Protecting the integrity of digital signatures and encrypted communications is an important problem. Many digital signatures and encrypted communications rely on cryptographic keys that are controlled by a central authority. The central authority maintains control over the cryptographic keys which are used to generate digital signatures and perform other cryptographic operations. If the central authority operates as part of a distributed computing environment, cryptographic operations may be performed by a variety of computing entities on behalf of the central authority. In such situations, the various computing entities acting on behalf of the central authority may apply digital signatures or establish cryptographically protected communication sessions using a cryptographic key associated with the central authority. Therefore, controlling the delegation of signing authority from the central authority to the various subordinate entities that are authorized to sign on the behalf of the central authority is an important problem.