The SignatureActivationModuleService is an essential part of the Signature Activation Module (SAM). The other part is a firmware module that is installed in the Utimaco CP5 HSM.
The task of the SignatureActivationModuleService is to generate and manage the remote signature keys and to ensure authorized access to them. Signatures using remote signature keys can only be generated by the SAM.
There are dependencies to the Server Signing Application (SSA), the SAM firmware, the AuditManagerService and the KeyManager. In particular, REST(HTTPS) and WebSocket/Peering based interfaces are used. In contrast to the CP5, the CXI Java based interface is used in particular.
The interfaces of the SAMS are secured by different security features. The websocket connection should be secured with TLS client auth and certificate pinning. The Create_NewSigner_interface can be invoked with a signature of the message by a Privileged User Technical (RSA/ECDSA + SHA-256). All interfaces can be called by specifying an identity token.