Hedera
Search…
Hedera
Hedera
Mainnet
Testnets
Mirrornet
Getting Started
Introduction
Environment Set-up
Create an account
Transfer hbar
Try Examples! 👩‍💻
Core Concepts
Accounts
Keys and Signatures
Scheduled Transaction
Smart Contracts
Hashgraph Consensus Algorithm
Transactions and Queries
State and History
Mirror Nodes
Documentation
Release Notes
SDKs
Hedera API
Basic Types
AccountAmount
AccountID
ContractID
CryptoAllowance
CurrentAndNextFeeSchedule
FeeComponents
FeeData
FeeSchedule
FileID
Fraction
HederaFunctionality
Key
KeyList
NftAllowance
NftTransfer
NodeAddress
NodeAddressBook
RealmID
ScheduleID
SemanticVersion
ServicesConfigurationList
ServiceEndpoint
Setting
ShardID
Signature
SignatureList
SignatureMap
SignaturePair
SubType
TransferList
TransactionID
ThresholdKey
ThresholdSignature
TokenAllowance
TokenBalance
TokenBalances
TokenFreezeStatus
TokenPauseStatus
TokenID
TokenKycStatus
TokenRelationship
TokenTransferList
TokenType
TokenSupplyType
TopicID
TransactionFeeSchedule
Cryptocurrency Accounts
Consensus Service
Schedule Service
Token Service
File Service
Smart Contracts
Miscellaneous
Mirror Node API
Integrating a Hedera Token Service Token
Record and Event Stream File Formats
Changelog
GitHub
Resources
Starter Projects
Demo Applications
Tutorials
Support & Community
Developer Chat
Meetups
Hedera FAQ
Status Page
Brand Guidelines
Powered By GitBook
Key
A Key can be a public key from either the Ed25519 or ECDSA(secp256k1) signature schemes, where in the ECDSA(secp256k1) case we require the 33-byte compressed form of the public key. We call these public keys primitive keys.
If an account has primitive key associated to it, then the corresponding private key must sign any transaction to transfer cryptocurrency out of it. A Key can also be the ID of a smart contract instance, which is then authorized to perform any precompiled contract action that requires this key to sign.
Note that when a Key is a smart contract ID, it doesn't mean the contract with that ID will actually create a cryptographic signature. It only means that when the contract calls a precompiled contract, the resulting "child transaction" will be authorized to perform any action controlled by the Key.
A Key can be a "threshold key", which means a list of M keys, any N of which must sign in order for the threshold signature to be considered valid. The keys within a threshold signature may themselves be threshold signatures, to allow complex signature requirements.
A Key can be a "key list" where all keys in the list must sign unless specified otherwise in the documentation for a specific transaction type (e.g. FileDeleteTransactionBody). Their use is dependent on context. For example, a Hedera file is created with a list of keys, where all of them must sign a transaction to create or modify the file, but only one of them is needed to sign a transaction to delete the file. So it's a single list that sometimes acts as a 1-of-M threshold key, and sometimes acts as an M-of-M threshold key. A key list is always an M-of-M, unless specified otherwise in documentation. A key list can have nested key lists or threshold keys.Nested key lists are always M-of-M. A key list can have repeated primitive public keys, but all repeated keys are only required to sign once.
A Key can contain a ThresholdKey or KeyList, which in turn contain a Key, so this mutual recursion would allow nesting arbitrarily deep. A ThresholdKey which contains a list of primitive keys has 3 levels: ThresholdKey -> KeyList -> Key. A KeyList which contains several primitivekeys has 2 levels: KeyList -> Key. A Key with 2 levels of nested ThresholdKeys has 7 levels: Key -> ThresholdKey -> KeyList -> Key -> ThresholdKey -> KeyList -> Key.
Each Key should not have more than 46 levels, which implies 15 levels of nested ThresholdKeys.
Field
Type
Description
key
oneof
contractID
smart contract instance that is authorized as if it had signed with a key
ed25519
ed25519 public key bytes
RSA_3072
RSA-3072 public key bytes (NOT SUPPORTED)
ECDSA_384
ECDSA with the p-384 curve public key bytes (NOT SUPPORTED)
thresholdKey
a threshold N followed by a list of M keys, any N of which are required to form a valid signature
keyList
A list of Keys of the Key type.
ECDSA_secp256k1
Compressed ECDSA(secp256k1) public key bytes
delegatable_contract-id
A smart contract that, if the recipient of the active message frame, should be treated as having signed. (Note this does not mean the code being executed in the frame will belong to the given contract, since it could be running another contract's code via delegatecall. So setting this key is a more permissive version of setting the contractID key, which also requires the code in the active message frame belong to the the contract with the given id.)
Previous
HederaFunctionality
Next
KeyList
Last modified 3mo ago
Copy link