Create a new PrivateKey instance from a Uint8Array or String.
A HexInput (string or Uint8Array)
Optionalstrict: booleanIf true, private key must AIP-80 compliant.
Static ReadonlyLENGTHLength of Secp256r1 ecdsa private key
Overwrites the underlying private-key byte buffer with random bytes and then zeros. After calling this method the key can no longer sign or derive a public key.
SECURITY: This is a best-effort window-narrowing tool, NOT a true
zeroization guarantee. See Ed25519PrivateKey.clear() for the full
enumeration of JavaScript-level limits (immutable string copies, noble
BigInt intermediates, JIT register/stack residue, GC-relocated
copies). For Secp256r1 specifically, non-extractable crypto.subtle
P-256 keys are universally supported across modern runtimes and are
the architecturally-correct path for callers who need real memory
hygiene; consider that alternative for new code.
Derive the Secp256r1PublicKey from this private key.
Secp256r1PublicKey The derived public key.
Serializes the data into a byte array using the provided serializer. This function is essential for converting data into a format suitable for transmission or storage.
The serializer instance used to convert the data.
Sign the given message with the private key. This function generates a cryptographic signature for the provided message.
A message in HexInput format to be signed.
Signature - The generated signature for the provided message.
The polymorphic message: HexInput input is ambiguous — a
bare even-length string of hex characters (e.g., "cafe") is signed
as the 2 bytes [0xCA, 0xFE], not 4 UTF-8 text bytes. Use
signBytes for Uint8Array input or signText for
string input; both are unambiguous. See
convertSigningMessage for the full legacy rule.
Sign exactly the bytes of message. The input is interpreted as raw
bytes regardless of what they encode. Pair with
Secp256r1PublicKey.verifyBytes.
The message is SHA3-256 hashed before signing (matching the Aptos-side Secp256r1 signing convention).
The exact bytes to sign.
The generated signature for the provided bytes.
Sign the UTF-8 encoding of message. The input is always treated as
text — there is no hex/text heuristic. Pair with
Secp256r1PublicKey.verifyText.
The text to sign.
The generated signature for the UTF-8 bytes of the provided text.
Get the private key as a string representation.
SECURITY: This produces an immutable JS string containing the key
material. Strings cannot be zeroed by clear() (see the clear()
JSDoc for the four classes of unreachable copies). Avoid calling this
method on long-lived Secp256r1PrivateKey instances in processes
where memory hygiene matters; prefer toUint8Array(), which returns
a clearable Uint8Array.
string representation of the private key
StaticdeserializeDeserializes a Secp256r1PrivateKey from the provided deserializer. This function allows you to reconstruct a Secp256r1PrivateKey object from its serialized byte representation.
The deserializer instance used to read the serialized data.
StaticgenerateGenerate a new random private key.
Secp256r1PrivateKey - A newly generated Secp256r1 private key.
Returns whether clear() has been called.
Get the private key as a hex string with the 0x prefix.
SECURITY: Same caveat as toString() — produces an immutable JS string
containing the key material; cannot be zeroed by clear().
string representation of the private key.
StaticformatFormat a HexInput to an AIP-80 compliant string.
The HexString or Uint8Array format of the private key.
StaticparseParse a HexInput that may be a HexString, Uint8Array, or a AIP-80 compliant string to a Hex instance.
A HexString, Uint8Array, or a AIP-80 compliant string.
Optionalstrict: booleanIf true, the value MUST be compliant with AIP-80.
Represents a Secp256r1 ECDSA private key, providing functionality to create, sign messages, derive public keys, and serialize/deserialize the key.