eIDAS Compliant Qualified Seal
Electronic seals are the equivalent of electronic signatures for data/documents, but it applies to data/documents generated solely by machines.
A Qualified Electronic Seal is an EU approved tool used for signing documents by large legal entities, such as joint-stock companies, limited-liability companies and public institutions. It is a proof of will based on trust, which guarantees integrity, confidentiality and authenticity of signed documents or data of any kind.
In the digital era, the digitalization of workflows holds the keys to competitive business by reducing time and cost connected with document management. By levering solutions implementing the Qualified Electronic Seals, legal entities can ensure that the signatures are an equivalent of a qualified electronic signature used by natural persons.
The 3Key Company solution is an on premises eIDAS Qualified Electronic Seal system where preferably the complete workflow of document preparation, sealing, distribution and archiving happens in one step. The solution is especially interesting for organizations with the need for scalable performance in providing documents to their clients and flexible integration options.
Benefits and Functionalities
Use Cases for Qualified Seal
Qualified Local Mass Seal Architecture
Typical sealing process
eIDAS signature formats
- ETSI EN 319 142 – PDF Advanced Electronic Signature Profiles (PAdES)
- ETSI EN 319 132 – XML Advanced Electronic Signatures (XAdES)
- ETSI EN 319 122 – CMS Advanced Electronic Signatures (CAdES)
- ETSI TS 119 182-1 – JSON Advanced Electronic Signatures (JAdES)
- ETSI EN 319 162 – Associated Signature Containers (ASiC)
- ETSI EN 319 422 – Time-stamping protocol and time-stamp token profiles
EN 419 221-5
Protection Profiles for TSP Cryptographic Modules – Part 5: Cryptographic Module for Trust Services
CEN/TS 419 221-6
Conditions for use of EN 419221-5 as a qualified electronic signature or seal creation device
ENISA related to EN 419 221-5
One could perfectly use this PP for devices that are not managed by a TSP. A device certified against this PP may be used by users that wish to store they signing keys remotely, as it would be the case e.g. for a legal person implementing a QSCD to issue qualified seals. Even if the PP is suitable for cryptographic modules used by QTSP, the PP can be used for devices other than TYPE 2 ones.