Lib.rs

Hardware support | Authentication
#signature #yubi-key #pgp #cryptography #hardware

yubikey-crpyto

YubiKey OpenPGP card signing for Ed25519 and secp256k1 based crypto signatures

Owned by xiongchenyu6.

1 unstable release

Uses new Rust 2024

new 0.1.2 May 16, 2025

#937 in Hardware support

MIT/Apache

60KB
220 lines

Solana YubiKey Signer (yubikey_ed25519_crpyto)

A Rust library and CLI example for constructing and signing Solana transactions using a YubiKey's OpenPGP card (Ed25519), and etherum secp256k1 keys. This library allows you to securely sign Solana and eth transactions using your YubiKey, leveraging its cryptographic capabilities to ensure private key security.

Library Usage

Add to your Cargo.toml:

[dependencies]
yubikey_ed25519_crpyto = { path = "./yubikey_ed25519_crpyto" }
solana-sdk = "1.17"
solana-client = "1.17"

Fetching the Public Key

use yubikey_ed25519_crpyto::get_pubkey_from_yubikey;

let pubkey_bytes = get_pubkey_from_yubikey()?;
// Use pubkey_bytes as a Solana Pubkey, e.g.:
let pubkey = solana_sdk::pubkey::Pubkey::from(pubkey_bytes);

Signing a Solana Transaction Message

use yubikey_ed25519_crpyto::sign_with_yubikey;

// `msg_data` is the serialized Solana message bytes
let signature_bytes = sign_with_yubikey(&msg_data)?;
// Use signature_bytes as the signature for your transaction

Example CLI

A ready-to-use CLI is provided in examples/main.rs.

Build and Run

cargo run --example main -p yubikey_ed25519_crpyto

Example CLI Flow

  • Fetches your YubiKey Ed25519 public key
  • Prompts for recipient and amount
  • Builds and signs a Solana transfer transaction
  • Verifies and sends the transaction to Solana testnet

Example Output

--- Solana Transfer (YubiKey Signing) ---
Sender pubkey (from YubiKey): <YOUR_PUBKEY>
Sender balance (testnet): <LAMPORTS>
Recent blockhash (from testnet): <BLOCKHASH>
Recipient pubkey (base58): <ENTER>
Amount (lamports): <ENTER>
Enter User PIN (PW1/PIN2): <PIN>
Local signature verification successful.
Transaction sent and confirmed!
Solana signature: <SIGNATURE>
Signed transaction (base64): <BASE64>
Signature (base58): <SIGNATURE>

Prerequisites

  • YubiKey with OpenPGP (Ed25519) configured
  • PC/SC middleware (pcscd running)
  • Linux: sudo apt-get install pcscd opensc gnupg scdaemon

Troubleshooting

  • Ensure your YubiKey is inserted and supports Ed25519 OpenPGP
  • Check with gpg --card-status or pcsc_scan
  • If prompted, enter your YubiKey PIN (default: 123456)

License

MIT OR Apache-2.0

Dependencies

~92MB
~1.5M SLoC