Skip to content
You are reading Quorum Key Manager development version documentation and some displayed features may not be available in the stable release. You can switch to stable version using the version box at screen bottom.

Sign a transaction with EDDSA and Baby Jubjub

This tutorial walks you through signing an Ethereum transaction with Quorum Key Manager (QKM) using the EDDSA signing algorithm and Baby Jubjub elliptic curve (also referred to as the BN254 twisted Edwards curve).

Prerequisites

Steps

  1. In the QKM manifest file, specify an Ethereum store to allocate your Ethereum wallets, and the RPC node to proxy your calls using QKM.

    Example manifest file

    - kind: HashicorpKeys
      name: hashicorp-keys
      specs:
        mountPoint: '{ENGINE_MOUNT_POINT}'
        address: '{HASHICORP_VAULT_URL}'
        tokenPath: '{VAULT_TOKEN_PATH}'
        namespace: '{KEYS_NAMESPACE}'
    
    - kind: Node
      name: besu-node
      specs:
        rpc:
          addr: http://besu-node:8545
    
  2. Start QKM with the manifest file by using the --manifest-path option:

    key-manager run --manifest-path=<PATH-TO-MANIFEST-FILE>
    
  3. Create an Ethereum account using EDDSA and Baby Jubjub:

    curl --request POST 'http://localhost:8080/stores/hashicorp-keys/keys/bn254-key' --header 'Content-Type: application/json' --data-raw '{"curve": "babyjubjub", "signingAlgorithm": "eddsa"}'
    
    {
        "id": "bn254-key",
        "publicKey": "Cjix/fS3WdqKGKabagBNYwcClan5aImoFpnjSF0cqJs=",
        "curve": "babyjubjub",
        "signingAlgorithm": "eddsa",
        "disabled": false,
        "createdAt": "2021-09-09T11:18:51.5877561Z",
        "updatedAt": "2021-09-09T11:18:51.5877561Z"
    }
    
  4. Sign a payload using the created key pair:

    echo -n "my signed message" | base64
    
    bXkgc2lnbmVkIG1lc3NhZ2U=
    
    curl --request POST 'http://localhost:8080/stores/hashicorp-keys/keys/bn254-key/sign' --header 'Content-Type: application/json' --data-raw '{"data": "bXkgc2lnbmVkIG1lc3NhZ2U="}'
    
    tjThYhKSFSKKvsR8Pji6EJ+FYAcf8TNUdAQnM7MSwZEEaPvFhpr1SuGpX5uOcYUrb3pBA8cLk8xcbKtvZ56qWA==
    
  5. Verify your message:

    curl --request POST 'http://localhost:8080/stores/hashicorp-keys/keys/verify-signature' --header 'Content-Type: application/json' --data-raw '{"curve": "babyjubjub", "signingAlgorithm": "eddsa", "data": "bXkgc2lnbmVkIG1lc3NhZ2U=", "publicKey": "yhUiySkg/cKbiN8soKZ5YO0GXHqzx8iycnABzYMPE5A=", "signature": "tjThYhKSFSKKvsR8Pji6EJ+FYAcf8TNUdAQnM7MSwZEEaPvFhpr1SuGpX5uOcYUrb3pBA8cLk8xcbKtvZ56qWA=="}'
    
Questions or feedback? You can discuss issues and obtain free support on Quorum Key Manager Discord channel.
For paid professional support by Consensys, contact us at [email protected].