Egothor/ZeroEcho
2
0
Fork 0
Code Issues 15 Pull Requests Actions Packages Projects 1 Releases 2 Wiki Activity

Add remote signing support as a first-class signing mode #6

New Issue
Open
opened 2026-03-24 17:59:39 +01:00 by galambos · 0 comments
galambos commented 2026-03-24 17:59:39 +01:00
Owner
Copy Link

Extend the signing architecture so that certificate/CRL signing can be performed not only locally, but also on remote compute/signing units. This should include routing through SignatureWorkflow and preserve the current security model where private keys are never exposed to PKI orchestration services.

Why this matters

Highly regulated environments commonly separate approval, orchestration, and key usage boundaries. Remote signing is also a prerequisite for HSM-backed or delegated signing environments.

Acceptance criteria

  • Signing requests can be routed to remote signing implementations through SPI.
  • The approval layer can gate the remote signing action.
  • Signing remains opaque to PKI services via KeyRef / workflow boundaries.
  • Audit trails capture who approved, who requested, and which signer boundary executed the signature.
  • Timeout, retry, and failure semantics are explicit and documented.
Extend the signing architecture so that certificate/CRL signing can be performed not only locally, but also on remote compute/signing units. This should include routing through SignatureWorkflow and preserve the current security model where private keys are never exposed to PKI orchestration services. ## Why this matters Highly regulated environments commonly separate approval, orchestration, and key usage boundaries. Remote signing is also a prerequisite for HSM-backed or delegated signing environments. ## Acceptance criteria - Signing requests can be routed to remote signing implementations through SPI. - The approval layer can gate the remote signing action. - Signing remains opaque to PKI services via KeyRef / workflow boundaries. - Audit trails capture who approved, who requested, and which signer boundary executed the signature. - Timeout, retry, and failure semantics are explicit and documented.
galambos added this to the PKI Foundation Hardening and Regulated Operations Roadmap project 2026-03-24 18:56:06 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project PKI Foundation Hardening and Regulated Operations Roadmap
Assignees
Clear assignees
galambos gitea-ci
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Egothor/ZeroEcho#6
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?