EIP-712 Signing
CRE Connect authorizes every Operation with an EIP-712 typed-data signature. The signature is verified on-chain by the Smart Account before any transaction in the Operation runs. EIP-712 was chosen so that a wallet UI โ or a key-management operator inspecting a payload โ can render a human-readable approval prompt instead of an opaque hash.
Domain
CRE Connect uses a fixed EIP-712 domain to identify "this is a CRE Connect Smart Account Operation":
| Domain field | Value |
|---|---|
name | CLLSmartAccount |
version | 1 |
chainId | The numeric chain ID of the chain on which the Smart Account is deployed. |
verifyingContract | The Smart Account address โ the wallet that will execute the Operation. |
Because verifyingContract is the Smart Account itself, two wallets on the same chain produce different domain hashes โ a signature for wallet A is unusable on wallet B even if both contracts speak the same protocol. This is what makes the EIP-712 binding per-account.
Typed-data schema
The primary type is Operation. It references one dependent type, Transaction:
Operation {
id uint256
account address
deadline uint256
transactions Transaction[]
}
Transaction {
to address
value uint256
data bytes
}
These are the same fields documented in Operations. The signature is a standard EIP-712 digest over this typed structure and the domain โ bit-for-bit compatible with any EIP-712 implementation in Solidity, Ethers, viem, or rust-ethereum.
Hashing pipeline
The application supplies the Operation; CRE Connect builds the typed-data payload, computes the digest, and asks the configured signer to sign it. Signing is a 32-bytes-in, 65-bytes-out operation โ the signer never has to understand CRE Connect's domain or types.
Signers
A signer is anything that can produce an ECDSA signature over a 32-byte hash. CRE Connect supports several common key-management options at launch:
| Adapter | Notes |
|---|---|
| Local (ECDSA) | In-process key. Recommended for local development only. |
| AWS KMS | KMS-managed secp256k1 key. |
| HashiCorp Vault | Vault Transit secrets engine, ECDSA secp256k1 key. |
| Fireblocks | Hosted custody with optional human approval workflow. |
| Privy | Privy embedded wallet via REST. |
| Custom | Any implementation that signs a 32-byte hash. |
Some signer adapters can also render the EIP-712 typed data directly to a human approver, which makes the contents of the Operation human-readable in the approval UI rather than displaying an opaque hash.
Authorization vs execution
EIP-712 signing only authorizes the Operation. It does not pay gas, and it does not put the Operation on-chain by itself. Execution still goes through the Chainlink DON, which signs and broadcasts the underlying transaction on the Smart Account's behalf (see Account Abstraction & Gas Sponsorship).
This separation has two practical consequences:
- The signing key never holds gas. A KMS- or Vault-managed key with no on-chain presence is sufficient.
- The on-chain
tx.originis the DON's writer, not the user. Authorization is anchored on the EIP-712-recovered signer address compared against the wallet's allow-list, not on the message sender โ see Smart Accounts for the contract-level model.
Related
- Operations & Transactions โ what gets signed.
- Smart Accounts โ the on-chain verifier of the signature.
-
EIP-712: Typed structured data hashing and signing
โ the canonical Ethereum specification.