> ## Documentation Index
> Fetch the complete documentation index at: https://www.dynamic.xyz/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# signSessionMessage

> Signs a message with a P-256 session private JWK in the encoding the keyshares relay expects

## Function Signature

```typescript theme={"system"}
signSessionMessage(
  message: string,
  privateKeyJwk: JsonWebKey
): Promise<string>
```

Exported from `@dynamic-labs-wallet/node`.

## Description

Signs a message with a P-256 session private JWK using the exact encoding the keyshares relay expects: ECDSA P-256 / SHA-256 over the UTF-8 message, returned as the raw 64-byte `r‖s` in lowercase hex.

Use it to implement the `getSessionSignature` option of [authenticateJwt](/node/reference/auth/authenticate-jwt):

```typescript theme={"system"}
getSessionSignature: (message) => signSessionMessage(message, privateKeyJwk)
```

The JWK is imported non-extractable for signing. If your session key lives in a KMS, HSM, or enclave instead of a stored JWK, implement `getSessionSignature` against that signer directly — it must return the same encoding (raw `r‖s`, lowercase hex).

## Parameters

### Required Parameters

* **`message`** (`string`) - The message to sign. The SDK supplies these; you do not construct them.
* **`privateKeyJwk`** (`JsonWebKey`) - The session private key from [generateSessionKeyPair](/node/reference/auth/generate-session-key-pair).

## Returns

* **`Promise<string>`** - The signature: raw ECDSA P-256 `r‖s` (64 bytes) as lowercase hex.

## Example

```typescript theme={"system"}
import { signSessionMessage } from '@dynamic-labs-wallet/node';

await client.authenticateJwt(jwt, {
  getSessionSignature: (message) => signSessionMessage(message, privateKeyJwk),
});
```

## Related Functions

* [`generateSessionKeyPair()`](/node/reference/auth/generate-session-key-pair) - Generate the session key pair
* [`authenticateJwt()`](/node/reference/auth/authenticate-jwt) - Where the signer is configured
