calculateRecoveryId(messageHash: Hex, r: Hex, s: Hex, expectedAddress: Address): Promise<number>;
+/**
+ * Calculates the v value for an ECDSA signature.
+ *
+ * The v value is used in Ethereum signatures to enable public key recovery.
+ * - Legacy (no chainId): v = 27 + recoveryId
+ * - EIP-155 (with chainId): v = chainId * 2 + 35 + recoveryId
+ *
+ * @param recoveryId - The recovery ID (0-3)
+ * @param chainId - Optional chain ID for EIP-155 signatures
+ * @returns The v value as bigint
+ *
+ * @example
+ * ```typescript
+ * // Legacy signature (no chain ID)
+ * const vLegacy = calculateV(0) // returns 27n
+ *
+ * // EIP-155 signature (with chain ID 1 for Ethereum mainnet)
+ * const vEIP155 = calculateV(0, 1) // returns 37n (1 * 2 + 35 + 0)
+ * ```
+ */
+export declare function calculateV(recoveryId: number, chainId?: number): bigint;
+/**
+ * Converts a Uint8Array to a bigint.
+ *
+ * This is useful for converting DER-encoded signature components
+ * (which are returned as Uint8Array) to bigint for cryptographic operations.
+ *
+ * @param arr - The Uint8Array to convert
+ * @returns The bigint representation
+ *
+ * @example
+ * ```typescript
+ * const bytes = new Uint8Array([0x01, 0x02, 0x03, 0x04])
+ * const value = uint8ArrayToBigInt(bytes)
+ * // value === 0x01020304n
+ * ```
+ */
+export declare function uint8ArrayToBigInt(arr: Uint8Array): bigint;
+//# sourceMappingURL=signature.d.ts.map

package/dist/utils/signature.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signature.d.ts","sourceRoot":"","sources":["../../src/utils/signature.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AAIxC;;;GAGG;AACH,eAAO,MAAM,WAAW,kFAAsE,CAAA;AAE9F;;;GAGG;AACH,eAAO,MAAM,gBAAgB,QAAmB,CAAA;AAEhD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,UAAU,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAY5C;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAsB,mBAAmB,CACvC,WAAW,EAAE,GAAG,EAChB,CAAC,EAAE,GAAG,EACN,CAAC,EAAE,GAAG,EACN,eAAe,EAAE,OAAO,GACvB,OAAO,CAAC,MAAM,CAAC,CAgCjB;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,UAAU,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,CAcvE;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,UAAU,GAAG,MAAM,CAY1D"}

