Dfns has become an official signing provider for Canton Wallet Gateway. The company’s signing driver has been merged into the Gateway’s codebase, enabling any CIP-103 compliant application on Canton to access Dfns-secured cryptographic keys through standardized infrastructure.
What is the Canton Wallet Gateway?
The Wallet Gateway functions as Canton Network’s vendor-neutral middleware layer, creating standardized communication between three previously disconnected components:
- Decentralized applications requesting transactions from users
- Validator nodes submitting transactions to the Canton ledger
- Signing providers managing keys and authorizing signatures
Previously, each wallet provider, custodian, and dApp required custom integrations. The Gateway replaces this fragmented approach with the CIP-103 dApp API standard, allowing applications to function across any conforming wallet provider and signing solutions to work with any compliant dApp.
The architecture deliberately separates identity, ledger submission, and key custody. The Gateway manages transaction submission while signing providers handle secure key storage and approval workflows.
How Dfns supports the Gateway
The Dfns signing driver implements the Gateway’s signing provider interface. When applications request transaction authorization for users with Dfns-managed keys, the Gateway routes requests to the Dfns driver, which:
- Resolves the appropriate key by operating on a key model rather than wallet model, ensuring compatibility with Gateway primitives without imposing Canton-specific abstractions
- Initiates the Dfns signing process, including configured policies such as approval thresholds, amount limits, time locks, know-your-transaction checks, passkey authentication, and organizational safeguards
- Returns the signature to the Gateway for validator submission
The driver does not manage validator topology, submission, or party registration — those responsibilities remain with the Gateway and validator.
This architectural approach complements earlier work on Bring Your Own Validator support for Canton. Organizations bringing their own validator and operating it behind their own Wallet Gateway now have a fully Dfns-secured Canton environment managing keys, policies, approvals, and validator infrastructure from a single location.
Implications for clients
For existing Dfns users on Canton: Current wallets function seamlessly. The Gateway becomes an additional access method, particularly beneficial for dApp integration within the Canton ecosystem. No migration, key rotation, or operational changes required.
For Canton dApp developers: Applications can target Dfns users without building Dfns-specific integrations. Implementing the Gateway’s dApp SDK treats Dfns as one signing option alongside other supported providers, abstracting custody infrastructure details from application logic.
For Canton evaluators: Onboarding barriers for institutional clients have diminished. Rather than requiring prospects to adopt specific wallet vendors, organizations can reference the Gateway and allow clients to utilize already-trusted providers. Dfns increasingly fills this role.
For the broader ecosystem: Decoupling key custody, ledger access, and application logic behind standardized interfaces reduces redundant infrastructure development across new applications, enabling ecosystem scaling.
Next steps
The driver is now live in the Wallet Gateway main branch. Dfns plans to collaborate with early dApp partners validating end-to-end production workflows while continuing to contribute to Gateway evolution as the CIP-103 specification and Splice Wallet Kernel develop.