syntax = "proto3"; package ethereum.validator.accounts.v2; import "eth/v1alpha1/attestation.proto"; import "eth/v1alpha1/beacon_block.proto"; import "google/api/annotations.proto"; import "google/protobuf/empty.proto"; import "github.com/gogo/protobuf/gogoproto/gogo.proto"; // RemoteSigner service API. // // Defines a remote-signing keymanager which manages eth2 // validator accounts and can sign respective messages. service RemoteSigner { // ListPublicKeysResponse managed by a remote signer. rpc ListValidatingPublicKeys(google.protobuf.Empty) returns (ListPublicKeysResponse) { option (google.api.http) = { get: "/accounts/v2/remote/accounts" }; } // Sign a remote request via gRPC. rpc Sign(SignRequest) returns (SignResponse) { option (google.api.http) = { post: "/accounts/v2/remote/sign" }; } } // ListPublicKeysResponse contains public keys // for the validator secrets managed by the remote signer. message ListPublicKeysResponse { // List of 48 byte, BLS12-381 validating public keys. repeated bytes validating_public_keys = 2; } // SignRequest is a message type used by a keymanager // as part of Prysm's accounts v2 implementation. message SignRequest { // 48 byte public key corresponding to an associated private key // being requested to sign data. bytes public_key = 1; // Raw bytes signing root the client is requesting to sign. The client is // expected to determine these raw bytes from the appropriate BLS // signing domain as well as the signing root of the data structure // the bytes represent. bytes signing_root = 2; // Signature domain and the beacon chain objects to allow server to verify // the contents and to prevent slashing. bytes signature_domain = 3; // Beacon chain objects. [100-200] oneof object { ethereum.eth.v1alpha1.BeaconBlock block = 101; ethereum.eth.v1alpha1.AttestationData attestation_data = 102; ethereum.eth.v1alpha1.AggregateAttestationAndProof aggregate_attestation_and_proof = 103; ethereum.eth.v1alpha1.VoluntaryExit exit = 104; uint64 slot = 105 [(gogoproto.casttype) = "github.com/prysmaticlabs/eth2-types.Slot"]; uint64 epoch = 106 [(gogoproto.casttype) = "github.com/prysmaticlabs/eth2-types.Epoch"]; } } // SignResponse returned by a RemoteSigner gRPC service. message SignResponse { enum Status { UNKNOWN = 0; SUCCEEDED = 1; DENIED = 2; FAILED = 3; } // BLS12-381 signature for the data specified in the request. bytes signature = 1; // Status of the signing response, standardized as an enum // to ensure different remote signing servers follow the // same conventions. Status status = 2; }