This is Haskell bindings to perform signing using Ed25519 algorithm used in blockchains such as Cardano. This is meant to enable using YubiHSM (Yubico Hardware Security Module) as an offline signing device to hold the key and sign transactions instead of a wallet. It uses yubihsm.rs YubiHSM Rust community bindings.
The Rust and Haskell library can be built using Nix as follows,
# Rust
nix build .#rust
# Haskell
nix build
You can also use cabal
or cargo
from inside of nix develop
shell. For example,
nix develop
cd ./rustbits
cargo test
cd ../
cabal build
To test the Haskell->Rust integration works, a Cabal executable is provided. You can run it as:
❯ nix run
thread '<unnamed>' panicked at 'could not connect to YubiHSM: Error(Context { kind: ProtocolError, source: Some(Error(Context { kind: ProtocolError, source: Some(Error(Context { kind: UsbError, source: Some(Message("no YubiHSM 2 devices detected")) })) })) })', src/lib.rs:39:49
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
fatal runtime error: failed to initiate panic, error 5
Aborted (core dumped)
- Install Nix & enable Flakes
- Run
nix develop -c echo
to sanity check your environment - Open as single-folder workspace in Visual Studio Code
- If you use
nix-direnv
, install this extension, otherwise install this one.
- If you use
Some useful development works.
- When editing the Haskell library, run
nix develop -c ghcid
to get fast compile feedback. - When editing the Haskell executable, run
nix develop -c ghcid -c 'cabal repl exe:yubihsm-ed-sign'
to get fast compile feedback.- Add
-T :main
inside of-c
argument if you also want to run the main entrypoint.
- Add
- For Haskell repl,
nix develop -c cabal repl
rustbits
is the Rust code- The project root is the Haskell project that invokes that code through FFI