Sign a transaction with EDDSA and Baby Jubjub

This tutorial walks you through signing an Ethereum transaction with Quorum Key Manager (QKM) using the EDDSA signing algorithm and Baby Jubjub elliptic curve (also referred to as the BN254 twisted Edwards curve).

Prerequisites

• Quorum Key Manager installed
• curl command line
• HashiCorp Vault service running
• HashiCorp Vault - Orchestrate Plugin loaded in HashiCorp Vault service

Steps

1. In the QKM manifest file, specify an Ethereum store to allocate your Ethereum wallets, and the RPC node to proxy your calls using QKM.

   Example manifest file

   - kind: HashicorpKeys
     name: hashicorp-keys
     specs:
       mountPoint: "{ENGINE_MOUNT_POINT}"
       address: "{HASHICORP_VAULT_URL}"
       tokenPath: "{VAULT_TOKEN_PATH}"
       namespace: "{KEYS_NAMESPACE}"
   
   - kind: Node
     name: besu-node
     specs:
       rpc:
         addr: http://besu-node:8545

2. Start QKM with the manifest file by using the --manifest-path option:

   key-manager run --manifest-path=<PATH-TO-MANIFEST-FILE>

3. Create an Ethereum account using EDDSA and Baby Jubjub:

   curl HTTP request

   curl --request POST 'http://localhost:8080/stores/hashicorp-keys/keys/bn254-key' --header 'Content-Type: application/json' --data-raw '{"curve": "babyjubjub", "signingAlgorithm": "eddsa"}'

   JSON result

   {
     "id": "bn254-key",
     "publicKey": "Cjix/fS3WdqKGKabagBNYwcClan5aImoFpnjSF0cqJs=",
     "curve": "babyjubjub",
     "signingAlgorithm": "eddsa",
     "disabled": false,
     "createdAt": "2021-09-09T11:18:51.5877561Z",
     "updatedAt": "2021-09-09T11:18:51.5877561Z"
   }

4. Sign a payload using the created key pair:

   Generate base64 message to sign

   echo -n "my signed message" | base64

Base64 encoding result

```bash
bXkgc2lnbmVkIG1lc3NhZ2U=
```

curl HTTP request

```bash
curl --request POST 'http://localhost:8080/stores/hashicorp-keys/keys/bn254-key/sign' --header 'Content-Type: application/json' --data-raw '{"data": "bXkgc2lnbmVkIG1lc3NhZ2U="}'
```

JSON result

```json
tjThYhKSFSKKvsR8Pji6EJ+FYAcf8TNUdAQnM7MSwZEEaPvFhpr1SuGpX5uOcYUrb3pBA8cLk8xcbKtvZ56qWA==
```

<!--/tabs-->

5. Verify your message:

   curl HTTP request

   curl --request POST 'http://localhost:8080/stores/hashicorp-keys/keys/verify-signature' --header 'Content-Type: application/json' --data-raw '{"curve": "babyjubjub", "signingAlgorithm": "eddsa", "data": "bXkgc2lnbmVkIG1lc3NhZ2U=", "publicKey": "yhUiySkg/cKbiN8soKZ5YO0GXHqzx8iycnABzYMPE5A=", "signature": "tjThYhKSFSKKvsR8Pji6EJ+FYAcf8TNUdAQnM7MSwZEEaPvFhpr1SuGpX5uOcYUrb3pBA8cLk8xcbKtvZ56qWA=="}'