SignServer Components

SignServer Components provide specific functionality and are configured in the SignServer workers.

Crypto Tokens

Crypto Tokens provide access to the keys and cryptography operations. Each Signer is typically configured with a reference to a Crypto Worker having a Crypto Token configured. A Crypto Token using a software keystore is the P12CryptoToken and one using a Hardware Security Module (HSM) is the PKCS11CryptoToken.

Archivers

By configuring one or more Archivers on a worker, the request and/or response can be stored by the Archiver, for example, to the database (using the Base64DatabaseArchiver).

Accounters

Accounters can be implemented and configured to integrate with for example an external accounting or billing system.

Alias Selectors

Alias Selectors allow controlling how the key used for signing is selected at run-time based on the signing request. For example, it is possible to have keys selected based on the authenticated user for a signing request.

Authorizers

Authorizers are responsible for deciding if a request should be allowed or not. Options include HTTPS/TLS client certificate authentication, HTTP Basic Authentication, IP address restrictions or using a reverse proxy. For more information, see SignServer Authentication and Authorization.