Signing is adding a digital signature to all or parts of a document. This digital signature can be generated using a private key. Every receiver with a certificate containing the public key of the sender can verify that the one who claims to be the sender really is the sender. The receiver also can check if the message is not changed during transport.

This is not the same as encryption. When encrypted, the data becomes unreadable until it is decrypted. When signed, the data is still readable.

Private keys of service groups are stored in their own key store. Trusted certificates are stored in the trust store of a service group.