# Custom Keys
# Yubico HSM Key
This example shows how you can write a custom Key
implementation to use the Jigu library with Yubico's HSM (hardware-software module) for stricter security demands.
from jigu import Terra
from jigu.core import Coins
from jigu.core.msg import MsgSend
from jigu.key import Key
from yubihsm import YubiHsm
from yubihsm.defs import ALGORITHM, CAPABILITY
from yubihsm.objects import AsymmetricKey
class YubiHSMKey(Key):
def __init__(
self, uri, password, session_id=1, obj=0, key_label="my-key", domain=1
):
self.hsm = YubiHsm.connect(uri)
self.session = hsm.create_session_derived(session_id, password)
self.key = AsymmetricKey.generate(
session, # Secure YubiHsm session to use.
obj, # Object ID, 0 to get one assigned.
key_label, # Label for the object.
domain, # Domain(s) for the object.
CAPABILITY.SIGN_ECDSA, # Capabilities for the object.
ALGORITHM.EC_P256, # Algorithm for the key.
)
@property
def public_key(self) -> bytes:
return key.get_public_key()
def sign(self, payload: bytes) -> bytes:
return key.sign_ecdsa(payload)
def __del__(self): # destructor
self.sesison.close()
self.hsm.close()
soju = Terra("soju-0013", "https://soju-lcd.terra.dev/")
wallet = soju.wallet(YubiHSMKey("http://localhost:12345", "password"))
send = MsgSend(
wallet.address, # from
"terra...", # to
Coins(uluna=100000000), # amount, 100 LUNA
)
tx = wallet.create_and_sign_tx(send)
wallet.broadcast(tx)