CryptoServer CP5
eIDAS Compliant and CC-Certified Qualified Signature Creation Device (QSCD)


CC eIDAS for CryptoServer General Purpose HSMs

  • Specifically designed for eIDAS-compliant qualified signatures and seals, remote signing and the issuing of qualified certificates
  • Common Criteria-certified according to the eIDAS Protection Profile (PP) EN 419 221-5 “Cryptographic Module for Trust Services”
  • Supports Trust Service Providers (TSPs) in fulfilling policy and security requirements by deploying and maintaining HSMs to be used as qualified devices for electronic signature creation
  • Includes a software simulator for evaluation and integration testing

Product Type:


Supported Platforms:

Delivery Time:

About 2-4 weeks
Key Benefits

Key Benefits


Qualified Signature/ Seal Creation Device (QSigCD & QSealCD)

CC eIDAS running on CryptoServer has received eIDAS certification as both a Qualified Signature and Qualified Seal Creation Device (QSCD) and can be used as a standalone QSCD or as a part of a combined QSCD with remote signing solutions.


Signature Activation Module (SAM) Ready for eIDAS Server Signing

By utilizing an add-on product from UTIMACO - the CryptoServer SDK - for development of a Signature Activation Module (SAM), running inside the certified boundary of the HSM.


Strong Hardware Protection of Sensitive Assets

A secure root of trust to store sensitive assets such as private keys and data and optionally be managed as a “remote QSCD” by a qualified trust service provider (QTSP).



CC eIDAS for CryptoServer General Purpose HSM – eIDAS Qualified Signing, Sealing and Certificate Issuing

CryptoServer CP5


CC eIDAS running on CryptoServer General Purpose HSM supports Trust Service Providers (TSPs) in fulfilling policy and security requirements defined in various technical standards (ETSI EN 319 401, EN 319 411, EN 319 421).

With key authorization functionalities, it is ideally suited for eIDAS-compliant qualified signature creation and remote signing. Other applications include (qualified) certificate issuance, OCSP (Online Certificate Status Protocol) and time stamping. This compliance version enables CryptoServer General Purpose HSM to be Common Criteria-certified according to the eIDAS Protection Profile (PP) EN 419 221-5 “Cryptographic Module for Trust Services”.

Deployed as a Qualified Signature/ Seal Creation Device operating in the secure environment of a QTSP it provides users with a remote signing func-tionality. When used in conjunction with qualified certificates, the QSCD gen-erates qualified electronic signatures or seals as defined in eIDAS. The eIDAS compliant Hardware Security Module provides the highest level of assurance and conformity for efficient signing transactions, as a part of an eIDAS-compliant solution.

For further customization, it can be extended with a Signature Activation Mod-ule (SAM) that runs within the certified HSM boundary and meets the require-ments of the EN 419 241-2 protection profile using the Software Development Kit. This combined solution enables Trust Service Providers to offer server signing for remote signatures and seals.

The included software simulator enables evaluation and testing of all CC eIDAS use cases for integration with business applications prior to produc-tion deployment.


High security for regulated use cases

  • Can be used for additional applications such as Timestamping and OCSP (Online Certificate Status Protocol)
  • Secure key storage and processing inside the hardened boundary of the HSM
  • High-quality true random number generator to ensure uniqueness of keys
  • Configurable role-based access control and separation of functions
  • 2-factor authentication with smartcards
  • “m of n” quorum authentication
  • Extensive remote management and monitoring

Efficient key management and HSM administration including firmware up-dates via remote access

  • Automation of remote diagnosis via Simple Network Management Protocol (SNMP)
  • Software Simulator Included

HSM Simulator with all functionalities

  • Fully functional runtime including all administration and configura-tion tools
  • For evaluation and integration testing prior to deployment in production

Technical Specifications

Supported Cryptographic Algorithms

  • RSA, ECDSA with NIST and Brainpool curves
  • ECDH with NIST and Brainpool curves
  • AES
  • SHA-2, SHA-3
  • Hash-based deterministic random number generator (DRG.4 acc. AIS 31)
  • True random number generator (PTG.2 acc. AIS 31)
  • up to 3,000 RSA or 2,500 ECDSA signing operations     

Support for various Application Interfaces (APIs)

  • PKCS #11
  • Cryptography Next Generation (CNG)
  • Key authorization API and tool
  • Utimaco‘s comprehensive Cryptographic eXtended services Interface (CXI)

Fulfills Various Security Compliance Mandates

  • Common Criteria EAL4+ certified according to Protection Profile EN 419 221-5 (further information is available on the Common Criteria Portal) as well as to point 23 and 32 of Article 2 of Regulation 910/2014 (eIDAS) (further information is available on the EU Trust Services Dashboard)
  • Server Signing acc. EN 419 241-2
  • ETSI Policy and Security Requirements (e. g. EN 319 401, EN 319 411, EN 319 421, C-ITS)        

Fulfills Various Environmental Compliance Requirements

  • CE, FCC Class B
  • UL, IEC/EN 60950-1, IEC/EN 62368-1
  • CB certificate


Our on-premise options allow hosting the product directly on-site in your own network or data center.

  • LAN Appliance
  • PCIe Card


Related to this product


360 HSM Monitoring

Remote HSM Management and Monitoring

Find more details

Contact us

We look forward to answering your questions.

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.
You have selected two different types of downloads, so you need to submit different forms which you can select via the two tabs.

Your download request(s):

    By submitting below form you will receive links for your selected downloads.

    Your download request(s):

      For this type of documents, your e-mail address needs to be verified. You will receive the links for your selected downloads via e-mail after submitting below form.

      About Utimaco's Downloads

      Visit our Downloads section and select from resources such as brochures, data sheets, white papers and much more. You can view and save almost all of them directly (by clicking the download button).

      For some documents, your e-mail address needs to be verified. The button contains an e-mail icon.

      Download via e-mail


      A click on such a button opens an online form which we kindly ask you to fill and submit. You can collect several downloads of this type and receive the links via e-mail by simply submitting one form for all of them. Your current collection is empty.