Sign
Signing produces a threshold signature over a message hash using the device's keyshare and the server's keyshare. The full private key is never reconstructed — and each party must contribute its share to the MPC protocol in order to produce valid signature.
For the SDK contract see Sign (Kotlin) and Sign (Swift).
How the example does it
- Android
- iOS / macOS
suspend fun sign(keyId: String, message: ByteArray, derivationPath: String): ByteArray {
val dao = readDao(keyId)
val signature = sessionFor(dao.keyType)
.sign(keyId, message.toHex(), derivationPath)
.getOrThrow()
return signature
}
func sign(keyId: String, message: Data, derivationPath: String) async throws -> Data {
let record = try loadRecord(keyId: keyId)
let messageHex = message.map { String(format: "%02x", $0) }.joined()
let sig = try await sessionForKeyType(record.keyType)
.sign(keyId: keyId, message: messageHex, derivationPath: derivationPath).get()
return sig
}
The example reads the stored record via readDao(keyId) / loadRecord(keyId:) only to resolve the keyType for session dispatch — the keyshare bytes are no longer loaded for signing (the SDK reads them internally by keyId). That record is the storage client's VaultReconcileStoreDao / VaultReconcileRecord wrapper, and the keyType on it is how the example knows which session (ECDSA or EdDSA) to dispatch to.
The message parameter is the transaction hash (hex-encoded). The derivationPath is "m" in this example (the root BIP-32 path). For child key derivation see BIP-32.

