The process is as follows: create a binary message for signing, then create a signature using the private key.
To validate a signature, the same binary message must be constructed. For this, the order of the fields matter, if you switch the order, the message will be different. The public key can be used for validation.
The binary message differs for each transaction type. Please check the documentation.
Total data bytes for sign:
Signature of transaction data bytes (one of an infinite number of valid signatures):
Total transaction bytes with signature:
By default, transactions are signed using the ED25519 algorithm. However, LTO supports multiple algorithms and curves like secp256k1, NIST P-256, and RSA. When broadcasting a transaction, it's required to include the key type in addition to the sender's public key.
RSA public keys are too large to store for each request. For RSA, the sender public key field must contain the SHA256 hash of the public key. This means that the transaction can't be validated by itself. RSA is only available through a smart account or by publishing an X.509 certificate to the public chain.
Proofs are a flexible way to authorize a transaction. Each proof is a Base58 encoded byte string and can be a signature, a secret, or anything else – the semantics of the proof is dictated by the smart contract that interprets it. There can be up to 8 proofs at most 64 bytes each.
By default, only one proof is used, which must be the transaction signature by the sender. It should be the very first element in the proofs array, while all the other elements are ignored. The JSON looks like
"proofs": [ "21jgWvYq6XZuke2bLE8bQEbdXJEk..." ]
The transaction id is not stored in the transaction bytes. It's calculated from the binary message for signing as