This guide covers integration with chains that have Tier 2 support. For a complete list of supported chains, refer to the chains overview.

To integrate Privy with chains that have Tier 2 support (e.g., Sui, Tron), follow these steps:

Create a wallet with the appropriate chain type specified.
Utilize Privy’s “raw sign” functionality to sign transaction hashes or message hashes.

Implementation Examples

Note that the “raw sign” functionality signs the provided hash directly without any additional byte manipulation. Ensure that your hash includes any required prefixes or suffixes before signing.

Stellar

Stellar implements the EdDSA signing algorithm using the ed25519 curve. The following example demonstrates hash signing for Stellar transactions:

Show Code example

import {Keypair} from '@stellar/stellar-sdk';

// Initialize with the wallet's Stellar address
const address = <the wallet's stellar address>;
const keypair = Keypair.fromPublicKey(address);

// Prepare the hash for signing
const hash = '0x6503b027a625549f7be691646404f275f149d17a119a6804b855bac3030037aa';

// Obtain the raw signature from Privy's raw_sign endpoint
const rawSignature = ... // call privy raw_sign on `hash`

// Verify the signature
const hashBytes = Buffer.from(hash.slice(2), 'hex');
const signatureBytes = Buffer.from(rawSignature.slice(2), 'hex');
const verified = keypair.verify(hashBytes, signatureBytes);
console.log(verified); // true

Cosmos

Cosmos utilizes the ECDSA signing algorithm with the secp256k1 curve. Below is an implementation example for signing hashes on Cosmos:

Show Code example

import { Secp256k1, Secp256k1Signature } from "@cosmjs/amino";

// Prepare the hash for signing
const hash = '0x6503b027a625549f7be691646404f275f149d17a119a6804b855bac3030037aa';

// Obtain the raw signature from Privy's raw_sign endpoint
const rawSignature = ... // call privy raw_sign on `hash`

// Retrieve the wallet's public key from Privy
const publicKey = ... // the wallet's public key from Privy

// Verify the signature
const signatureBytes = Secp256k1Signature.fromFixedLength(
  Buffer.from(rawSignature.slice(2), "hex")
);

const verified = await Secp256k1.verifySignature(
  signatureBytes,
  Buffer.from(hash.slice(2), "hex"),
  Buffer.from(publicKey, "hex")
);
console.log("Signature valid?", verified); // true

Sui

Sui supports multiple cryptographic schemes, with Privy’s implementation utilizing the ed25519 curve and EdDSA signing algorithm. The following example demonstrates transaction signing for Sui:

Show Code example

import {
  messageWithIntent,
  toSerializedSignature,
} from "@mysten/sui/cryptography";
import { blake2b } from "@noble/hashes/blake2b";
import { verifyTransactionSignature } from "@mysten/sui/verify";
// After you've added the data to your transaction
const txBytes = await tx.build({ client });
const intentMessage = messageWithIntent("TransactionData", txBytes);
const digest = blake2b(intentMessage, { dkLen: 32 });

// Convert the digest to a hex string for signing
const hashToSign = '0x' + toHex(digest);

// Obtain the raw signature from Privy's raw_sign endpoint
const rawSignature = ... // call privy raw_sign on `hashToSign`

// Create and verify the transaction signature
const txSignature = toSerializedSignature({
signature: rawSignature,
signatureScheme: "ED25519",
publicKey,
});
const signer = await verifyTransactionSignature(txBytes, txSignature, {address});
console.log(signer.toSuiAddress() === address); // true

Tron

Tron implements the ECDSA signing algorithm using the secp256k1 curve. Privy’s implementation returns 64-byte ECDSA signatures (r || s), while Tron requires 65-byte signatures that include a recovery ID (v) as the final byte. The recovery ID is essential because a 64-byte signature could correspond to two different addresses/private keys. The 65th byte, which can be either 0x1b or 0x1c (derived from 0 or 1 plus 27, following Ethereum standards), resolves this ambiguity. The following example demonstrates message signing and verification for Tron:

