Multisig Authentication
The following steps demonstrate how to create a multisig transaction and then submit it against a network using the Sui CLI. A transaction can be the transfer of an object, the publish or upgrade of a package, the payment of SUI, and so on.
To learn more about how to create multisig addresses and create multisig transactions using the TypeScript SDK, see the SDK documentation for details.
- Prerequisites
-
Set up your Sui account and CLI environment.
Create Sui account and setup CLI environment
$ sui client
If this is the first time running the sui client
CLI tool, it asks you to provide a Sui full node server URL and a meaningful environment alias. It also generates an address with a random key pair in sui.keystore
and a config client.yaml
.
By default, the client.yaml
and sui.keystore
files are located in ~/.sui/sui_config
. For more information, refer to the Sui client CLI tutorial.
If this is not your first time running sui client
, then you already have a client.yaml
file in your local environment. If you'd like to create a new address for this tutorial, use the command:
$ sui client new-address ed25519
- Obtain test tokens.
How to obtain tokens
If you are connected to Devnet or Testnet networks, use the Faucet UI to request tokens.
If you are connected to a local full node, learn how to get local network tokens.
This topic assumes you are somewhat familiar with the Sui CLI, specifically the sui client
and sui keytool
commands. Consequently, a command might be introduced without any context. If you are unsure about the details of a referenced command, see the Sui CLI documentation for more information.
You need an existing address on the network you are working on to receive an object. The topic assumes that this address is the current active address (sui client active-address
), but any address you have access to is fine.
The topic also assumes that your active environment is Testnet (sui client active-env
). You can perform these steps on Devnet or a local network as well, but you must adjust the commands appropriately.
Executing multisig transactions
To demonstrate multisig, this topic guides you through setting up and executing a multisig transaction using the Sui CLI.
Create addresses with different schemes
To begin, create three addresses that will act as the signers for the transaction you perform later in the instruction. Use the sui client new-address
command to generate a Sui address and public key for three supported key schemes.
$ sui client new-address ed25519
$ sui client new-address secp256k1
$ sui client new-address secp256r1
The console displays a response to each successful call that is similar to the following:
╭──────────────────────────────────────────────────╮
│ Created new key pair and saved it to keystore. │
├────────────────┬─────────────────────────────────┤
│ alias │ <ALIAS> │
│ address │ <SUI-ADDRESS> │
│ keyScheme │ <KEY-SCHEME> │
│ recoveryPhrase │ <RECOVERY-PHRASE> │
╰────────────────┴─────────────────────────────────╯
When working with blockchain data, addresses and hashed values create large strings that can be cumbersome to work with in a CLI environment. To make referencing values easier in subsequent commands (and facilitate copy and paste), this topic uses shell variables. Use the values you receive from the console responses to set shell variables for these addresses, replacing the <SUI-ADDRESS-*>
variables with the appropriate address.
$ ADDRESS1=<SUI-ADDRESS-ED25519>
$ ADDRESS2=<SUI-ADDRESS-SECP256K1>
$ ADDRESS3=<SUI-ADDRESS-SECP256R1>
Create one more shell variable assigned to your active address.
$ ACTIVE=<ACTIVE-ADDRESS>
You can set the shell variables to the alias values instead of addresses if you want.
Verify addresses
Use sui keytool
to list the addresses you created in the previous section.
$ sui keytool list
The response resembles the following, but displays actual alias names, addresses, keys, and peer IDs:
╭────────────────────────────────────────────────────────────────────╮
│ ╭─────────────────┬──────────────────────────────────────────────╮ │
| | alias | <ALIAS-NAME> | |
│ │ suiAddress │ <SUI-ADDRESS> │ │