Both traffic and metadata WAYF signs using private keys in a Hardware Security Module (HSM). The keys have been genereated in the box, and can never be retrieved from it. Consequently, it is physically impossible to hack WAYF's private keys. And so, considerable trust can be had in digital signatures corresponding to WAYF's public keys actually having been issued by WAYF — and content encrypted using WAYF's public key actually being decipherable exclusively by WAYF.
WAYF's operational setup includes two HSMs, positioned at i2 and NORDUnet A/S with 20 kilometers between each machine. They offload one another in high-load situations (load balancing), and stand in for each other in case one of them cuts out (fail-over). Each machine has a capacity of 10,000 signings a second, using 2K keys.
WAYF's HSMs are SafeNet/Thales Lunas.