# RGB Signer

**RGB Signer** is a lightweight backend service designed to securely sign PSBTs (Partially Signed Bitcoin Transactions) on behalf of the RGB Node. It is meant to be run in a customer-controlled environment and never exposes any external HTTP interfaces. All communication is handled over **RabbitMQ channels**, ensuring a secure and isolated signing process.

***

### Purpose

* Holds or accesses the merchant’s private keys
* Listens for signing requests from ThunderLink RGB Node
* Signs PSBTs and returns signed transactions through a secure message queue
* **Never exposes keys or services over the public internet**

***

### How It Works

1. The service establishes a secure RabbitMQ connection and listens to the queue `rpc.to-client`.
2. When a `sign` request is received, it:
   * Parses the PSBT from the message payload
   * Init RGB wallet use mnemonic, xpub-van, xpub-col
   * Signs the PSBT
   * Sends the signed result to `rpc.to-server` with the same transaction ID (`txId`)

***

### Communication Model

| Direction            | Queue           | Purpose                 |
| -------------------- | --------------- | ----------------------- |
| RGB Manager → Signer | `rpc.to-client` | Sends PSBTs for signing |
| Signer → RGB Manager | `rpc.to-server` | Returns signed PSBTs    |

***

### Method Handlers

Currently supported:

| Method | Description                                                                            |
| ------ | -------------------------------------------------------------------------------------- |
| `sign` | Signs a base64-encoded PSBT using the mnemonic-derived key and returns the signed PSBT |

> New methods can be added by extending the `methodHandlers` map.<br>

***

### 🔒 Security Notes

* **No public-facing ports**: All communication is internal via RabbitMQ.
* **Private keys are never transmitted**: Only unsigned PSBTs and signed responses are exchanged.
* **Signer is isolated**: Runs inside your infrastructure, fully under customer control.

### 📁 Repository

Git repo: \
&#x20;[RGB Signer on GitHub](https://github.com/RGB-OS/thunderlink-signer)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.thunderstack.org/bitcoin-native-infrastructure/readme/thunderlink/rgb-signer.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.