Utimaco CryptoServer CP5 – eIDAS-compliant CC-certified

The Utimaco CryptoServer CP5 supports Trust Service Providers (TSPs) in fulfilling policy and security requirements defined in various ETSI technical standards (ETSI EN 319 401, EN 319 411, EN 319 421). With key authorization functionalities, it is ideally suited for eIDAS-compliant qualified signature creation and remote signing. Other application areas include the issuing of (qualified) certificates, OCSP (Online Certificate Status Protocol) and time stamping. The CryptoServer CP5 is based on the CryptoServer Se Gen2 hardware platform and Common Criteria-certified according to the eIDAS Protection Profile (PP) EN 419 221-5 “Cryptographic Module for Trust Services”. It is available as a PCIe plug-in card or as network-attached appliance.

Remote signing applications require a Signature Activation Module (SAM) to authorize a signature or operation. Utimaco offers you a powerful combination of CryptoServer CP5 and CryptoServer CP5 SDK, allowing for SAM firmware to be developed and run inside the tamper-protected environment of the HSM. CryptoServer CP5 SDK is the ideal choice for developers of such “internal SAMs”, and TSPs operating such server signing solution.

Common Criteria & eIDAS-compliant

  • Full compliance at an attractive price
  • For applications with low to highest performance requirements
  • Extensive remote administration
  • Efficient key management and firmware updates via remote access
  • Automation of remote diagnosis via SNMP (Simple Network Management Protocol)
  • Dedicated software simulator for evaluation and integration testing


  • Key authorization API and tool (acc. PP EN 419 221-5)
  • Secure key storage and processing inside the secure boundary of the HSM
  • Extensive key management with key authorization
  • 2-factor authentication with smartcards
  • “m out of n” quorum authentication (e.g. 3 out of 5)
  • Multi-tenancy support
  • Remote management
  • Dedicated software simulator for evaluation and integration testing
  • Supported operating systems: Windows and Linux
  • Multiple integrations with PKI applications, etc.
  • All features included in product price

Cryptographic algorithms

  • RSA, ECDSA with NIST and Brainpool curves
  • ECDH with NIST and Brainpool curves
  • AES
  • SHA2-Family, SHA3
  • Hash-based deterministic random number generator (DRG.4 acc. AIS 31)
  • True random number generator (PTG.2 acc. AIS 31)
  • Up to 3,000 RSA or 2,500 ECDSA signing operations in bulk processing mode
  • All algorithms included in product price

Security, safety, environmental compliance

  • Common Criteria EAL4+, based on eIDAS Protection Profile EN 419 221-5
  • CE, FCC Class B
  • UL, IEC/EN 60950-1
  • CB certificate

Application programming interfaces (APIs)

  • PKCS#11
  • Cryptography Next Generation (CNG)
  • Cryptographic eXtended services Interface (CXI) – Utimaco‘s high performance interface ensures easy integration of cryptographic functionality into client applications

Product Documents


Share on Social Media

Share on facebook
Share on google
Share on twitter
Share on linkedin