Utimaco CP5 QSCD and Szafir SDK for local and qualified mass sealing

A high performance solution for automated signing of documents with an eIDAS compliant Qualified Seal

ESYSCO, a Utimaco distributor since 2008, introduces a powerful solution of Utimaco CryptoServer CP5 QSCD with Szafir SDK  for on-premise, automated and server based document sealing

Key solution benefits:

  • Full compliance with eIDAS regulation for Qualified Electronic Seals
  • Local deployment – all documents are signed within the perimeter of the organisation
  • Documents signed with a QSeal, provide the highest level of authenticity and security in B2B and B2C transactions
  • Flexibility in choosing the signature format and its variants
  • Visual presentation of the Qualified Electronic Seal
  • Qualified Timestamping of signed/sealed documents
  • High performance, scalability and availability in a clustered setup

Most common use cases

  • Mass documentation e.g. notifications, bank statements, policies etc.
  • Contracts and commercial offers
  • Official notifications and certificates
  • Patients’ hospital records and discharge papers
  • Long term preservation of scanned documents
  • Legal documents (e.g. legal acts)
  • Official company documents (financial reports, fiats, statutes)
  • Electronic invoices, bills, order and delivery confirmations
  • Electronic correspondence (smart scanning with document integrity confirmation)
  • Authentication when gaining the access to financial services in accordance with the new EU regulation regarding PSD2 payment services


Successful implementation for one of the largest Polish banks

The custom solution was implemented for one of the largest Polish banks. The integration was chosen due to criteria such as flexibility, security and high performance.

Implementation of Utimaco CP5 QSCD and Szafir SDK solution enabled the client to sign documents electronically with qualified electronic seal providing the highest level of authenticity and security in transactions. It also enables the bank a secure and digital distribution of confidential documents generated for individual clients.

Utimaco CryptoServer CP5 QSCD
The eIDAS-compliant and Common Criteria certified QSCD according to EN 419221-5 of the eIDAS Regulation (EU) 910/2014

Qualified Electronic Seal

Thanks to the eIDAS regulation, electronic documents signed with a qualified electronic seal have an equivalent legal effect of a widely used organisation seal.

eIDAS & CEN/TS 419221-6

The technical specification, published on 1 March 2019 (CEN/TS 419221-6), defines the requirements for local applications of EN 419221-5 for qualified electronic signatures or signature creation devices, i.e. in case the signatory or signature creator has direct local control over the cryptographic module. The purpose is to approve the qualified seal creation devices and/or signature creation devices (QSealCD / QSignatureCD) according to the Regulation (EU) 910/2014. An appropriate certification of the HSM/QSCD and its location in a secure server room or computer centre (e.g. with access control) is required for an organisation’s internal mass sealing.

In such case, operating Hardware Security Modules (HSMs) as QSCD for internal qualified digital sealing of documents is no longer legally or technically reserved for Qualified Trust Service Providers only.

The HSM model Utimaco CryptoServer CP5 was certified by TÜV-Rheinland Nederland B.V. at the end of May 2020 and on 4 June 2020, it was entered by the European Commission in the List of Secure Signature Creation Devices, covered by the set of transitional measures under Article 51(1) of the Regulation (EC) 910/2014 (eIDAS). Utimaco CP5 is an approved QSCD in which the data for creating electronic signatures or electronic seals “are stored in an environment that is fully, but not necessarily exclusively administered by the user”.

Szafir SDK
Components for generation and verification of electronic signatures in all formats approved by eIDAS

Main features:

  1. Support for a variety of digital signature formats and variants
  • CAdES (PKCS#7) in the variants of CAdES-BES, CAdES-T, and allows creating a multiple signature.
  • XAdES – in the variants of XAdES-BES, XAdES-T, XAdES-C, XAdES-A and allows creating a multiple signature, countersignature and enveloped signature.
  • PAdES – in the variants of PAdES-BES, PAdES-T, PAdES-LTV.
  • ASiC-S – in the variants of ASiC-S-CAdES-BES, ASiC-S-XAdES-BES, ASiC-S-CAdES-T, ASiC-S-XAdES-T.
  1. Unique, easy to learn, high level, task oriented XML API with wide-parametrization capabilities

Processing of creating and verifying electronic seals and time stamping is done by transferring the XML structure – A TaskList to the component under which

  • tasks for signature creation and verification are defined and parametrised with format, time stamping and additional options)
  • taskList is processed and updated with results of processing and returned.
  1. Enables developers to rapidly integrate applications and provides crypto-agility.
  2. Offers wide configuration and customization capabilities.
  3. Works with interactive/GUI and non-interactive mode.
  4. WHAT YOU SEE IS WHAT YOU SIGN visualization of data to be signed
  5. Support of TSL List for signing and verification of signatures from a majority of the EU Member States
  6. Support of PKCS#11 HSM, smartcards and tokens
  7. Variety of supported platforms (JAVA, wrapper for C++/ .NET), Web Browsers
  8. Detailed reference documentation and sample applications

A zero-downtime deployment and integration with ESYSCO

ESYSCO’s long-term experience in providing eIDAS compliant solutions and delivering cybersecurity services with dozens of successful implementations in various QTSP projects allow us to choose the most optimized solutions to meet individual needs of each organisation and implement them successfully.

We offer smooth integration of Szafir SDK with Utimaco CryptoServer CP5, from pre-implementation analysis, through the implementation of planned integration and preparation of project documentation, to staff training and technical support after project implementation.

About Utimaco HSM & QSCD

Utimaco is a worldwide supplier of professional cybersecurity solutions and is based in Aachen, Germany. Since 1983, Utimaco has been developing hardware-based, high-security appliances (Hardware Security Modules) and compliance solutions for telecommunication provider regulations (lawful interception and data retention).

Talk to us today and check, how we can support you.
Contact us and request a free DEMO of the solution!