Show code example of message signing and verification

import { TronWeb } from "tronweb";
import { hashMessage } from "tronweb/utils";

// Initialize with the wallet's Tron address
const address = <the wallet's tron address>;

// Determine the recovery ID for signature verification
const getRecoveryId = async ({
  message,
  rawSignature,
}: {
  message: string;
  rawSignature: string;
}) => {
  return (await tronWeb.trx.verifyMessageV2(message, rawSignature + '1b')) === address
    ? '1b'
    : '1c';
};

// Initialize TronWeb
const tronWeb = new TronWeb({
  fullHost: "xxx",
});

// Prepare and sign the message
const message = "Hello world";
const hash = hashMessage(message);

// Obtain the raw signature from Privy's raw_sign endpoint
const rawSignature = ... // call privy raw_sign on `hash`

// Verify the signature with the recovery ID
const signerAddress = await tronWeb.trx.verifyMessageV2(
  message,
  signature + (await getRecoveryId({message, rawSignature})
);
console.log(signerAddress === address); // true

Show code example of sending and signing a transaction

import { TronWeb } from "tronweb";

const tronWeb = new TronWeb({
  fullHost: "https://api.shasta.trongrid.io",
});

const walletId = "<wallet's wallet ID>";

const from = "<wallet's tron address>";
const to = "<recipient's tron address>";
const amount = 1;

const tx = await tronWeb.transactionBuilder.sendTrx(to, amount, from);

const rawTxBytes = tronWeb.utils.code.hexStr2byteArray(tx.txID);
const rawTxHex = "0x" + tronWeb.utils.code.byteArray2hexStr(rawTxBytes);

const signature = // call Privy's raw sign function with rawTxHex, returns '0x...'
tx.signature = [signature + "1b"];
if (tronWeb.trx.ecRecover(tx) !== from) {
  tx.signature = [signature + "1c"];
}

const result = await tronWeb.trx.sendRawTransaction(tx);
console.log("result", result);

Bitcoin (segwit)

Bitcoin (segwit) supports the ECDSA signing algorithm using the secp256k1 curve. Use Privy’s raw sign functionality to sign each input utxo for your Bitcoin segwit transaction. Note that segwit support is separate from Bitcoin taproot or legacy transactions.

Show Code example

import { p2pkh, OutScript } from "@scure/btc-signer/payment";
import {
  getInputType,
  getPrevOut,
  Transaction,
} from "@scure/btc-signer/transaction";
import { concatBytes } from "@scure/btc-signer/utils";
import secp256k1 from "secp256k1";

const publicKey = <the wallet's public key>;

const publicKeyBuffer = Buffer.from(publicKey, "hex");
const tx = new Transaction({ version: 1, allowLegacyWitnessUtxo: true });
// add as many outputs as needed, in this example there is only one
tx.addOutputAddress(outputAddress, outputAmount);

tx.addInput({
  txid, // buffer of utxo txid
  index: 0, // index of the output in the tx
  witnessUtxo: {
    amount: inputAmount,
    script: p2pkh(publicKeyBuffer).script,
  },
});

for (let i = 0; i < tx.inputsLength; i++) {
  const input = tx.getInput(i);
  const inputType = getInputType(input, tx.opts.allowLegacyWitnessUtxo);
  const prevOut = getPrevOut(input);
  let script = inputType.lastScript;
  if (inputType.last.type === "wpkh") {
    script = OutScript.encode({ type: "pkh", hash: inputType.last.hash });
  }
  const hash = tx.preimageWitnessV0(
    i,
    script,
    inputType.sighash,
    prevOut.amount
  );

const signature = // call Privy's raw sign function with bytesToHex(hash), returns '0x...'

  // convert to DER format
  const derSig = secp256k1.signatureImport(signature);
  tx.updateInput(
    i,
    {
      partialSig: [
        [publicKeyBuffer, concatBytes(derSig, new Uint8Array([inputType.sighash]))],
      ],
    },
    true
  );
}

tx.finalize();
return tx;

Near

With Privy, you can create Near-implicit accounts and sign over arbitrary data. Below is an example of how to create, sign, and send a Near transaction using Privy. (Note that Near requires accounts to be funded sending transactions.)