package/dist/utils/signature.js

@@ -0,0 +1,153 @@
+import { recoverPublicKey, fromHex } from 'viem';
+import { SignatureNormalizationError, RecoveryIdCalculationError } from '../errors';
+import { publicKeyToAddress } from './address';
+/**
+ * secp256k1 curve order (n)
+ * Maximum value for ECDSA signature components r and s
+ */
+export const SECP256K1_N = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141n;
+/**
+ * Half of secp256k1 curve order
+ * Used for EIP-2 signature normalization
+ */
+export const SECP256K1_N_HALF = SECP256K1_N / 2n;
+/**
+ * Normalizes the s value of an ECDSA signature according to EIP-2.
+ *
+ * EIP-2 requires that s must be in the lower half of the curve order
+ * to prevent signature malleability attacks. If s > n/2, it is converted
+ * to s' = n - s.
+ *
+ * @param s - The s component of the ECDSA signature
+ * @returns The normalized s value
+ * @throws {SignatureNormalizationError} If s is out of valid range
+ *
+ * @example
+ * ```typescript
+ * const s = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000000000000000000000000001n
+ * const normalizedS = normalizeS(s)
+ * // normalizedS will be less than SECP256K1_N_HALF
+ * ```
+ */
+export function normalizeS(s) {
+    if (s <= 0n || s >= SECP256K1_N) {
+        throw new SignatureNormalizationError(`s value out of valid range (must be 0 < s < n): ${s.toString(16)}`);
+    }
+    if (s > SECP256K1_N_HALF) {
+        return SECP256K1_N - s;
+    }
+    return s;
+}
+/**
+ * Calculates the recovery ID (0-3) for an ECDSA signature.
+ *
+ * The recovery ID is needed to recover the public key from a signature.
+ * This function tries all 4 possible recovery IDs and returns the one
+ * that produces a public key matching the expected address.
+ *
+ * @param messageHash - The hash of the signed message (32 bytes)
+ * @param r - The r component of the signature as hex string
+ * @param s - The s component of the signature as hex string
+ * @param expectedAddress - The expected Ethereum address
+ * @returns The recovery ID (0, 1, 2, or 3)
+ * @throws {RecoveryIdCalculationError} If no valid recovery ID is found
+ *
+ * @example
+ * ```typescript
+ * const recoveryId = await calculateRecoveryId(
+ *   '0x1234...', // message hash
+ *   '0xabcd...', // r value
+ *   '0xef01...', // s value
+ *   '0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb'
+ * )
+ * // recoveryId will be 0, 1, 2, or 3
+ * ```
+ */
+export async function calculateRecoveryId(messageHash, r, s, expectedAddress) {
+    for (let recoveryId = 0; recoveryId < 4; recoveryId++) {
+        try {
+            // Attempt to recover public key using this recovery ID
+            // Use legacy v value (27 + recoveryId) for recovery
+            const publicKey = await recoverPublicKey({
+                hash: messageHash,
+                signature: {
+                    r,
+                    s,
+                    v: BigInt(27 + recoveryId)
+                }
+            });
+            // Calculate address from recovered public key
+            // recoverPublicKey returns Hex, convert to Uint8Array for publicKeyToAddress
+            const publicKeyBytes = fromHex(publicKey, 'bytes');
+            const address = publicKeyToAddress(publicKeyBytes);
+            // Compare with expected address (case-insensitive)
+            if (address.toLowerCase() === expectedAddress.toLowerCase()) {
+                return recoveryId;
+            }
+        }
+        catch {
+            // Recovery failed with this ID, try next one
+            continue;
+        }
+    }
+    throw new RecoveryIdCalculationError(`Cannot find valid recovery ID for signature (r=${r}, s=${s}) and address ${expectedAddress}`);
+}
+/**
+ * Calculates the v value for an ECDSA signature.
+ *
+ * The v value is used in Ethereum signatures to enable public key recovery.
+ * - Legacy (no chainId): v = 27 + recoveryId
+ * - EIP-155 (with chainId): v = chainId * 2 + 35 + recoveryId
+ *
+ * @param recoveryId - The recovery ID (0-3)
+ * @param chainId - Optional chain ID for EIP-155 signatures
+ * @returns The v value as bigint
+ *
+ * @example
+ * ```typescript
+ * // Legacy signature (no chain ID)
+ * const vLegacy = calculateV(0) // returns 27n
+ *
+ * // EIP-155 signature (with chain ID 1 for Ethereum mainnet)
+ * const vEIP155 = calculateV(0, 1) // returns 37n (1 * 2 + 35 + 0)
+ * ```
+ */
+export function calculateV(recoveryId, chainId) {
+    if (recoveryId < 0 || recoveryId > 3) {
+        throw new RecoveryIdCalculationError(`Invalid recovery ID (must be 0-3): ${recoveryId}`);
+    }
+    if (chainId !== undefined) {
+        // EIP-155: v = chainId * 2 + 35 + recoveryId
+        return BigInt(chainId * 2 + 35 + recoveryId);
+    }
+    // Legacy: v = 27 + recoveryId
+    return BigInt(27 + recoveryId);
+}
+/**
+ * Converts a Uint8Array to a bigint.
+ *
+ * This is useful for converting DER-encoded signature components
+ * (which are returned as Uint8Array) to bigint for cryptographic operations.
+ *
+ * @param arr - The Uint8Array to convert
+ * @returns The bigint representation
+ *
+ * @example
+ * ```typescript
+ * const bytes = new Uint8Array([0x01, 0x02, 0x03, 0x04])
+ * const value = uint8ArrayToBigInt(bytes)
+ * // value === 0x01020304n
+ * ```
+ */
+export function uint8ArrayToBigInt(arr) {
+    if (arr.length === 0) {
+        return 0n;
+    }
+    // Convert Uint8Array to hex string
+    const hex = Array.from(arr)
+        .map(byte => byte.toString(16).padStart(2, '0'))
+        .join('');
+    // Parse as bigint
+    return BigInt('0x' + hex);
+}
+//# sourceMappingURL=signature.js.map

