mSzafir

Both single signatures and signatures with a long period of validity can be used only to sign files in PDF format (excluding interactive PDF forms), in the variant PAdES-T (additionally signature has a qualified time-stamp), with a maximum size of 5 MB. 

mSzafir enables issuing qualified certificates, needed to affix qualified signatures. mSzafir qualified electronic signatures are compatible with eIDAS requirements and have legal effect equivalent to handwritten signatures. More information on this subject can be found here.

Select mSzafir certificate for single signature in the Szafir eShop and confirm your identity with mojeID by using electronic banking. Currently this option is available in PKO Bank Polski, Inteligo, Pekao S.A., mBank and ING Bank Śląski. 

Prepare the document for signing (PDF format, max. 10 MB), generate a qualified certificate and sign the selected PDF document within 15 minutes.

Here you will learn how to buy a certificate and sign the document step by step.

Select the mSzafir long-term certificate in the eShop, confirm your identity using one of the three available methods. Download and activate the mSzafir mobile application – you can use it to log in to the mSzafir portal where you can sign documents. Then, generate a certificate and sign the documents within the purchased package.

Here you will learn how to buy a certificate and sign the document step by step.

After selecting a certificate variant in the Szafir web store, prepare the KIR qualified certificate saved on a cryptographic card. Select qualified certificate as a method of identity confirmation. Make sure that a card with a qualified certificate is inserted in the reader, and then select the “Check certificate” button. Fill in the required details, accept the Regulation of the mSzafir service, and then select the button “Order and pay” and make the payment. An order confirmation will be sent to the e-mail address provided. To continue, click “Generate certificate”. Read the message displayed, and then select the button “Confirm with a qualified signature”. Check the correctness of details for qualified certificate, select the confirmation checkbox and choose the button “I confirm details”.

When going to a KIR branch, it is necessary to prepare a valid identity document (ID card or passport) and install the mSzafir mobile application. At a KIR branch, an employee will verify your identity and activate your mobile application. Then, you can log in to the mszafir.pl portal and start using mSzafir signature with a long period of validity.

After choosing a certificate variant in the Szafir web store, select electronic banking as identity confirmation method. Currently this option is available in PKO Bank Polski, Inteligo, Pekao S.A. and mBank. When you buy mSzafir certificate for single signature this option is available also in ING Bank Śląski.

Fill in the required details, accept the Regulation of the mSzafir service, and then select the button “Order and pay” and make the payment. An order confirmation will be sent to the e-mail address provided. To continue, click “Generate certificate”. Read the message displayed, and then select the button “Confirm with mojeID”. Specify the bank with which you want to confirm your identity, log in to your electronic banking and agree to the transfer of your details. Check the correctness of the details to be confirmed during the identity verification process, which will be included in the certificate.

mojeID service enables remote identity confirmation using electronic banking. This is important because a proper confirmation of identity will allow to successfully complete the process of issuing the mSzafir certificate. Thanks to mojeID, the whole process is carried out online, without the need to visit a KIR branch.

Currently you can confirm your identity without leaving home, by using remote verification, in PKO Bank Polski, Inteligo, Pekao S.A. and mBank. When you buy mSzafir certificate for single signature this option is available also in ING Bank Śląski. We are working hard to make the service available to clients of other banks. We will keep you informed about adding other banks to the service.

The mSzafir service enables remote signing of documents in PDF format, using any device, such as a smartphone, tablet or computer. The mSzafir can be used at any place and any time, which is particularly important nowadays, when it is necessary to limit personal contacts in favor of remote work.

No. Confirmation of identity with mojeID or with the use of the KIR qualified certificate is done fully online – there is no need to visit the branch and confirm the operation again.

The process of the mobile application activation will only be completed positively by users who have a valid mSzafir long-term certificate. If you do not have such certificate, you will be asked to purchase such certificate to complete the activation process.

NOTE! If you choose the option to confirm your identity at a KIR branch when purchasing a certificate, the application will be activated by the employee of the branch.

If the client does not complete the process (e.g. does not generate a certificate or loses Internet connection) the client will receive a refund to the account within 30 days from making the payment – on the basis of a complaint submitted to KIR. Each time after payment for the selected product, the client receives an e-mail with a link to the certificate generation process. You can use this link to return to the process after making the payment. The link is not active anymore after the certificate generation.

mSzafir electronic signatures are compatible with eIDAS requirements and have legal effect equivalent to handwritten signatures. They give the possibility to sign documents (in PDF format) in the same way as with a qualified certificate saved on a cryptographic card. mSzafir can be used not only for relations with public administration, but also to sign company and private electronic documents in PDF format.

