Verify zkLogin Signature

Given a zkLogin signature, this command verifies it if valid. If bytes are provided, it will parse them as either TransactionData or PersonalMessage based on the intent_scope. The command verifies the zkLogin signature based on the latest JSON Web Key (JWK) fetched.

Example Request

movement sui keytool zk-login-sig-verify --sig $SERIALIZED_ZKLOGIN_SIG --bytes $BYTES --intent-scope 0 --network devnet --curr-epoch 10


  • --sig <SIG> The Base64 of the serialized zkLogin signature.

  • --bytes <BYTES> The Base64 of the BCS encoded TransactionData or PersonalMessage.

  • --json Return command outputs in JSON format.

  • --intent-scope <INTENT_SCOPE> Either 0 for TransactionData or 3 for PersonalMessage.

  • --curr-epoch <CURR_EPOCH> The current epoch for the network to verify the signature's max_epoch against.

  • --network <NETWORK> The network to verify the signature for. Determines ZkLoginEnv. (Default: devnet)

Last updated