diff --git a/pkg/services/object/sign.go b/pkg/services/object/sign.go
index 9d66c76ba..4eb5be365 100644
--- a/pkg/services/object/sign.go
+++ b/pkg/services/object/sign.go
@@ -54,7 +54,7 @@ func (s *getStreamSigner) Send(resp *object.GetResponse) error {
 }
 
 func (s *SignService) Get(req *object.GetRequest, stream GetObjectStream) error {
-	return s.sigSvc.HandleServerStreamRequest(req,
+	return s.sigSvc.HandleServerStreamRequest(stream.Context(), req,
 		func(resp util.ResponseMessage) error {
 			return stream.Send(resp.(*object.GetResponse))
 		},
@@ -126,7 +126,7 @@ func (s *searchStreamSigner) Send(resp *object.SearchResponse) error {
 }
 
 func (s *SignService) Search(req *object.SearchRequest, stream SearchStream) error {
-	return s.sigSvc.HandleServerStreamRequest(req,
+	return s.sigSvc.HandleServerStreamRequest(stream.Context(), req,
 		func(resp util.ResponseMessage) error {
 			return stream.Send(resp.(*object.SearchResponse))
 		},
@@ -176,7 +176,7 @@ func (s *getRangeStreamSigner) Send(resp *object.GetRangeResponse) error {
 }
 
 func (s *SignService) GetRange(req *object.GetRangeRequest, stream GetObjectRangeStream) error {
-	return s.sigSvc.HandleServerStreamRequest(req,
+	return s.sigSvc.HandleServerStreamRequest(stream.Context(), req,
 		func(resp util.ResponseMessage) error {
 			return stream.Send(resp.(*object.GetRangeResponse))
 		},
diff --git a/pkg/services/util/sign.go b/pkg/services/util/sign.go
index cb4be3084..dbfde7051 100644
--- a/pkg/services/util/sign.go
+++ b/pkg/services/util/sign.go
@@ -6,6 +6,7 @@ import (
 	"errors"
 	"fmt"
 
+	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/pkg/tracing"
 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
 	"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/signature"
 	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
@@ -67,8 +68,7 @@ func (s *RequestMessageStreamer) Send(ctx context.Context, req any) error {
 
 	var err error
 
-	// verify request signatures
-	if err = signature.VerifyServiceMessage(req); err != nil {
+	if err = verifyRequestSignature(ctx, req); err != nil {
 		err = fmt.Errorf("could not verify request: %w", err)
 	} else {
 		err = s.send(ctx, req)
@@ -112,7 +112,7 @@ func (s *RequestMessageStreamer) CloseAndRecv(ctx context.Context) (ResponseMess
 		setStatusV2(resp, err)
 	}
 
-	if err = signResponse(s.key, resp, s.statusSupported); err != nil {
+	if err = signResponse(ctx, s.key, resp, s.statusSupported); err != nil {
 		return nil, err
 	}
 
@@ -130,6 +130,7 @@ func (s *SignService) CreateRequestStreamer(sender RequestMessageWriter, closer
 }
 
 func (s *SignService) HandleServerStreamRequest(
+	ctx context.Context,
 	req any,
 	respWriter ResponseMessageWriter,
 	blankResp ResponseConstructor,
@@ -142,12 +143,11 @@ func (s *SignService) HandleServerStreamRequest(
 
 	var err error
 
-	// verify request signatures
-	if err = signature.VerifyServiceMessage(req); err != nil {
+	if err = verifyRequestSignature(ctx, req); err != nil {
 		err = fmt.Errorf("could not verify request: %w", err)
 	} else {
 		err = respWriterCaller(func(resp ResponseMessage) error {
-			if err := signResponse(s.key, resp, statusSupported); err != nil {
+			if err := signResponse(ctx, s.key, resp, statusSupported); err != nil {
 				return err
 			}
 
@@ -164,7 +164,7 @@ func (s *SignService) HandleServerStreamRequest(
 
 		setStatusV2(resp, err)
 
-		_ = signResponse(s.key, resp, false) // panics or returns nil with false arg
+		_ = signResponse(ctx, s.key, resp, false) // panics or returns nil with false arg
 
 		return respWriter(resp)
 	}
@@ -183,8 +183,7 @@ func (s *SignService) HandleUnaryRequest(ctx context.Context, req any, handler U
 		err  error
 	)
 
-	// verify request signatures
-	if err = signature.VerifyServiceMessage(req); err != nil {
+	if err = verifyRequestSignature(ctx, req); err != nil {
 		var sigErr apistatus.SignatureVerification
 		sigErr.SetMessage(err.Error())
 
@@ -205,7 +204,7 @@ func (s *SignService) HandleUnaryRequest(ctx context.Context, req any, handler U
 	}
 
 	// sign the response
-	if err = signResponse(s.key, resp, statusSupported); err != nil {
+	if err = signResponse(ctx, s.key, resp, statusSupported); err != nil {
 		return nil, err
 	}
 
@@ -233,7 +232,10 @@ func setStatusV2(resp ResponseMessage, err error) {
 // The signature error affects the result depending on the protocol version:
 //   - if status return is supported, panics since we cannot return the failed status, because it will not be signed;
 //   - otherwise, returns error in order to transport it directly.
-func signResponse(key *ecdsa.PrivateKey, resp any, statusSupported bool) error {
+func signResponse(ctx context.Context, key *ecdsa.PrivateKey, resp any, statusSupported bool) error {
+	_, span := tracing.StartSpanFromContext(ctx, "signResponse")
+	defer span.End()
+
 	err := signature.SignServiceMessage(key, resp)
 	if err != nil {
 		err = fmt.Errorf("could not sign response: %w", err)
@@ -247,3 +249,10 @@ func signResponse(key *ecdsa.PrivateKey, resp any, statusSupported bool) error {
 
 	return err
 }
+
+func verifyRequestSignature(ctx context.Context, req any) error {
+	_, span := tracing.StartSpanFromContext(ctx, "verifyRequestSignature")
+	defer span.End()
+
+	return signature.VerifyServiceMessage(req)
+}