Here you will learn step by step how to sign a document with a one-time certificate and a document with a long-term certificate.

You can use the mSzafir service wherever you have Internet access (we recommend using only secure, trusted networks), on any device, wherever and whenever it is convenient for you.

1. You can download the latest version of the mSzafir mobile application offered in the application store for your device (App Store, Google Play) if you have a phone with one of the following operating systems at least in version:

• iOS 9.0
• Android 5.1

2. The mSzafir mobile application does not work on phones not offering the possibility to install external applications.
3. The mSzafir mobile application requires a mobile Internet connection. The application will not work on phones using a wireless WiFi connection.
4. It is possible to have up to 10 active applications on 10 different phones at the same time.
5. The application does not require an installed SIM card.

1. Internet access.
2. Browsers:

• Microsoft Edge from version: 80
• Google Chrome from version: 80
• Internet Explorer from version: 11
• Mozilla Firefox from version: 72
• Safari from version: 13

3. Mobile browsers:

• Safari from version: 13
• Samsung Browser from version: 11
• Google Chrome from version: 80
• Mozilla Firefox from version: 68
• Opera from version: 56
• UC Browser from version: 13

4. JavaScript is enabled in your browser.
5. Device memory access.
6. The platform accepts PDF files with a size not exceeding 5MB.
7. If identity is confirmed with a qualified certificate saved on the card, the following is required:

• qualified certificate on the card
• suitable card reader
• running Szafir SDK components
• cryptographic card supplier software (e.g. CryptoCardSuite)
• oracle Java v 1.8 build 202 software

One registered user can have a maximum of 10 mSzafir applications for a given PESEL number.

Activation and use of the mSzafir mobile application is necessary for each signature (only in the option with a long-term certificate – for 1 or 2 years). This means that the application is used to authorize your key pair. Here you will find information about where to download the application from and how to activate it on your mobile device in five quick steps.

NOTE! You don't need to install and use a mobile application to sign only one document, i.e. using a one-time certificate. The use of mSzafir application is only necessary for signatures with a certificate valid for 1 or 2 years.

The application does not allow working offline. When no connection is detected, the application allows you to check the connection status, and then displays the login screen. In the offline mode, the application does not allow to generate a one-time code needed to log in to the mSzafir portal or to affix a signature.

In the mSzafir portal, you can sign documents using a long-term certificate. In the portal, the user affixes electronic signatures, activates the mobile application, and has access to the certificates held. . Logging into the portal is done using the mobile application. If you have installed and activated a mobile application, click “Log in to the mSzafir portal” on website www.mszafir.pl. Enter the code generated in the mobile application and confirm that you are a KIR client. Then, click “Log in with mobile application” and confirm in the mobile application that you want to log in to the portal. After a while, you will be redirected to your account in the mSzafir portal. After logging into your account, you can view the available certificates, check the limit of signatures for each of them, revoke the certificate or view your active mobile applications.

If your mobile application is installed and active, go to the applications on your device. After the welcome screen, a login screen will appear – where you can enter the PIN you assigned during the mSzafir application activation.

Install the application on a new device and activate it using the option available after logging in to the mSzafir portal in the existing application. When you activate a new application, remove the application from the device you are no longer using.

If your mobile device on which the mSzafir application has been installed was stolen, contact the Hotline immediately to carry out the certificate revocation procedure and lock the mobile application. This way it will no longer be possible to use the application on the stolen device and thus to affix signature using your certificate.

Hotline: 801 500 207

A qualified certificate may be revoked in the mSzafir portal. Select a certificate chosen in the “Available certificates” tab, and click the “Revoke” icon. Then, you will be redirected to the certificate revocation form. Once the required data identifying the request has been provided, it shall be verified immediately by KIR. If the details are correct, the certificate will be revoked and it will not be possible to use it for signatures in the mSzafir portal.

A certificate can also be revoked directly by using a form.

NOTE! The revocation of a qualified certificate will make it impossible to renew its validity.

In the process of activating the mSzafir mobile application, one of the steps is to assign a PIN, which will be used to log into the application each time.

The PIN consists of 6 randomly selected digits, with no “obvious” combinations allowed, such as 111111, 123456, etc. If you select a PIN that is not random enough, the application will ask you to select a new PIN.

You can change the PIN for your mobile application whenever you want, without giving any reason. To change your PIN, select the “Settings” tab in your mobile application. Click “PIN change” option and assign a new PIN.

NOTE! PIN change is recommended if there is a risk that your PIN may be used to log in by unauthorized persons.

