This repository hosts the CubeSigner Snap and a demo site using the snap to sign transactions across different chains (EVM, Solana, and Bitcoin).
CubeSigner is a hardware-backed, non-custodial platform for securely managing cryptographic keys. The CubeSigner Snap uses the CubeSigner TypeScript SDK to let your MetaMask users sign transactions on EVM-based chains like Ethereum, Avalanche, and Polygon, and on non-EVM chains like Bitcoin and Solana.
To use the snap you need a CubeSigner account: contact us to get started.
The Cubist team built CubeSigner to address the key security vs key availability tradeoff: right now, many teams are forced to keep keys available in memory and therefore exposed to attackers, or try to keep keys safe—usually only at rest—at serious latency and engineering cost. CubeSigner addresses this problem by giving developers low-latency access to hardware-backed key generation and signing. During each of these operations, CubeSigner safeguards their users' keys in HSM-sealed Nitro Enclaves—combining cold wallet security with hot wallet speed and simplicity.
Right now, the CubeSigner Snap supports signing for EVM chains like Ethereum and Avalanche, and non-EVM chains Bitcoin and Solana. Support for more chains and more features is in the works!
You can watch the CubeSigner Snap used with our demo site here:
cubesigner-snap.mp4
-
Install Node.js v19
-
Log into your CubeSigner organization using the
cscommand-line tool, e.g.,cs login owner@example.com --env '<gamma|prod|...>'
npm install
npm run buildnpm test-
Start the snap
npm -C packages/snap run start
-
Start the demo website
npm -C packages/site run start
-
Navigate to
http://localhost:8000and connect to MetaMask. -
Click the
Log into CubeSignerbuttonThe CubeSigner Snap will display a dialog to let you enter your CubeSigner signer session token. (Never paste your session token anywhere else!)
To generate a new token for an existing role, run the following command from your terminal:
cs token create --purpose "Snap demo" --role-id $ROLE_ID --output base64
Copy the token and paste it into the snap dialog (and then clear your clipboard).
You are now logged in and can sign and send transactions with the keys the token gives you access to!