Architecture
Web3Signer is a remote signing client comprised of three main components:
- Remote signer
- Slashing database
- APIs
The remote signer
The remote signer loads private keys into memory and responds to signature requests. If you are using an HSM or a vault for Execution Layer signing, the keys remain at rest. This component communicates with the slashing database, the APIs, and with the keystore, if used, to coordinate remote signing.
The slashing database
The slashing database is a a Postgres database that tracks which keys have signed messages. Database locking ensures that when multiple Web3Signer instances load the same keys, only one instance is permitted to sign.
The APIs
Web3Signer supports REST and JSON-RPC APIs to sign consensus layer and execution layer payloads respectively. These connections should be carefully secured. Web3Signer offers TLS communication.