Show code example of creating, signing, and sending a transaction

import { utils, transactions, providers } from "near-api-js";
import { sha256 } from "@noble/hashes/sha256";
import { base58 } from "@scure/base";
import { toHex } from "viem";

const nodeUrl = "https://rpc.mainnet.near.org";
const provider = new providers.JsonRpcProvider({ url: nodeUrl });
const receiverId = "receiver.near";
const amount = "1.5";
const nonce = 0; // If this is not the wallet's first transaction, set as current nonce

const {
  header: { hash },
} = await provider.block({ finality: "final" });
const blockHash = utils.serialize.base_decode(hash);

const accountId = "<wallet's near-implicit address / account ID>";

const base58PublicKey = base58.encode(Buffer.from(accountId, "hex"));
const publicKey = utils.PublicKey.fromString(`ed25519:${base58PublicKey}`);

const amountYocto = utils.format.parseNearAmount(amount);
const actions = [transactions.transfer(BigInt(amountYocto ?? 0))];
const tx = transactions.createTransaction(
  accountId,
  publicKey,
  receiverId,
  nonce,
  actions,
  blockHash
);

const serializedTx = utils.serialize.serialize(
  transactions.SCHEMA.Transaction,
  tx
);

const txHash = toHex(sha256(serializedTx));

const signature = // call Privy's raw sign function with txHash, returns '0x...'

const signedTx = new transactions.SignedTransaction({
  transaction: tx,
  signature: new transactions.Signature({
    keyType: tx.publicKey.keyType,
    data: Buffer.from(signature.slice(2), "hex"),
  }),
});

const signedSerializedTx = signedTx.encode();
const result = await provider.sendJsonRpc("broadcast_tx_commit", [
  Buffer.from(signedSerializedTx).toString("base64"),
]);

Ton

All wallets on Ton are smart contract accounts, and ed25519 keypairs are used to sign transactions on behalf of the smart contracts. When creating a wallet via Privy, Privy will generate the ed25519 keypair and predetermine the address of the wallet contract, assuming that the wallet uses WalletContractV4 with a workchain of 0. Privy will not deploy the contract itself; that is the responsibility of the developer. If you’d like to deploy a different wallet contract with the same keypair, the address will be different, but the request to Privy’s API will remain the same.

Show code example of creating and signing a transfer

import { Cell, TonClient, WalletContractV4, internal } from "@ton/ton";
import { toHex } from "viem";

// Create Client
const client = new TonClient({
  endpoint: "https://toncenter.com/api/v2/jsonRPC",
});

const walletId = "<wallet's wallet ID>";
const publicKey = "<wallet's public key>";

const trimmedPublicKey = Buffer.from(publicKey.slice(2), "hex");
// Create wallet contract
let workchain = 0; // Usually you need a workchain 0
let wallet = WalletContractV4.create({
  workchain,
  publicKey: trimmedPublicKey,
});
let contract = client.open(wallet);

// Create a transfer
let seqno: number = await contract.getSeqno();
const transfer = await contract.createTransfer({
  seqno,
  messages: [
    internal({
      value: "1",
      to: "to_address",
      body: "Hello world",
    }),
  ],
  signer: async (msg: Cell) => {
    let hash = msg.hash();
    let signature = // call Privy's raw sign function with toHex(hash), returns '0x...'
    return Buffer.from(signature.slice(2), "hex");
  },
});

Recipes

Using chains with Tier 2 support

Implementation Examples

Stellar

Cosmos

Sui

Tron

Bitcoin (segwit)

Near

Ton

Recipes

​Implementation Examples

​Stellar

​Cosmos

​Sui

​Tron

​Bitcoin (segwit)

​Near

​Ton

Implementation Examples

Stellar

Cosmos

Sui

Tron

Bitcoin (segwit)

Near

Ton