I have some question about server side pdf signing using network-attached hardware security module. my first question is: what is PDF Signing Certificate? Certificates are public keys, how a certificate can be used for signing? from https://www.globalsign.eu/pdf-signing/server-based.html:
With the server-based PDF Signing, Certifying and Approving PDFs require a
GlobalSign-issued PDF Signing Certificate, stored and protected
on a Hardware Security Module (HSM), and an automated
digital signature solution to apply the
signatures to the documents.
my second question is about storing private keys: Can user's private keys be generated and stored on the HSM? is non-repudiation guaranteed with this solution?