Serializes a Serializable value to its BCS representation.
This function is the TypeScript SDK equivalent of bcs::to_bytes in Move.
the BCS representation of the Serializable instance as a byte buffer.
Converts the BCS-serialized bytes of a value into a Hex instance. This function provides a Hex representation of the BCS-serialized data for easier handling and manipulation.
A Hex instance with the BCS-serialized bytes loaded into its underlying Uint8Array.
Create a new PrivateKey instance from a Uint8Array or String.
A HexInput (string or Uint8Array)
Optionalstrict: booleanIf true, private key must AIP-80 compliant.
Static ReadonlyLENGTHLength of Secp256k1 ecdsa private key
Overwrites the underlying private-key byte buffer with random bytes and then zeros. After calling this method the key can no longer sign or derive a public key.
SECURITY: This is a best-effort window-narrowing tool, NOT a true
zeroization guarantee. In JavaScript, four classes of copies cannot be
reached from user code and so survive clear():
toString(),
toHexString(), or bcsToHex().toString() is an immutable string
in the heap. The language provides no API to overwrite string
memory; it is reclaimed only when GC collects it.@noble/curves
expands the private key into scalar BigInt field elements, which
are also immutable. Even if noble explicitly zeroed its own byte
copies after use, the BigInt intermediates persist.Uint8Array we zeroed may have stale copies sitting in survivor
space until the next cycle reclaims them.This method zeros the SDK's own Uint8Array (the most reachable
copy), but downstream consumers should treat it as a hardening signal,
not a guarantee. If you need real key-material hygiene, prefer a
WASM-backed secp256k1 implementation that exposes explicit
memzero, or hardware-backed keys (HSM / TPM / secure enclave).
Note that crypto.subtle does NOT support secp256k1 on any major
runtime, so non-extractable WebCrypto keys are not available for
this curve.
To minimize the size of the unreachable-copy set, avoid calling
toString() / toHexString() on private keys at all in long-lived
processes — the byte form is what gets cleared.
Returns whether the private key has been cleared from memory.
true if the key has been cleared, false otherwise
Derive the Secp256k1PublicKey from this private key.
Secp256k1PublicKey The derived public key.
Sign the given message with the private key. This function generates a cryptographic signature for the provided message, ensuring the signature is canonical and non-malleable.
A message in HexInput format to be signed.
Signature - The generated signature for the provided message.
The polymorphic message: HexInput input is ambiguous — a
bare even-length string of hex characters (e.g., "cafe") is signed
as the 2 bytes [0xCA, 0xFE], not 4 UTF-8 text bytes. Use
signBytes for Uint8Array input or signText for
string input; both are unambiguous. See
convertSigningMessage for the full legacy rule.
Sign exactly the bytes of message. The input is interpreted as raw
bytes regardless of what they encode. Pair with
Secp256k1PublicKey.verifyBytes.
The message is SHA3-256 hashed before signing (matching the Aptos-side Secp256k1 signing convention), and the produced signature is in canonical low-S form for malleability resistance.
The exact bytes to sign.
The generated signature for the provided bytes.
Sign the UTF-8 encoding of message. The input is always treated as
text — there is no hex/text heuristic. Pair with
Secp256k1PublicKey.verifyText.
The text to sign.
The generated signature for the UTF-8 bytes of the provided text.
Get the private key as a string representation.
SECURITY: This produces an immutable JS string containing the key
material in hex. Strings cannot be zeroed by clear() (see the
clear() JSDoc for the four classes of unreachable copies). Avoid
calling this method on long-lived Secp256k1PrivateKey instances in
processes where memory hygiene matters; prefer toUint8Array(),
which returns a clearable Uint8Array.
string representation of the private key
StaticfromDerives a private key from a mnemonic seed phrase using a specified BIP44 path.
The BIP44 path to derive the key from.
The mnemonic seed phrase used for key generation.
The generated private key.
StaticgenerateGenerate a new random private key.
Secp256k1PrivateKey - A newly generated Secp256k1 private key.
StaticisDetermines if the provided private key is an instance of Secp256k1PrivateKey.
The private key to be checked.
Get the private key as a AIP-80 compliant hex string.
SECURITY: Same caveat as toString() — produces an immutable JS string
containing the key material; cannot be zeroed by clear().
AIP-80 compliant string representation of the private key.
Returns the hex string representation of the Serializable value without the 0x prefix.
the hex format as a string without 0x prefix.
Staticdeserialize
Represents a Secp256k1 ECDSA private key, providing functionality to create, sign messages, derive public keys, and serialize/deserialize the key.