A simple scheme is provided for server storage of private keys and certificates in a secure manner, thus solving the difficult problems of roaming certificates. A user can access his private keys and certificates from anywhere in the network. Despite that the server stores the user's private keys, the server must not be able to impersonate the user on a network or sign messages for the user. A scheme for truly secure transactions is also provided.