# SignatureEnvelope.from

Coerces a value to a signature envelope.

Accepts either a serialized hex string or an existing signature envelope object. Use this to wrap raw signatures from [`Secp256k1.sign`](/api/Secp256k1/sign), [`P256.sign`](/api/P256/sign), [`WebCryptoP256.sign`](/api/WebCryptoP256/sign), or [`WebAuthnP256.sign`](/api/WebAuthnP256/sign) into the envelope format required by Tempo transactions.

[Signature Types](https://docs.tempo.xyz/protocol/transactions/spec-tempo-transaction#signature-types)

## Imports

:::code-group
```ts [Named]
import { SignatureEnvelope } from 'ox/tempo'
```

```ts [Entrypoint]
import * as SignatureEnvelope from 'ox/tempo/SignatureEnvelope'
```
:::

## Examples

### Secp256k1

Standard Ethereum ECDSA signature using the secp256k1 curve.

```ts twoslash
import { Secp256k1 } from 'ox'
import { SignatureEnvelope } from 'ox/tempo'

const privateKey = Secp256k1.randomPrivateKey()
const signature = Secp256k1.sign({
  payload: '0xdeadbeef',
  privateKey
})

const envelope = SignatureEnvelope.from(signature)
```

### P256

ECDSA signature using the P-256 (secp256r1) curve. Requires embedding the public key.

```ts twoslash
import { P256 } from 'ox'
import { SignatureEnvelope } from 'ox/tempo'

const { privateKey, publicKey } = P256.createKeyPair()
const signature = P256.sign({
  payload: '0xdeadbeef',
  privateKey
})

const envelope = SignatureEnvelope.from({
  signature,
  publicKey
})
```

### P256 (WebCrypto)

When using WebCrypto keys, `prehash` must be `true` since WebCrypto always SHA256 hashes the digest before signing.

```ts twoslash
// @noErrors
import { WebCryptoP256 } from 'ox'
import { SignatureEnvelope } from 'ox/tempo'

const { privateKey, publicKey } =
  await WebCryptoP256.createKeyPair()
const signature = await WebCryptoP256.sign({
  payload: '0xdeadbeef',
  privateKey
})

const envelope = SignatureEnvelope.from({
  signature,
  publicKey,
  prehash: true
})
```

### WebAuthn

Passkey-based signature using WebAuthn. Includes authenticator metadata (authenticatorData and clientDataJSON) along with the P-256 signature and public key.

```ts twoslash
// @noErrors
import { WebAuthnP256 } from 'ox'
import { SignatureEnvelope } from 'ox/tempo'

const credential = await WebAuthnP256.createCredential({
  name: 'Example'
})

const { metadata, signature } = await WebAuthnP256.sign({
  challenge: '0xdeadbeef',
  credentialId: credential.id
})

const envelope = SignatureEnvelope.from({
  signature,
  publicKey: credential.publicKey,
  metadata
})
```

### Keychain

Wraps another signature type with a user address, used for delegated signing via access keys on behalf of a root account.

```ts twoslash
import { Secp256k1 } from 'ox'
import { SignatureEnvelope } from 'ox/tempo'

const privateKey = Secp256k1.randomPrivateKey()
const signature = Secp256k1.sign({
  payload: '0xdeadbeef',
  privateKey
})

const envelope = SignatureEnvelope.from({
  userAddress: '0x1234567890123456789012345678901234567890',
  inner: SignatureEnvelope.from(signature)
})
```

### Multisig (from genesis config)

Pass `genesisConfig` to derive `account` automatically. Set `init: true` to opt into bootstrap (uses `genesisConfig` as the bootstrap `init`); omit `init` for subsequent (non-bootstrap) transactions.

```ts twoslash
import { Secp256k1 } from 'ox'
import { MultisigConfig, SignatureEnvelope } from 'ox/tempo'

const genesisConfig = MultisigConfig.from({
  threshold: 1,
  owners: [
    {
      owner: '0x1111111111111111111111111111111111111111',
      weight: 1
    }
  ]
})

const privateKey = Secp256k1.randomPrivateKey()
const signature = SignatureEnvelope.from(
  Secp256k1.sign({ payload: '0xdeadbeef', privateKey })
)

// Bootstrap transaction
const bootstrap = SignatureEnvelope.from({
  genesisConfig,
  signatures: [signature],
  init: true
})

// Subsequent (non-bootstrap) transactions
const subsequent = SignatureEnvelope.from({
  genesisConfig,
  signatures: [signature]
})
```

## Definition

```ts
function from<value>(
  value: value | from.Value,
  options?: from.Options,
): from.ReturnValue<value>
```

**Source:** [src/tempo/SignatureEnvelope.ts](https://github.com/wevm/ox/blob/main/src/tempo/SignatureEnvelope.ts#L1794)

## Parameters

### value

* **Type:** `value | from.Value`

The value to coerce (either a hex string or signature envelope).

### options

* **Type:** `from.Options`
* **Optional**

#### options.payload

* **Type:** `0x${string} | Uint8Array`
* **Optional**

Payload that was signed. Used to recover `keyId` for keychain envelopes with secp256k1 inner signatures.

## Return Type

The signature envelope.

`from.ReturnValue<value>`
