Utimaco CryptoServer CP5

The eIDAS regulation established a common framework for secure electronic signature services, which has greatly facilitated the use of modern collaborative tools in the EU.

According to eIDAS, cryptographic keys must be stored on a qualified signature creation device, and a qualified trust service provider (QTSP) is required to provide electronic signature services.

UTIMACO’s CryptoServer CP5 is a secure signature/seal generation device that operates in a secure QTSP environment, allowing users to also sign remotely. The device generates qualified electronic signatures or seals as defined by eIDAS. (QSigCD / QSealCD). Relevant security certificates certify compliance with the requirements for this type of application.

The CryptoServer CP5 has many options to customize the device according to customer requirements. An example is the SAM module, which operates inside the certified HSM area and according to the requirements of the EN 419 241-2 security profile. There is also the CryptoServer SDK developer toolkit and a software simulator, which allows you to test the integration of all CryptoServer CP5 use cases with business applications before implementing them in production.

Important features of the solution:

  • software simulator for easier integration and testing
  • two-factor authentication using smart cards (also “m among n” quorum mechanism)
  • remote access and management
  • attractive price/feature ratio
  • access through typical software interfaces (PKCS#11 and MS CNG) and through the manufacturer’s own contact allowing full use of the device’s potential
  • high quality random number generator
  • available as a PCI card or network device



Performance is measured in transactions/signatures per second (TPS)

RSA performancemodel Se12model Se52model Se500model Se1500
CryptoServer PCIe16 - 2048 bit
2 - 4096 bit
80 - 2048 bit
11 - 4096 bit
640 - 2048 bit
100 - 4096 bit
900 - 2048 bit
160 - 4096 bit
CryptoServer Network16 - 2048 bit
2 - 4096 bit
75 - 2048 bit
11 - 4096 bit
56- 2048 bit
100 - 4096 bit
750 - 2048 bit
150 - 4096 bit
Note: performance may depend on the operating system, applications, local network structure and other factors.
Supported cryptographic algorithms
Symmetric algorithmsAES, CMAC, HMAC
Asymmetric algorithmsRSA, ECDSA with NIST and Brainpool curves, ECDH with NIST and Brainpool curves
HASH algorithmsSHA2-Family, SHA3
Technical specification
Physical characteristicsNetwork Apliance: 19'' 1U ( 446mm x 533,4mm x 44mm)
PCIe card: 18,6mm x 111,15mm x 167,65 mm
Supported OS*Microsoft, Linux
PKCS#11, Cryptography Next Generation (CNG), Cryptographic eXtended services Interface (CXI)
Certifications &CompliancesCC (Common Criteria)
UL, IEC/EN 60950-1, IEC/EN 62368-1, CB certificate, RoHS III, WEEE, CE, FCC Class B
* Contact us in order to obtain detailed information regarding support for a specific OS version