Skip to content

Feat/support keystone#11944

Open
ww3512687 wants to merge 9 commits intoanza-xyz:masterfrom
KeystoneHQ:feat/support-keystone
Open

Feat/support keystone#11944
ww3512687 wants to merge 9 commits intoanza-xyz:masterfrom
KeystoneHQ:feat/support-keystone

Conversation

@ww3512687
Copy link
Copy Markdown

@ww3512687 ww3512687 commented Apr 15, 2026
edited
Loading

Problem

The Solana CLI did not support Keystone hardware wallets.

Summary of Changes

  • Refactor remote-wallet to extract wallet scanning and wallet-type dispatch, making it easier to add new hardware wallet types.
  • Add full support for Keystone hardware wallets via USB, including:
    • Device detection and USB transport layer using rusb
    • APDU communication and EAPDU packet framing/parsing
    • UR-encoded QR hardware calls for key derivation and transaction signing
    • Integration with the remote wallet manager and locator
    • CLI documentation for using Keystone with Solana
  • Add workspace dependencies for rusb, ur-registry, and ur-parse-lib

Fixes #

@ww3512687
refactor(remote-wallet): extract wallet scanning and wallet-type disp…
c23d5e7 
…atch
@ww3512687
feat: Add support for Keystone hardware wallets
4100740 
- Updated Cargo.toml to include dependencies for rusb, ur-registry, and ur-parse-lib.
- Added documentation for using Keystone hardware wallets with the Solana CLI.
- Implemented KeystoneWallet struct and associated methods for USB communication.
- Enhanced remote wallet functionality to detect and interact with Keystone devices.
- Updated locator and remote wallet modules to support Keystone as a manufacturer.
@mergify mergify Bot requested a review from a team April 15, 2026 05:11
@ww3512687 ww3512687 mentioned this pull request Apr 15, 2026
Open
@0jovi0
Copy link
Copy Markdown

0jovi0 commented Apr 20, 2026

sign_offchain_message delegates directly to sign_message, which hardcodes SignType::Transaction. Off-chain messages will be presented to the Keystone firmware as transactions, breaking domain separation — the hardware wallet cannot show the user the correct signing context ("Sign Message" vs "Sign Transaction").

@ww3512687
Copy link
Copy Markdown
Author

ww3512687 commented Apr 27, 2026

sign_offchain_message delegates directly to sign_message, which hardcodes SignType::Transaction. Off-chain messages will be presented to the Keystone firmware as transactions, breaking domain separation — the hardware wallet cannot show the user the correct signing context ("Sign Message" vs "Sign Transaction").

hi, @0jovi0
Regarding the SignType issue, in the latest version of the Keystone firmware, this field is actually no longer used for detection. The firmware now distinguishes between Messages and Transactions by parsing the specific UR data directly.

This means that even if the internal sign type is hardcoded, the device correctly identifies the data type and renders the appropriate UI ("Sign Message" vs. "Sign Transaction") based on the UR content. Thank you for your suggestion.

@ww3512687
Copy link
Copy Markdown
Author

ww3512687 commented Apr 28, 2026

Hi @joncinque , could you please take a look at this PR when you have a chance? I'd appreciate your feedback. Thanks!

joncinque
joncinque reviewed May 4, 2026
View reviewed changes
Comment thread Cargo.toml Outdated
Comment on lines +579 to +580
ur-registry = { git = "https://github.com/KeystoneHQ/keystone-sdk-rust.git", tag = "0.0.56", default-features = false, features = ["std"] }
ur-parse-lib = { git = "https://github.com/KeystoneHQ/keystone-sdk-rust.git", tag = "0.0.56" }
Copy link
Copy Markdown

@joncinque joncinque May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can't accept this PR with git dependencies, since the agave crates are published to crates.io. Is there any plan to publish these?

@joncinque
Copy link
Copy Markdown

joncinque commented May 4, 2026

Thanks for your contribution! I did a quick pass, but it looks like everything makes sense architecturally. We just need to figure out the ur-registry and ur-parse-lib dependencies before I can take a closer look

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joncinque joncinque joncinque left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

community need:merge-assist

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ww3512687 @0jovi0 @joncinque