Skip to main content

Function Signature

signSessionMessage(
  message: string,
  privateKeyJwk: JsonWebKey
): Promise<string>
Exported from @dynamic-labs-wallet/node.

Description

Signs a message with a P-256 session private JWK using the exact encoding the keyshares relay expects: ECDSA P-256 / SHA-256 over the UTF-8 message, returned as the raw 64-byte r‖s in lowercase hex. Use it to implement the getSessionSignature option of authenticateJwt:
getSessionSignature: (message) => signSessionMessage(message, privateKeyJwk)
The JWK is imported non-extractable for signing. If your session key lives in a KMS, HSM, or enclave instead of a stored JWK, implement getSessionSignature against that signer directly — it must return the same encoding (raw r‖s, lowercase hex).

Parameters

Required Parameters

  • message (string) - The message to sign. The SDK supplies these; you do not construct them.
  • privateKeyJwk (JsonWebKey) - The session private key from generateSessionKeyPair.

Returns

  • Promise<string> - The signature: raw ECDSA P-256 r‖s (64 bytes) as lowercase hex.

Example

import { signSessionMessage } from '@dynamic-labs-wallet/node';

await client.authenticateJwt(jwt, {
  getSessionSignature: (message) => signSessionMessage(message, privateKeyJwk),
});
Last modified on July 9, 2026