You don't have to install any software on your device to use mSzafir service – all you need is Internet access (we recommend using only secure, trusted networks). However, you need to install a mobile application for each signature to be affixed using a certificate valid for 1 or 2 years. Here you will find information on how to activate the application on your mobile device in five quick steps, using a selected method – at a KIR branch, with mojeID service or with a qualified certificate issued by KIR.

You have 24 hours to download a document with a long period of validity, counted from the time of its signing. After this time, the document will be permanently deleted from the “Signed documents” tab of your account in the mSzafir portal.

If you have used all the signatures from your purchased package, go to the store and buy a new certificate with the selected number of signatures. It is not possible to buy additional signatures without a certificate.

After payment, an e-mail with a link to continue the process is sent to the e-mail address provided in the order. Find it in your mailbox and click on the link provided to continue the certificate generation process.

A long-term certificate can be used to sign up to 20 documents at the same time.

NOTE! The document is available for download for 24 hours after its signing. After that time, the document will be permanently deleted. Therefore, do not close the browser window before downloading and saving the document.

• If you sign documents with a certificate valid for 1 or 2 years, you will find them on the mSzafir portal in the tab “Sign document” > “Signed documents”. You can download them and save them on your computer/mobile device or on the indicated carrier.

NOTE! The documents are available for download for 24 hours after signing. After this time, they will be permanently deleted from your account in the mSzafir portal. That is why, you need to remember to download and save them.

To use it, in the first step confirm your identity using mojeID service to which you will be automatically redirected. After logging into your bank and confirming the details, you will receive an automatically generated qualified certificate containing your first name, last name and PESEL, provided by the bank after authorization. The certificate is available for 15 minutes from its generation, which means that the document must be signed within this time.

• A long-term certificate (for 1 or 2 years) allows you to sign between 1,000 and 100,000 documents in PDF format (max 5 MB).

To use a certificate valid for 1 or 2 years, confirm your identity in the first step – you can do this using one of the three methods:

• with mojeID
• using a previously used qualified certificate saved on a traditional cryptographic card, issued by KIR
• at a selected KIR branch.

After the confirmation of identity, a qualified certificate containing the first and last name and the user's PESEL will be generated. Then, activate the mSzafir mobile application on your phone, which is necessary for affixing e-signatures. The number and time for their use depend on the package you have purchased.

You have 24 hours to download the document signed using a one-time certificate, counted from the time of its signing. Do not close the browser window before downloading the document. If you close the browser window, the document you signed will be permanently deleted.

The one-time certificate is available for 15 minutes from its generation. It means that it can not be reused after this time. In case you don't manage to sign the document, go to the store and buy a one-time certificate again. KIR shall not be liable for Internet connection errors or delays caused by faulty equipment.

Here you will learn step by step how to verify a PDF document signed using mSzafir.

The PIN is locked when you enter the wrong PIN three times in your mobile application. In such situation, you have to unlock the application using one of two methods:

• if your session in the mSzafir application is not active or your session has already expired, select one of two options:
  • if you have activated the application for the first time in the branch – go to the selected KIR branch, where an employee of the branch will activate a new application on your device after verifying your identity.
  • if you have activated the application for the first time remotely, go to portal mszafir.pl and select “Activate mobile application”, and then go through the process of identity verification with mojeID (currently it can be used in PKO Bank Polski, Inteligo, Pekao S.A. and mBank) or with a qualified certificate on the KIR card. When you go to the mSzafir portal, select the tab “Mobile applications” and the device. If you remember your PIN, click “Unlock”, and if not – click “Reset PIN”. Continue by following the instructions.
•  
•  
•  

The mSzafir mobile application can be locked in two cases:

• when you enter the wrong PIN three times. Go to question “Lock and reset of PIN in mobile application” to learn how to reset PIN and unlock the application.
• if you want to lock the application, e.g. when you change your mobile device or if it is stolen, select one of two options:
  • if your session in the mSzafir portal is active, go to tab “Mobile applications”, select the device on which you want to unlock the application and then click “Unlock”. The process of generating an unlock code, which you should enter in the locked mobile application, will begin.
  • if your session in the mSzafir application is not active or your session has already expired, select one of two options:
    
    - if you have activated the application for the first time in the branch – go to the selected KIR branch, where an employee of the branch will activate a new application on your device after verifying your identity.
    
    - if you have activated the application for the first time remotely, go to portal mszafir.pl and select “Activate mobile application”, and then go through the process of identity verification with mojeID (currently, it can be used in PKO Bank Polski, Inteligo, Pekao S.A. and mBank) or with a qualified certificate on the KIR card. When you go to the mSzafir portal, select the tab “Mobile applications” and the device. If you remember your PIN, click “Unlock”, and if not – click “Reset PIN”. Continue by following the instructions.