We have logged you out of your account. Log in again
HSM_bezpieczne moduły do pieczęci.png

HSM for electronic seal

For those who develop safe and efficient solutions.

Solution variants

In the area of HSM (Hardware Security Module) devices, we offer the following modules:

  • Utimaco CryptoServer CP5 – dedicated to electronic seal
  • Utimaco SecurityServer Se Gen2 – dedicated to general applications

CryptoServer CP5 and Se Gen2 are scalable network HSM security modules, which can be integrated easily into many security infrastructure applications.

Through the API (PKCS#11, CSP, CNG, CXI), the HSM Utimaco modules provide hardware protection for critical security applications such as public key infrastructure (PKI), databases, application servers and web servers. Both models have fully redundant power supply and cooling. The operability in high availability, scalability and remote management make the offered devices an ideal solution for e-business.

For electronic seal, the security of CP5 modules is confirmed by Protection Profile EN 419221-5 and eIDAS compliance certificates. CP5 is present on the EU list of qualified devices as a qualified signature creation device and a qualified seal creation device (https://esignature.ec.europa.eu/efda/notification-tool/#/screen/browse/list/QSCD_SSCD).

Infrastructure for electronic seal

We propose a solution based on the UTIMACO HSM device and Szafir SDK programming components for building the infrastructure for electronic seal management. The solution includes:

  • qualified electronic seal certificate,
  • HSM Utimaco CP5 cryptographic module installed at the customer's site to store private keys and to generate seals and authorisation of time-stamping requests,
  • Szafir SDK programming components, allowing the integration of electronic seal generation and time stamping functionality with customer's systems that ensure communication with HSM devices via PKCS#11,
  • qualified time stamps, guaranteeing the reliable existence of documents with an electronic seal.

The use of HSM devices within the infrastructure offers the following advantages:

  • security of UTIMACO CryptoServer CP5 HSM modules confirmed by the Common Criteria certificate in accordance with the EAL4 AVA_VAN.5 standard and Protection Profile EN 419221-5,
  • compliance with eIDAS requirements. HSM UTIMACO CryptoServer CP5 is present on the EU list of qualified devices as a qualified signature creation device and a qualified seal creation device (https://esignature.ec.europa.eu/efda/notification-tool/#/screen/browse/list/QSCD_SSCD),
  • ability to work in FIPS compatibility mode – SecurityServer Se Gen2
  • securing and isolating sensitive cryptographic operations and assigning keys to critical applications in the organisation,
  • reducing compliance costs (one network module for many applications),
  • all cryptographic algorithms supported by the device included in the product price,
  • the customer is the one to decide on the number of keys generated in HSM,
  • scalability of the solution depending on needs and the ability to add other HSM modules,
  • ensuring high availability and protection in the event of failure – for two HSMs kept in two independent customer data centres,
  • smooth failover and load balancing across several HSM devices,
  • simplified cryptographic key management,
  • option of remote administration of HSM devices,
  • ability to monitor the operation of HSM devices, among others, via SNMPv3 protocol,
  • dedicated software simulator and HSM devices for potential solution evaluation and testing.

The offered UTIMACO CryptoServer CP5 HSM devices are characterised by the following performance:

Utimaco_cp5_RSA_performance.jpg [2.99 MB]

Utimaco_cp5_elliptical_curves_performance.jpg [3.49 MB]

Basic technical parameters of UTIMACO CryptoServer CP5 LAN HSM devices:

Supported cryptographic algorithms

RSA, ECDSA with NIST and Brainpool curves
ECDH with NIST and Brainpool curves
Triple DES

Supported asymmetric cryptographic algorithms

RSA (1024,2048,4096 bit)



ECC Suite B

Supported cryptographic hash algorithms

SHA-1,SHA-2 (224,256,384,512 bit), SHA-3 (224,256,384,512 bit) 

Physical characteristics

Dimensions: 19" rack 1U

2 RJ45, 1 Gb/s

2 x 300 W redundant power unit

Operating temperature: +10 do +45 stopni Celsjusza

Energy consumption: 45W

Supported operating systems

Microsoft Windows Windows 10

Windows Server 2008/2008 R2

Windows Server 2012/2012 R2

Windows Server 2016

Hat Enterprise Linux 6.4/6.5/6.6/6.9

Red Hat Enterprise Linux 7.0/7.1/7.2/7.3

Linux Enterprise Server 11

Debian 7 "Wheezy"

Debian 8 “Jessie”

Debian 9 “Stretch” 

Application interfaces

PKCS#11, Microsoft CAPI, CNG, Cryptographic eXtended services Interface (CXI)


Common Criteria in accordance with EAL4 AVA_VAN.5 and Protection Profile EN 419221-5

UL, IEC/EN 60950-1,



Free HSM device simulator (possibility to test with business applications before purchasing/implementing a physical device for a production system)

Our clients: