Order the e-signature Odnów e-podpis

HSM for electronic seal

For those developing safe and efficient solutions.


Contact us 

KIR offers HSM (Hardware Security Module) solution, a Thales Connect+ module (network version) for electronic seal.

Thales nShield Connect+ is a scalable HSM network security module that integrates easily with many security infrastructure applications, such as Microsoft Certificate Services (PKI), Entrust Authority Security Manager, RSA Certificate Manager, Oracle Database and Microsoft SQL Server.

Standard API (PKCS#11, JCE, Microsoft CAPI and CNGn) enables nShield Connect to provide hardware protection for critical security applications such as Public Key Infrastructure (PKI), databases, application and web servers. nShield Connect not only has unprecedented performance in this class of devices, but also features fully redundant power supply and cooling. High availability, scalability and remote management make nShield Connect the ideal solution for e-business.

The security of Thales modules in nShield product line is confirmed by FIPS 140-2 Level 3 and Common Criteria EAL4+ certificates.


Electronic Seal Infrastructure

When building the infrastructure for electronic seal service, KIR offers a solution based on the Thales HSM devices and Szafir SDK programming components.



The solution includes:

  • qualified certificate for electronic seal,
  • HSM cryptographic module installed on the customer's premises or in the KIR cloud for storing private keys, generating stamps and authorizing time-stamping requests;
  • Szafir SDK programming components that enable integrating the electronic seal generation and time stamping with customer systems that provide communication with HSM devices using PKCS#11;
  • qualified time stamps that reliably verify the time of affixing documents with electronic seals.

To learn more about the offer, please contact us using the following form.


Using HSM devices in the infrastructure has the following advantages:

  • security of Thales modules in nShield product line confirmed by FIPS 140-2 Level 3 and Common Criteria EAL4+ certificates,
  • compliance with eIDAS requirements,
  • securing and isolating sensitive cryptographic operations and assigning keys for critical applications in the organization,
  • reducing the cost of maintaining compliance (one network module for multiple applications),
  • the customer chooses the number of keys generated in the HSM, and thus can store the keys for different signatures or seals in the HSM,
  • scalability and the option to add more HSM modules,
  • ensuring high availability and failover - if two HSMs are used in two data centers of the customer,
  • smooth failover and load balancing in several HSM devices,
  • simplifying the management of cryptographic keys,
  • remote administration of HSM devices,
  • monitoring the operation of HSM devices, e.g. via SNMPv3 protocol.

The performance of the offered HSM Thales nShield Connect+ devices is as follows:


Basic technical parameters of HSM Thales nShield Connect+ devices

Supported symmetric cryptographic algorithms

  • Triple DES (112,168 bit)
  • AES (128,192,256 bit)
  • Aria (128,192,256 bit)
  • Camelia (128,192,256 bit)
Supported asymmetric cryptographic algorithms
  • RSA (1024,2048,4096 bit)
  • Diffie-Hellman
  • DSA
  • ECC Suite B
Supported cryptographic hash algorithms
  • SHA-1,SHA-2 (224,256,384,512 bit)
Physical characteristics
  • Dimensions: 19" 1U rack, depth 705mm
  • Operating temperature: +5 to 40 degrees Celsius
  • Energy consumption: 0.6A for 220V, 1.2A for 110V
Supported operating systems
  • Microsoft Windows 7 x64, 10 x64; Windows Server 2008 R2 x64, 2012 R2 x64, 2016 x64
  • Red Hat Enterprise Linux AS/ES 6 x64, 6 x86, 7 x64; SUSE Enterprise Linux 11 x64 SP2, 12 x64
  • Oracle Solaris 11 (SPARC), Oracle Solaris 11 x64
  • IBM AIX 7.1 (POWER6, POWER8), HP-UX 11i v3
  • Oracle Enterprise Linux 6.8 x64 and 7.1 x64
Application interfaces
  • PKCS#11, OpenSSL, Java (JCE), Microsoft CAPI and CNG, nCore
  • nShield Web Services Crypto API


  • FIPS 140-2 level 3
  • Common Criteria EAL4+
  • UL, CE, FCC


Our clients: