Architecture

Web3Signer is a remote signing client comprised of three main components:

The Remote Signer

This loads private keys into memory and responds to signature requests. If you are using an HSM or Vault for Execution Layer signing, the keys remain at rest. This component communicates with the keystore if used, the slashing DB, and the APIs to coordinate remote signing.

The Slashing Database

This Postgres Database keeps track of what messages have been signed and by what key. Database locking ensures that if Web3signer instances load the same keys, only one Web3signer instance actually signs.

The APIs

Web3Signer supports REST and JSON-RPC APIs to sign consensus layer and execution layer payloads respectively. These connections should be carefully secured. Web3Signer offers TLS communication.

Architecture

The Remote Signer​

The Slashing Database​

The APIs​

The Remote Signer

The Slashing Database

The APIs