eIDAS compliance and electronic signatures

Driving transparency, interoperability and innovation across the European Union with eIDAS.

The aim of eIDAS (electronic IDentification, Authentication and trust Services) is to spur digital growth within the EU. By creating standards to be eIDAS compliant for eIDAS electronic signatures, eIDAS advanced electronic signature, qualified digital certificates, electronic seals, time-stamps and other proof for authentication mechanisms, eIDAS enable electronic transactions with the same legal standing as transactions performed on paper.

eIDAS and Trust Service Providers

The eIDAS regulation has created an internal market area for trust services within Europe. Trust service providers (TSPs) are the companies or organization, that provides third-party trust services in the form of certificate issuance, signatures and authentication. The eIDAS regulation specifies the requirements that any public TSP operating within the EU must meet. This ensures the entire EU is operating using the same set of standards for certificate trustworthiness. eIDAS also introduces the concept of qualification for TSPs, where all TSPs across the EU must adhere to some basic requirements which are audited periodically at least every 24 months.

eIDAS and Smart Meter Security - people discussing
eIDAS electronic signatures - group discussing

Becoming a Trust Service Provider and eIDAS compliant

PrimeKey’s Public Key Infrastructure and electronic signing solutions goes a long way in reducing the complexity of becoming an eIDAS compliant TSP. PrimeKey EJBCA eIDAS edition provides electronic certificate issuance, registration and validation services within the eIDAS context and is a proven solution to cost-efficiently establish core TSP capabilities. The PrimeKey EJBCA eIDAS edition, PrimeKey SignServer Time Stamp Authority and SignServer for electronic signatures and seals are available both as software and as hardware appliances.

PrimeKey’s role in the eIDAS community

Enabling a broad adoption of electronic signatures in Europe will take more than a regulation. Delivering on the eIDAS vision requires a community of different actors, including trust service providers and technology providers, working together to support the eIDAS requirements.

PrimeKey has numerous eIDAS and ETSI Webtrust audited customer installations and so far we have appreciated working with 30+ eIDAS (Q)TSPs.

As one of the world’s leading companies for PKI and signing solutions, PrimeKey is committed to continuing to drive the adoption of digital signatures across Europe.

eIDAS discussions
NIS Directive

Benefits of PrimeKey EJBCA eIDAS edition for Trust Service Providers

PrimeKey is one of the world’s leading companies for PKI and electronic signing solutions, having developed successful technologies such as EJBCA Enterprise, SignServer Enterprise and PrimeKey EJBCA Appliance. The EJBCA eIDAS edition offers an easy and secure way of establishing the core capabilities of an eIDAS compliant TSP. The capabilities provided with EJBCA eIDAS edition include:

  • Certificate Issuance
  • Registration Point
  • Validation Service
  • High availability clustering
  • Support for Common Criteria PP5 certified or FIPS 140-2 level 3 certified Hardware Security Modules (HSMs)

EJBCA Enterprise and SignServer Enterprise deployment options

PrimeKey understands that organizations have unique business challenges, including security requirements, compliance, budgets and the availability of internal resources.

We give you the choice to combine software, hardware Appliance and Cloud deployments for your PKI solution. This means the infrastructure can be deployed in the manner best suited to your business needs and grow flexibly and expand over time. EJBCA Enterprise and SignServer Enterprise for eIDAS TSPs are available as:

The eIDAS relevant core features of the PrimeKey eIDAS solutions to ensure auditability and trust

Segregation of duties and access control

  • Registration authority with role-based access control and approval mechanisms
  • Support for smart card protected crypto token activation
  • Cryptographically protected audit log, recording all security events

Cryptographic controls

  • The standard EJBCA Appliance has a built in FIPS 140-2 level 3 certified HSM
  • The EJBCA Appliance eIDAS edition has a built in Common Criteria PP5 certified HSM
  • Reset-to-factory defaults mechanism including secure key zeroization
  • Common criteria certified software components

Physical and environmental security, operational security

  • Built in backup and restore functionality
  • SNMP monitoring
  • Support for 2 and 3 node cluster setups offering fail-over or high-availability
  • Dual Gigabit Ethernet ports with separation of management and application networks
  • Redundant, field-replaceable power supply
  • Easy to use update mechanism for firmware and application software

Network Security

  • SNMP monitoring
  • Dual Gigabit Ethernet ports with separation of management and application networks

Incident Management

  • Cryptographically protected audit log, recording all security events

Compliance

  • Registration Authority with role-based access control and approval mechanisms
  • Support for operating multiple, independent PKI hierarchies within one installation
  • Built in backup and restore functionality

Get in touch with us about eIDAS

Fill in your contact information below and we will get in touch with you.

    I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy here.

Selected blog posts

How can we help?

    I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy here.
Contact us