Program QES




Program QES

The application v.1.0.0.xx (32-bit, SHA-256, zip, 3.7 MB) / v.1.0.0.xx (64-bit, SHA-512, zip, 4.6 MB) has been developed by NSA officer to be used by supervisory body for supervisory tasks. This application is provided free of charge for anybody, especially for public sector bodies which must fulfil obligations of Articles 27(3) and 37(3) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market.

The application can be used for timestamping and for signature or seal creation in accordance with Commission Implementing Decision (EU) 2015/1505 and Commission Implementing Decision (EU) 2015/1506 (PDF documents, EXE - applications or any type of documents especially in ASiC – ZIP container, which can be also nested)

  • by qualified electronic signature,
  • by qualified electronic seal,
  • by qualified electronic time-stamp, as well as
  • for browsing with the possibility to export and view authorized documents from ASiC and PDF containers.

Lock It

The program Lock It was created mainly for the NSA of the Slovak Republic and for anybody who needs to communicate with the public administration. Program Lock It can be used freely and the main intent of usage is to support the implementation of the Services Directive and e-procedures where the requirements of the implementation of the already adopted Decisions (2009/767/EC and 2010/425/EU) and the Decision CD 2011/130/EU on reference advanced e-signature formats (notified under document C(2011) 1081) have been the basis for the LockIt creation. LockIt will be updated according to Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.

Information is included in the presentation Electronic signature - simply, long-term, safely and in accordance with Commission Decision 2011/130/EU.

The English Version:

The Slovak Version - Slovenská verzia:


Certificate form certificate request PKCS#10

06.02.2011 23:16
Mini CA (button New Key) can be used for the certificate creation according to PKCS#10 requests. The key for PKCS#10 request can be generated in the HW module like HSM or smart cards. 


06.02.2011 04:23
Mini CA (New Key Button) can be used for cross-certificate creation.

Trust form TrustList

03.02.2011 23:56
Trust in CMS validaton is according to TrustedList.p7m from Trust tab. Certification path is build according to certificates from the signature and certificates form the Trust tab of Lock It.


02.02.2011 01:12
 Utility tab can be used for the hash computation and comparison. 


01.02.2011 02:05
New OIDs with description can be added to the configuration LockIt.ini file. The LockIt.ini file also contains the certificates form Trust and the trustlist.p7m 

New attributes

30.01.2011 03:17
CMS: LockIt is now able to add the archive time-stamp V2, Update Validation data to the latest archive time-stamp. CMS, XML and PDF AdES: The signing time can be changed in the LockIt application. Signer can include the signing location and define: Proof Of Origin ... Approval. CMS: The signed...

LockIt signature creation is according to Qualified Electronic Signature profile for interoperability

26.01.2011 17:47
Lock It Signature Creation is according to NSA Qualified Electronic Signature profile for interoperability No.: 917/2011/IBEP/OEP-001 For the signature creation and validation there are used the following CAdES attributes where the following conditions must be met: The RFC 5652 Cryptographic...

Change of language

24.01.2011 00:55
The interface language from the file can be changed directly from the application menu. 

Online: certification path building, OCSP and CRL

17.01.2011 03:00
Certification path is created according to information from Authority Information Access. Issuer certificate: id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 } OCSP:  id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }.  CRL: HTTP CRL Distribution Points.  

Lock It in the command line

09.01.2011 20:22
The application Lock It can be used in the command line.  Usage: LockIt.exe [operation] outputSignFile [-i input1 input2 ... inputX] Where possible operations are:     -s : sign input1..X files or outputSignFile (wildcards * ? and directory allowed) and save the signture to ...