package/dist/utils/signature.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"signature.js","sourceRoot":"","sources":["../../src/utils/signature.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AAEhD,OAAO,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,MAAM,WAAW,CAAA;AACnF,OAAO,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAA;AAE9C;;;GAGG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,mEAAmE,CAAA;AAE9F;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,WAAW,GAAG,EAAE,CAAA;AAEhD;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,UAAU,CAAC,CAAS;IAClC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,WAAW,EAAE,CAAC;QAChC,MAAM,IAAI,2BAA2B,CACnC,mDAAmD,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CACpE,CAAA;IACH,CAAC;IAED,IAAI,CAAC,GAAG,gBAAgB,EAAE,CAAC;QACzB,OAAO,WAAW,GAAG,CAAC,CAAA;IACxB,CAAC;IAED,OAAO,CAAC,CAAA;AACV,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,WAAgB,EAChB,CAAM,EACN,CAAM,EACN,eAAwB;IAExB,KAAK,IAAI,UAAU,GAAG,CAAC,EAAE,UAAU,GAAG,CAAC,EAAE,UAAU,EAAE,EAAE,CAAC;QACtD,IAAI,CAAC;YACH,uDAAuD;YACvD,oDAAoD;YACpD,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC;gBACvC,IAAI,EAAE,WAAW;gBACjB,SAAS,EAAE;oBACT,CAAC;oBACD,CAAC;oBACD,CAAC,EAAE,MAAM,CAAC,EAAE,GAAG,UAAU,CAAC;iBAC3B;aACF,CAAC,CAAA;YAEF,8CAA8C;YAC9C,6EAA6E;YAC7E,MAAM,cAAc,GAAG,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;YAClD,MAAM,OAAO,GAAG,kBAAkB,CAAC,cAAc,CAAC,CAAA;YAElD,mDAAmD;YACnD,IAAI,OAAO,CAAC,WAAW,EAAE,KAAK,eAAe,CAAC,WAAW,EAAE,EAAE,CAAC;gBAC5D,OAAO,UAAU,CAAA;YACnB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,6CAA6C;YAC7C,SAAQ;QACV,CAAC;IACH,CAAC;IAED,MAAM,IAAI,0BAA0B,CAClC,kDAAkD,CAAC,OAAO,CAAC,iBAAiB,eAAe,EAAE,CAC9F,CAAA;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,UAAU,CAAC,UAAkB,EAAE,OAAgB;IAC7D,IAAI,UAAU,GAAG,CAAC,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,0BAA0B,CAClC,sCAAsC,UAAU,EAAE,CACnD,CAAA;IACH,CAAC;IAED,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,6CAA6C;QAC7C,OAAO,MAAM,CAAC,OAAO,GAAG,CAAC,GAAG,EAAE,GAAG,UAAU,CAAC,CAAA;IAC9C,CAAC;IAED,8BAA8B;IAC9B,OAAO,MAAM,CAAC,EAAE,GAAG,UAAU,CAAC,CAAA;AAChC,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,kBAAkB,CAAC,GAAe;IAChD,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrB,OAAO,EAAE,CAAA;IACX,CAAC;IAED,mCAAmC;IACnC,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC;SACxB,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC/C,IAAI,CAAC,EAAE,CAAC,CAAA;IAEX,kBAAkB;IAClB,OAAO,MAAM,CAAC,IAAI,GAAG,GAAG,CAAC,CAAA;AAC3B,CAAC"}

package/package.json

@@ -0,0 +1,70 @@
+{
+  "name": "evm-kms-signer",
+  "version": "1.0.0",
+  "description": "AWS KMS-based Ethereum signer for viem with enterprise-grade security. Sign transactions and messages using keys stored in AWS KMS without exposing private keys.",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "keywords": [
+    "ethereum",
+    "aws",
+    "kms",
+    "viem",
+    "signer",
+    "evm",
+    "crypto",
+    "blockchain",
+    "wallet",
+    "security"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/gtg7784/evm-kms-signer.git"
+  },
+  "bugs": {
+    "url": "https://github.com/gtg7784/evm-kms-signer/issues"
+  },
+  "homepage": "https://github.com/gtg7784/evm-kms-signer#readme",
+  "scripts": {
+    "type-check": "tsc --noEmit",
+    "start": "tsx src/index.ts",
+    "build": "tsc",
+    "test": "vitest",
+    "test:ui": "vitest --ui",
+    "test:run": "vitest run",
+    "example:sign": "tsx examples/sign-message.ts",
+    "example:tx": "tsx examples/send-transaction.ts"
+  },
+  "author": "Alan Go <tae.gun7784@gmail.com>",
+  "license": "MIT",
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "packageManager": "pnpm@9.0.1+sha1.0e0a9c2d140ddf9aab730067eb7bcfb9e18bdee7",
+  "peerDependencies": {
+    "viem": "^2.0.0"
+  },
+  "dependencies": {
+    "@aws-sdk/client-kms": "^3.0.0",
+    "abitype": "^1.1.1"
+  },
+  "devDependencies": {
+    "@types/node": "^24.10.0",
+    "dotenv": "^17.2.3",
+    "tsx": "^4.20.6",
+    "typescript": "^5.9.3",
+    "vitest": "^4.0.8",
+    "viem": "^2.0.0"
+  }
+}