Order the e-signature Odnów e-podpis

HSM for electronic seal

For those developing safe and efficient solutions.


Contact us 


In the scope of the HSM (Hardware Security Module) devices, KIR offers the UTIMACO CryptoServer CP5 module (network version) for electronic seals.

CryptoServer CP5 is a scalable network HSM security module that easily integrates with multiple security infrastructure applications.

Through APIs (PKCS#11, CSP, CNG, CXI), CryptoServer CP5 provides hardware protection for critical security applications such as public key infrastructure (PKI), databases, application and web servers. CryptoServer CP5 also features a fully redundant power supply and cooling. High availability, scalability and remote management make CryptoServer CP5 the ideal solution for e-business.

The security of CryptoServer CP5 HSM modules is confirmed by Common Criteria certificate in accordance with the EAL4 AVA_VAN.5 standard and Protection Profile according to EN 419221-5 “Cryptographic Module for Trust Services”.


Electronic Seal Infrastructure

When building the infrastructure for electronic seal service, KIR offers a solution based on the UTIMACO HSM devices and Szafir SDK programming components.



The solution includes:

  • qualified certificate for electronic seal,
  • HSM cryptographic module installed on the customer's premises or in the KIR cloud for storing private keys, generating stamps and authorizing time-stamping requests;
  • Szafir SDK programming components that enable integrating the electronic seal generation and time stamping with customer systems that provide communication with HSM devices using PKCS#11;
  • qualified time stamps that reliably verify the time of affixing documents with electronic seals.

To learn more about the offer, please contact us using the following form.


Using HSM devices in the infrastructure has the following advantages:

  • security of UTIMACO modules in CryptoServer CP5 product line confirmed by Protection Profile EN 419221-5 and Common Criteria EAL4 AVA_VAN.5 certificates,
  • compliance with eIDAS requirements. HSM UTIMACO CryptoServer CP5 is listed on the EU list of qualified devices as a qualified signature creation device and a qualified seal creation device,
  • securing and isolating sensitive cryptographic operations and assigning keys for critical applications in the organization,
  • reducing the cost of maintaining compliance (one network module for multiple applications),
  • the customer chooses the number of keys generated in the HSM, and thus can store the keys for different signatures or seals in the HSM,
  • scalability and the option to add more HSM modules,
  • ensuring high availability and failover - if two HSMs are used in two data centers of the customer,
  • smooth failover and load balancing in several HSM devices,
  • simplifying the management of cryptographic keys,
  • remote administration of HSM devices,
  • monitoring the operation of HSM devices, e.g. via SNMPv3 protocol,
  • dedicated software simulator and HSM devices for potential solution evaluation and testing.

The performance of the offered HSM UTIMACO CryptoServer CP5 devices is as follows:




Basic technical parameters of HSM UTIMACO CryptoServer CP5 devices

Supported cryptographic algorithms

  • RSA, ECDSA with NIST and Brainpool curves

  • ECDH with NIST and Brainpool curves

  • AES

  • Triple DES


Supported asymmetric cryptographic algorithms
  • RSA (1024,2048,4096 bit)
  • Diffie-Hellman
  • DSA
  • ECC Suite B
Supported cryptographic hash algorithms
  • SHA-1,SHA-2 (224,256,384,512 bit), SHA-3 (224,256,384,512 bit) 
Physical characteristics
  • Dimensions: 19" rack 1U
  • 2 RJ45, 1 Gb/s
  • 2 x 300 W redundant power unit

  • Operating temperature: +10 to + 45 degrees Celsius
  • Energy consumption: 45W
Supported operating systems
  • Microsoft Windows Windows 10

  • Windows Server 2008/2008 R2

  • Windows Server 2012/2012 R2

  • Windows Server 2016

  • Hat Enterprise Linux 6.4/6.5/6.6/6.9

  • Red Hat Enterprise Linux 7.0/7.1/7.2/7.3

  • Linux Enterprise Server 11

  • Debian 7 "Wheezy"

  • Debian 8 “Jessie”

  • Debian 9 “Stretch” 

Application interfaces
  • PKCS#11, Microsoft CAPI, CNG, Cryptographic eXtended services Interface (CXI)


  • Common Criteria zgodnie z normą EAL4 AVA_VAN.5 oraz Protection Profile EN 419221-5

  • UL, IEC/EN 60950-1,

  • CB


Our clients: