Protecting in-memory crypto material Introduction Let’s say you operate a service which need to sign clients’ requests. You would have to have a private key (signing key) on your server. Having keys on the server is ok as long as you fully control the server. You cannot trust the cloud provider if you use one. Even if a company you use doesn’t practice illegal access to information of their customers.
