AKV signing refers to the process of using Azure Key Vault (AKV), a cloud-based key management service provided by Microsoft Azure, to securely store and manage cryptographic keys, certificates, and secrets, for the purpose of digitally signing documents or data.

This process will create a key pair and generate an X.509 certificate signing request. The signing request will be signed by certificate authority (emSign). The signed x509 certificate can be merged with the pending key pair to complete the digital certificate in Key Vault. This method provides you with greater security because the private key is created in and restricted to the Key Vault. The flow is explained in the diagram below.

The following descriptions correspond to the green lettered steps in the preceding diagram.

1. In the diagram above, the designated user is creating a certificate which internally begins by creating a key in your key vault.

2. Key Vault returns Certificate Signing Request (CSR) to the designated user.

3. The designated user passes the CSR to emSign Certificate Authority.

4. The Certificate Authority responds with an X509 Certificate.

5. The designated user completes the new certificate creation with a merger of the X509 Certificate from the Certificate Authority.

To perform AKV (Azure Key Vault) signing in emSigner, the follow steps need to be followed:

1. Prepare Azure Key Vault:

   • Before you can use AKV for signing in emSigner, you need to set up and configure the Azure Key Vault. This involves creating a Key Vault in your Azure subscription, configuring access policies, and storing the necessary keys and certificates.

2. Configure emSigner:

   • Log in to your emSigner account as an administrator or a user with appropriate permissions to configure integrations.

   • Access the settings or integration section of emSigner where you can set up the connection to Azure Key Vault.

3. Add AKV as a Signing Method:

   • Within emSigner, you may have an option to select AKV as the signing method for your documents. This is typically done during the document creation or signing process.

4. Select the Document to Sign:

   • Choose the document that you want to sign using Azure Key Vault.

5. Configure the Signature Parameters:

   • Depending on the document and the signature requirements, you may need to configure additional parameters, such as the signing certificate, the hashing algorithm, and any additional security measures.

6. Initiate the Signing Process:

   • Once everything is configured, initiate the signing process within emSigner. This may involve selecting the signatory, specifying the location of the signature on the document, and any additional instructions.

7. AKV Signing:

   • When you trigger the signing process, emSigner will interact with Azure Key Vault to access the signing certificate and perform the signing operation using the private key stored securely in the Key Vault.