feat(ocr2key): expose raw EVM onchain signing public key#2087
Conversation
stackman27
changed the title
|
👋 stackman27, thanks for creating this pull request! To help reviewers, please consider creating future PRs as drafts first. This allows you to self-review and make any final changes before notifying the team. Once you're ready, you can mark it as "Ready for review" to request feedback. Thanks! |
✅ API Diff Results -
|
There was a problem hiding this comment.
Pull request overview
This PR exposes the full uncompressed ECDSA/secp256k1 on-chain signing public key (65 bytes, hex-encoded) for OCR2 EVM key bundles via a new RawOnChainPublicKey() method on ocr2key.KeyBundle, enabling external consumers (e.g., Job Distributor) to obtain the raw pubkey without manual key export/decryption steps.
Changes:
- Extends the
KeyBundleinterface withRawOnChainPublicKey() string. - Implements
RawOnChainPublicKey()in the generic key bundle and adds an EVM keyring helper that returns the uncompressed pubkey. - Documents the new behavior via interface/method comments.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
keystore/corekeys/ocr2key/key_bundle.go |
Adds the new RawOnChainPublicKey() API to the KeyBundle interface and documents intended behavior. |
keystore/corekeys/ocr2key/generic_key_bundle.go |
Implements RawOnChainPublicKey() on the generic key bundle, delegating to the EVM keyring for supported chains. |
keystore/corekeys/ocr2key/evm_keyring.go |
Adds RawOnChainPublicKey() to return the hex-encoded uncompressed secp256k1 public key. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| // RawOnChainPublicKey returns the full uncompressed secp256k1 public key for EVM (65 bytes, hex-encoded). | ||
| // Returns empty string for other chain types. | ||
| RawOnChainPublicKey() string |
| // RawOnChainPublicKey returns the full uncompressed public key (65 bytes for EVM) | ||
| // while PublicKey returns the address (20 bytes for EVM) | ||
| func (ekr *evmKeyring) RawOnChainPublicKey() string { | ||
| return hex.EncodeToString(crypto.FromECDSAPub(&ekr.privateKey().PublicKey)) | ||
| } |
| // RawOnChainPublicKey returns the full uncompressed secp256k1 public key for EVM. | ||
| // Returns empty string for other chain types. | ||
| func (kb *keyBundle[K]) RawOnChainPublicKey() string { | ||
| if kb.chainType != corekeys.EVM { | ||
| return "" | ||
| } | ||
| evmKr, ok := any(kb.keyring).(*evmKeyring) | ||
| if !ok { | ||
| return "" | ||
| } | ||
| return evmKr.RawOnChainPublicKey() | ||
| } |
|
|
||
| // RawOnChainPublicKey returns the full uncompressed secp256k1 public key for EVM. | ||
| // Returns empty string for other chain types. | ||
| func (kb *keyBundle[K]) RawOnChainPublicKey() string { |
Define RawEVMOnChainPublicKey via a type assertion on *keyBundle[*evmKeyring] so the keystore module compiles under Go generics. Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Could you probably mention Catana here (and the absence of |
Expose the full uncompressed EVM OCR2 onchain signing public key (65 bytes, hex-encoded) via a new RawOnChainPublicKey() method on KeyBundle.
Today, evmKeyring.PublicKey() returns the 20-byte address, not the full secp256k1 pubkey. Job Distributor needs the raw pubkey to avoid manually exec’ing into pods and exporting/decrypting OCR2 keys.
noecrecoverin Daml so we have to verify(r,s)against preconfigured pubkeys
Requires
Supports
smartcontractkit/chainlink#22673