What is the difference between 5110+ and 5110CC (940) Gemalto Safenet eToken?

In terms of usage, the main difference is that the eToken 5110+ has one set of passwords for PKI (password and admin password). The token can hold up to 20 key pairs (certificates). SafeNet eToken 5110CC (940) tokens have 2 separate partitions: Section 1 - the classic PKI partition for working with certificates has its own PIN - password and administrator password for unblocking; Section 2 is for an certificate used for creating a qualified electronic signature / qualified electronic seal and also has its PIN and PUK. The capacity of the token is 16 key pairs for the PKI and 2 for the qualified part.

If the customer does not want to use the qualified part, he can simply leave the default passwords for future opportunities and use only the PKI for both tokens the same. From a price point of view, the eToken 5110CC is a clear choice.

From a technical point of view, this is what we call part of the java card applet and the eToken 5110+ contains one, the eToken 5110CC two. The hardware platform is different. The eToken 5110CC is newer, so it also supports, for example, the generation of 4096 bit RSA or more elliptic curves and is faster, so the eToken 5110CC wins again.

The SafeNet eToken 5110+ has an advantage where native access via PKCS#11 is required. These are mostly applications that do not need common operating systems. For example preboot authentication, embedded systems, OpenSC.

We believe that in common situations the eToken 5110CC (940) might be a cheaper and better option. Just be cautious, you need to have SAC 10.6 and higher installed on the stations, ideally 10.8 R2 which we supply as standard.


If you need any help, feel free to contact us - info@qscd.eu.