In the past few years, PrimeKey has had the honor of working with 30+ eIDAS (qualified) Trust Service Providers (TSPs) as customers. As the eIDAS regulation evolves and new requirements emerge, it is important for PrimeKey to constantly improve our portfolio and support new and updated regulations while continuing to deliver a comprehensive customer experience.
One of the new features in EJBCA eIDAS edition is the support for the eIDAS specific Key Activation process, the so-called Key Authorization Key (KAK) that is used with the Utimaco CryptoServer CP5 Hardware Security Module (HSM). Most PrimeKey customers already use HSMs in their PKI or signing solution as it enables enterprise-grade security for keeping all cryptographic keys secure. In the EJBCA eIDAS edition, the KAK adds an additional layer of authorization when managing HSM keys. For an EJBCA customer, this means that the process of key creation and management differs, but when operational, the usage of the HSM is similar to a traditional HSM.
Besides this, we have added support for the Utimaco CryptoServer CP5 HSM. The Utimaco CryptoServer CP5 HSM is eIDAS-compliant and Common Criteria-certified according to PP EN 419 221-5. PrimeKey is committed to following the eIDAS evolution.
By the end of the year, we plan to extend our popular hardware Appliance offering with a bundled solution of the PKI Appliance eIDAS edition including the Utimaco CP5 HSM. The PrimeKey EJBCA eIDAS edition together with an HSM that has been certified according to Common Criteria Protection Profile EN 419 221-5 is a pre-requisite for all EJBCA Enterprise customers who want to become eIDAS qualified Trust Service Providers and issue qualified certificates for application areas, such as qualified electronic signing.
We’re looking forward to Common Criteria PP5 certified HSMs from other vendors and to jointly making the eIDAS trust services even more accessible.
For specific documentation on the eIDAS edition of EJBCA, see: PrimeKey Documentation