a method or function to secure sensitive data in the form of a password #hyperledger-fabric #privatedata #database #aws


Hi everyone,
I'm currently designing a private blockchain network for a government Certification authority that has services for cloud-based digital signatures.
in the network I designed, the government CA (which has the function to sign documents) acts as a network builder. In the network, users who use digital signature services number up to hundreds of different organizations. And to use the digital signature service, the user must send the hash of the PDF document along with the passphrase (digital certificate password). The user must submit a passphrase because the digital certificate is stored in the HSM government CA.
the question is, what is the right method and function to secure the passphrase (sensitive data of each user) when sent to the government CA, so that the passphrase data is not recorded or read in the ledger, but can be known by the government CA to sign the PDF document?