Workers & Components

SignServer is built around a modular, worker-based architecture.

SignServer workers are configured to perform certain activities like signing files of a certain type, often with a specific key. Each worker is an independent processing unit that performs a specific cryptographic or operational task. Workers interact with shared system components to deliver signing services, such as configuration, validation, and crypto providers.

The configuration and logs are optionally stored in a database.

Workers: The Core Execution Units

A worker is a self-contained module with its own configuration and lifecycle.

Workers are configured by setting properties in the worker configuration. The common configuration options handled by the framework apply to all workers. In addition, there are worker specific properties, handled by the worker implementation. For more information, see Common Worker Properties.

Signer Workers

Signers are the most common workers and perform signing operations. A Signer specifies how to perform the signature creation, and which key and certificate to use.

Signers perform cryptographic operations such as:

• Code signing

• Document signing (PDF, XML)

• Timestamping (TSA)

• Key generation & certificate requests

Helper / Service Workers

Workers that do not sign but support other processes:

Crypto Tokens

Workers needing private keys do not talk directly to HSMs or Keystores. Instead, they use a Crypto Worker with a configured Crypto Token which abstracts the crypto backend.

For more information, see Crypto Tokens: HSMs & Keystores.

Components for Workers

Components provide specific functionality and are configured in the SignServer workers.

Examples of components include: