Raw Signing

Raw signing is using keys directly to sign your own payloads. Perhaps you need serialize your own transaction, or you want to sign something else entirely. In order for a key to be used for raw signing, it must be of either user or shared variant (not internal).

Create a key

Create a key that we can sign with manually.

CLI

treasury keys create my_solana_key --algorithm ed255 --threshold 2

CSL

create user key my_solana_key { threshold = 2, algorithm = "ed255" }

This will create the following Key resource.

{
  "name": "keys/my_solana_key",
  "state": "generated",
  "variant": "user",
  "creator": "users/root",
  "create_time": "2024-12-04T00:00:16Z",
  "update_time": "2024-12-04T00:00:17Z",
  "version": 3,
  "algorithm": "ed255",
  "key": "33214d84d327448e1d4ff4585f40c56d9ecfebb50991a95cdf8882a81864ce2b",
  "attempt": 1,
  "threshold": 2,
  "shares": {
    "signers/1": "721d19208691345bba7dc5cfa3b2ebc8d94db9cb1b4e382652988053cfc8a54b",
    "signers/2": "c999089637f8db5afd25fc777dcea29f87bb3826b5fbc1c5654138df9591595a"
  },
  "format": "raw"
}

Sign a payload

Sign the message "I will buy BTC next ATH".

Note that the message and signature are both hex encoded.

echo 'I will buy BTC next ATH' | xxd -p -c 1000
# 492077696c6c2062757920425443206e657874204154480a

CLI

treasury signatures create --key my_solana_key  --message "492077696c6c2062757920425443206e657874204154480a"

CSL

create signature {  key = "my_solana_key", message = "492077696c6c2062757920425443206e657874204154480a" }

This will create the following Signature resource.

{
  "name": "signatures/14",
  "state": "signed",
  "creator": "users/root",
  "create_time": "2024-12-04T00:03:46Z",
  "update_time": "2024-12-04T00:03:51Z",
  "version": 3,
  "format": "raw",
  "signature": "0c4a68b2ed1a03109063e1a7d56bc27c6102f47d301e7d0c8e300b17fd1039c75a0d7a116041426b1d5325caabbb66877f6db3abf0a9ed454d80dc3460332300",
  "shares": {
    "signers/1": "02000000000000000100000000000000310100000000000000326c98896518b99ae4a4ad88a7b154d974cba02aed9861dee7ddae477f02c6ea06822cbea3f95c4038d15a5a95272b6258adbcee05a61a5362b76dfacbe4347c0a",
    "signers/2": "02000000000000000100000000000000310100000000000000326c98896518b99ae4a4ad88a7b154d974cba02aed9861dee7ddae477f02c6ea06c5b4b1ca8047148b2295c2d7628ae343d2b0c4a54a8f9ae39512e2687bfea605"
  },
  "message": "492077696c6c2062757920425443206e657874204154480a",
  "key": "keys/my_solana_key",
  "digest": null,
  "triples": null
}

We can decode the message or signature by running

echo 492077696c6c2062757920425443206e657874204154480a | xxd -r -p -c 1000
# I will buy BTC next ATH

Create a shared key

You can create a "shared" Address and use it's key for shared signing. This is handy if you want to use both the high level transaction APIs and raw signing.

CLI

treasury addresses generate SOL --shared

CSL

create shared address for SOL

You can lookup the new Solana address, and see it's associated key. This key will be of shared variant, and can be used for raw signing.