Each service group can have a key store. This key store is a container in LDAP in which theprivate keysof the service group itself can be stored. Private keys can be used for signing and encryption of (parts of) XML data, like SOAP messages. Someone with the public key can verify that nobody changed the data in transport.

When starting a service group for the first time, the Cordys Monitor creates a key store for the service group and generates a private-public key pair. The Cordys Monitor also creates a certificate for the public key and signs it.