Skip to main content
See the PKP Sign Reference API for more details on how to sign a message with your PKP.

Prerequisites

  • authContext is required. This is the result from the authentication flow.
  • pubkey is required. This is the public key of the PKP to sign with.

Quick Example

// The message string will be UTF-8 encoded before signing.
// Hashing (e.g., Keccak256 for Ethereum, SHA256 for Bitcoin)
// is handled automatically by the Lit Protocol based on the selected chain.
const messageBytes = new TextEncoder().encode(messageToSign);

const signatures = await litClient.chain.raw.pkpSign({
  chain: "ethereum",
  signingScheme: "EcdsaK256Sha256",
  pubKey: pkpInfo.pubkey,
  authContext: authContext,
  toSign: messageBytes, // UTF-8 encoded message
});

Hashing defaults and bypass

By default the SDK hashes ECDSA payloads for you using the canonical function for each chain (Ethereum → keccak256, Bitcoin/Cosmos → SHA-256/SHA-384) before sending to the nodes for signing. Schnorr/EdDSA schemes receive the raw bytes exactly as you provided them. If you already computed a digest (for example when signing EIP-712 typed data) you can pass it directly and opt out of the SDK hashing step by setting bypassAutoHashing: true: 
const digestBytes = hexToBytes(hashTypedData(typedData));

const signature = await litClient.chain.raw.pkpSign({
  chain: 'ethereum',
  signingScheme: 'EcdsaK256Sha256',
  pubKey: pkpInfo.pubkey,
  authContext,
  toSign: digestBytes,
  bypassAutoHashing: true,
});

Available signing schemes

ECDSA Schemes

SchemeCurve
EcdsaK256Sha256secp256k1
EcdsaP256Sha256NIST P‑256
EcdsaP384Sha384NIST P‑384

EdDSA Schemes

SchemeCurve
SchnorrEd25519Sha512ed25519
SchnorrEd448Shake256ed448

Schnorr Variants

SchemeCurve
SchnorrK256Taprootsecp256k1
SchnorrK256Sha256secp256k1
SchnorrP256Sha256NIST P‑256
SchnorrP384Sha384NIST P‑384

ZK/Privacy Schnorr Variants

SchemeCurve
SchnorrRistretto25519Sha512Ristretto25519
SchnorrRedJubjubBlake2b512Jubjub
SchnorrRedDecaf377Blake2b512Decaf377
SchnorrkelSubstratesr25519