# Fireblocks signing in Guardian UI

## Operations remotely signed by the keys in Fireblocks

1. **submitMessage**

All messages sent to Hedera are signed with the Fireblocks keys using [Raw Signing](https://developers.fireblocks.com/docs/raw-message-signing-overview) method.

## Operations signed by Operator ID/Key

OPERATOR\_KEY is used for generating DIDs and signing documents as Fireblocks API does not support such operations.

Additionally OPERATOR\_KEY is used for the following operations:

• newToken

• newTopic

{% hint style="info" %}
**Note:** creation of new topics and/or tokens require freeze/wipe keys as a parameter in the API call. Guardian uses OPERATOR\_KEY.
{% endhint %}

• wipe

• grantKyc

• revokeKyc

• associate

• dissociate

• freeze

• unfreeze

• updateToken

• deleteToken

{% hint style="info" %}
**Note**: Similarly to the creation of topics/tokens, Hedera SDK API require explicit specification of keys as a parameter.
{% endhint %}

• transfer

• transferNFT

• newAccount

• newTreasury

{% hint style="info" %}
**Note**: These operations require specific transaction type not supported by RAW SIGNING.
{% endhint %}

• balance

{% hint style="info" %}
**Note**: Guardian uses the account specified in the UI
{% endhint %}

## Enabling Fireblocks Remote Signing:

When creating a user, select the “**Use Fireblocks signing**” option and populate the following fields with values from your Fireblocks account configuration:

* Fireblocks Vault ID
* Fireblocks Asset ID
* Fireblocks API Key
* Fireblocks Private Key

![](https://1556785885-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNYWPEEAknX9Vki1yV5HY%2Fuploads%2Fgit-blob-250acc432591e2b8a61c22621f3236876c74bb7f%2F0%20\(1\)%20\(1\)%20\(1\)%20\(1\)%20\(1\).png?alt=media)

Users, which have been created with this option enabled to remotely sign their Hedera transactions using Fireblocks API instead of via the built-in Guardian signing workflow.