Skip to main content

Sign a transaction with EDDSA and Baby Jubjub

This tutorial walks you through signing an Ethereum transaction with Quorum Key Manager (QKM) using the EDDSA signing algorithm and Baby Jubjub elliptic curve (also referred to as the BN254 twisted Edwards curve).



  1. In the QKM manifest file, specify an Ethereum store to allocate your Ethereum wallets, and the RPC node to proxy your calls using QKM.

    Example manifest file
    - kind: HashicorpKeys
    name: hashicorp-keys
    mountPoint: "{ENGINE_MOUNT_POINT}"
    address: "{HASHICORP_VAULT_URL}"
    tokenPath: "{VAULT_TOKEN_PATH}"
    namespace: "{KEYS_NAMESPACE}"

    - kind: Node
    name: besu-node
    addr: http://besu-node:8545
  2. Start QKM with the manifest file by using the --manifest-path option:

    key-manager run --manifest-path=<PATH-TO-MANIFEST-FILE>
  3. Create an Ethereum account using EDDSA and Baby Jubjub:

    curl --request POST 'http://localhost:8080/stores/hashicorp-keys/keys/bn254-key' --header 'Content-Type: application/json' --data-raw '{"curve": "babyjubjub", "signingAlgorithm": "eddsa"}'
  4. Sign a payload using the created key pair:

    echo -n "my signed message" | base64

Base64 encoding result


curl HTTP request

curl --request POST 'http://localhost:8080/stores/hashicorp-keys/keys/bn254-key/sign' --header 'Content-Type: application/json' --data-raw '{"data": "bXkgc2lnbmVkIG1lc3NhZ2U="}'

JSON result


  1. Verify your message:

    curl --request POST 'http://localhost:8080/stores/hashicorp-keys/keys/verify-signature' --header 'Content-Type: application/json' --data-raw '{"curve": "babyjubjub", "signingAlgorithm": "eddsa", "data": "bXkgc2lnbmVkIG1lc3NhZ2U=", "publicKey": "yhUiySkg/cKbiN8soKZ5YO0GXHqzx8iycnABzYMPE5A=", "signature": "tjThYhKSFSKKvsR8Pji6EJ+FYAcf8TNUdAQnM7MSwZEEaPvFhpr1SuGpX5uOcYUrb3pBA8cLk8xcbKtvZ56qWA=="}'