Currently, the Zcash Android Wallet SDK handles private key management and transaction signing internally. This creates limitations for applications that need to integrate with external signing solutions, such as hardware wallets, secure enclaves, or other cryptographic signing services. Developers who want to implement custom signing mechanisms or integrate with external security solutions cannot easily do so because the SDK doesn’t provide a way to inject custom signing logic.
opened 08:21AM - 11 Jun 25 UTC
## Is your feature request related to a problem? Please describe.
Currently, th… e Zcash Android Wallet SDK handles private key management and transaction signing internally. This creates limitations for applications that need to integrate with external signing solutions, such as hardware wallets, secure enclaves, or other cryptographic signing services. Developers who want to implement custom signing mechanisms or integrate with external security solutions cannot easily do so because the SDK doesn't provide a way to inject custom signing logic.
## Describe the solution you'd like
I would like the SDK to support a simple external signer interface that allows developers to provide their own signing implementation. This would enable:
1. **Custom signing backends**: Integration with hardware wallets, secure elements, or other external signing services
2. **Enhanced security**: Keeping private keys in secure hardware or external services
3. **Flexible architecture**: Allowing applications to choose their preferred signing method
The solution should include:
- A simple interface with a single signing method
- Ability to inject the external signer into the SDK
- The SDK handles all transaction preparation and only delegates the actual signing
## Alternatives you've considered
1. **Forking the SDK**: Modifying the existing codebase to support external signing, but this would require maintaining a separate fork
## Additional context
This feature would greatly enhance the SDK's flexibility and enable integration with various security solutions. It would also align with best practices in cryptocurrency wallet development where signing and key management can be separated from transaction logic.
The external signer interface should be designed to be:
- Easy to implement for different signing backends
- Secure by default with proper validation
- Compatible with existing SDK functionality
- Well-documented with clear examples
Sample interface
```
/**
* Interface for external transaction signing in Zcash Android SDK
*/
interface ExternalSigner {
/**
* Signs a transparent transaction input (Bitcoin-style ECDSA)
*
* @param sighash The transaction hash to sign
* @return The signature bytes (DER encoded)
* @throws SigningException if signing fails
*/
suspend fun signTransparent(sighash: ByteArray): ByteArray
/**
* Signs a Sapling shielded transaction (RedJubjub signature)
*
* @param sighash The transaction hash to sign
* @param randomizer Random bytes for signature generation
* @return The signature bytes
* @throws SigningException if signing fails
*/
suspend fun signSapling(sighash: ByteArray, randomizer: ByteArray): ByteArray
/**
* Signs an Orchard shielded transaction (RedPallas signature)
*
* @param sighash The transaction hash to sign
* @param randomizer Random bytes for signature generation
* @return The signature bytes
* @throws SigningException if signing fails
*/
suspend fun signOrchard(sighash: ByteArray, randomizer: ByteArray): ByteArray
/**
* Gets the transparent public key (secp256k1)
*
* @return The compressed public key bytes
* @throws SigningException if key retrieval fails
*/
suspend fun getTransparentPublicKey(): ByteArray
/**
* Gets the Sapling spending key (Jubjub)
*
* @return The spending key bytes
* @throws SigningException if key retrieval fails
*/
suspend fun getSaplingSpendingKey(): ByteArray
/**
* Gets the Orchard spending key (Pallas)
*
* @return The spending key bytes
* @throws SigningException if key retrieval fails
*/
suspend fun getOrchardSpendingKey(): ByteArray
}
/**
* Exception thrown when signing operations fail
*/
class SigningException(
message: String,
cause: Throwable? = null
) : Exception(message, cause)
```
1 Like
str4d
June 11, 2025, 1:17pm
2
Per my reply on the now-closed issue, this feature already exists. Both the Android and Swift SDKs support transaction signing via PCZTs , and Zashi is already using it to integrate with the Keystone hardware wallet.
1 Like
pacu
June 11, 2025, 2:30pm
3
In addition to what Str4d has replied, the SDKs don’t handle any keys. Wallet applications, which are the “clients” of the SDKs do.
You should leverage PCZTs and work your signing logic as you see fit.