Skip to Main Content
Digital signature is a cryptographic mechanism widely used in secure communications. Although there are many digital signature schemes with firm mathematical foundations, one of the biggest concerns is how to protect the private keys from disclosure in applications. To counter this problem, we suggest splitting the signature private key into two parts and storing in two well-protected servers, and the client may get signatures through the protocol SADS proposed in this paper. With SADS, the client only needs to provide a password to get a message to be signed with the help of the two severs. The private key is not exposed if only one of the servers is compromised or misused by the server administrator, which greatly decreases the possibility of the corruption of a signature private key and facilitates the mobility of the signing services. Furthermore, various signing policies can be enforced in the servers, such as revocation of the private key, delegation of signature rights, signature with tune constraints, content-sensitive signatures.