Sign a multisignature transaction

Hedera supports multisignature transactions. This means a Hedera transaction can require more than one key to sign a transaction in order for it to be processed on a Hedera network. These keys can be set up as a key list where all the keys in the specified list are required to sign the transaction or a threshold key where only a subset of the keys from a specified list are required to sign the transaction. The example below shows how you can use multiple keys to sign and submit a transaction.

Note: This example uses version 2.0 of the SDKs

1. Create the transaction

In this example, we will use a transfer transaction that requires 3 keys to sign the transaction. If all 3 keys do not sign the transaction, the transaction will not execute and an "INVALID_SIGNATURE" response will be returned from the network. The senderAccountId is a Hedera account that was created with a key list of 3 keys. Since the sender account is required to sign in a transfer transaction, all three keys are required to sign to complete the transfer of hbars from the sender account to the recipient account. The recipient account is not required to sign the transaction.

After you create the transfer transaction, you will need to freeze (freezeWith(client)) the transaction from further modification so that transaction cannot be tampered with. This ensures each signer is signing the same exact transaction. The transaction is then shared with each of the three signers to sign with their private keys.

It is required to set the account ID of the node(s) the transaction will be submitted to when freezing a transaction for signatures. To set the node account ID(s) you apply the .setNodeAccountIds() method.

//The node account ID to submit the transaction to. You can add more than 1 node account ID to the list.
List<AccountId> nodeId = Collections.singletonList(new AccountId(3));

//Create the transfer transaction
TransferTransaction transferTransaction = new TransferTransaction()
        .addHbarTransfer(senderAccountId, new Hbar(1))
        .addHbarTransfer(receiverAccountId, new Hbar(-1)

//Freeze the transaction from any further modifications
TransferTransaction transaction = transferTransaction.freezeWith(client);

2. Collect required signatures

Each signer can sign the transactionwith their private key. The signed transactions are then returned to you from each of the 3 signers, resulting in 3 separate signature bytes. The sample code below is for illustrative purposes as you would not have the private keys to sign the transaction for each signer.

//Signer one signs the transaction with their private key
byte[] signature1 = privateKeySigner1.signTransaction(transaction);

//Signer two signs the transaction with their private key
byte[] signature2 = privateKeySigner2.signTransaction(transaction);

//Signer three signs the transaction with their private key
byte[] signature3 = privateKeySigner3.signTransaction(transaction);

//signature1, signature2, and signature3 are returned back to you

3. Create a single transaction with all three signatures

Once you have collected all three signature bytes (signature1, signature2, signature 3), you will then apply them to the transaction (transaction) to create a single transaction with all three signatures to submit to the network. You will take the transaction that we started with and apply the signature bytes to the transaction using addSignature(). You will need the public keys of each of the signers to include in the method.

You can add as many signatures to a single transaction as long as the transaction size does not exceed 6,144 kb. Each additional signature applied to the transaction will increase the transaction fee from its base cost of $0.0001. If the transaction fee increases beyond the SDK's default max transaction fee of 1 hbar, you will need to update the max transaction fee value by calling the .setMaxTransactionFee() before submitting the transaction to the network.

//Collate all three signatures with the transaction
TransferTransaction signedTransaction = transaction.addSignature(publicKey1, signature1).addSignature(publicKey2, signature2).addSignature(publicKey3, signature3);

4. Verify the required signers public keys

Before you submit the transaction to a Hedera network, you may want to verify the keys that signed the transaction. You can view the public keys that signed the transaction by calling .getSignatures() to signedTransaction. You can then compare the public keys returned from the signedTransaction.getSignatures() to the public keys of each of the signers to verify the required keys have signed. Both the public key and public key bytes are returned.

//Print all public keys that signed the transaction
System.out.println("The public keys that signed the transaction " +signedTransaction.getSignatures());

5. Submit the transaction

We are now ready to submit the transfer transaction to a Hedera network. To submit the transaction, we will apply the .execute() method to signedTransaction. After the transaction is submitted, we will print the transaction ID to the console. You can use the transaction ID to search for transaction details in a mirror node explorer like DragonGlass, Hashscan, or Ledger Works. Be sure to select the correct network when searching for the transaction in a mirror node explorer. You can also check the status of a transaction by requesting the receipt of the transaction and obtaining the status.

//Submit the transaction to a Hedera network
TransactionResponse submitTx = signedTransaction.execute(client);

//Get the transaction ID
TransactionId txId = submitTx.transactionId;

//Print the transaction ID to the console
System.out.println("The transaction ID " +txId);

Last updated