# Signing

The Vertex can be used to sign messages or transactions using the Key Shares that it holds.
For a `t-of-n` key, `t` Key Shares are required to sign a message or transaction, meaning that `t` parties must be present to sign the message or transaction.

## Signing Flow

:::info
Before the Vertex participates in signing, it will check if there is a Policy attached to the Key Share that is being used for signing.
If there is a Policy, the Vertex will [send](/vertex/policies/rule_server) the message data to the Rule Server for evaluation.
To view the effective Policy for a Key Share, use the [`get-effective-key-policy`](https://docs.sodot.dev/vertex-api-reference/#tag/admin/GET/admin/policies/get-effective-key-policy) endpoint.
:::

The required parameters for signing are:

* `room_uuid` - A Room UUID for this signing operation.
* `key_id` - The `key_id` of the Key Share that will be used to sign the message.
* `derivation_path` - The BIP-32 non-hardened derivation path of the key to use for signing.
* `msg` - The message that will be signed (hex encoded).
* (For Ecdsa) `hash_algo` - The hash algorithm used to hash the message.
* `extra_data` - Any extra data (hex encoded) that was sent with the original signing request to help the Rule Server validate the request.

### Creating a Room for MPC Signing

Each MPC signing operation requires a room to be created. For a `t-of-n` key `t` is the required room size.
This can be done using the [`create-room`](https://docs.sodot.dev/vertex-api-reference/#tag/common/POST/create-room) endpoint:

```bash
curl -L -X POST 'https://<YOUR_VERTEX>/create-room' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: <USER_API_KEY>' \
--data-raw '{
  "room_size": 2
}'
```

### Signing a Message

To sign a message, call the [`sign`](https://docs.sodot.dev/vertex-api-reference/#tag/ecdsa/POST/ecdsa/sign) endpoint:

```bash
curl -L -X POST 'https://<YOUR_VERTEX>/ecdsa/sign' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: <USER_API_KEY>' \
--data-raw '{
  "derivation_path": [
    44, 66, 0, 0, 0
  ],
  "extra_data": "hex-encoded-extra-data",
  "hash_algo": "keccak256",
  "key_id": "string",
  "msg": "hex-encoded-message",
  "room_uuid": "string"
}'
```

In response a signature will be returned, which can be used to verify the signed message.
The signature will be in the format of a hex encoded string for `Ed25519`, `Sr25519` and `BIP-340`, for `Ecdsa` see [here](https://docs.sodot.dev/vertex-api-reference/#tag/ecdsa/POST/ecdsa/sign).
