Interoperability with other nodes

By default nodes in Canton run a tink provider that is not compatible with KMS provider that stores the Canton private keys. If you want to continue to have other nodes running a non-KMS Canton you are obliged to use a jce provider and you must explicitly configure it to use the KMS supported algorithms as the required algorithms. Here is an example on how to set it up for a simple distributed sync domain:

canton.domain-managers.domainManager1 = {
  crypto.provider = jce
  domain-parameters.protocol-version = 5
}

canton.sequencers.sequencer1.crypto = {
  provider = jce
}

canton.mediators.mediator1.crypto = {
  provider = jce
}

And here is an example for a participant:

canton.participants.participant2.crypto = {
  provider = jce
}

In other words, a node running with a kms provider (which is externally storing Canton private keys) is only ever able to communicate with other nodes running a kms or jce providers.

See this table for a description of cryptographic schemes supported by the KMS provider.