# Personalausweis
Page contents
# About Personalausweis
Personalausweis is the German national ID card. It can be used for online authentication, as it includes an RFID chip that can be read by:
- a card reader on a desktop computer via the AusweisApp2 desktop application (opens new window)
- the standalone AusweisApp2 mobile app (opens new window)
- integrating the AusweisApp2 SDK (opens new window) into your existing mobile app.
In all cases, you can use Personalausweis for authentication and identity proofing, but the latter two require an NFC-capable mobile device.
Governikus GK (opens new window) delivers AusweisApp2. The service supplier of the Governikus infrastructure is Bundesdruckerei (BDR) (opens new window).
# Key features
Personalausweis can be used to verify the end-user’s identity and obtain relevant personal details about them.
Key features are:
- Personal information and a picture of the holder are visible on the card, but also stored in the card’s chip.
- Optionally, the chip can include additional information, such as the holder’s fingerprints and even an electronic signature (provided by a private company).
- Online authentication requires a PIN.
It is compulsory for everyone in Germany aged 16 or older to have an ID card or a passport. People under the age of 16 can also request the ID card, but the eID functionality will be switched off in this case. At 16, they can choose to have it switched on free of charge.
The following information can be obtained during authentication if the end-user agrees to it:
- Family name
- Birth name (if applicable)
- Given name(s)
- Doctoral degree (if applicable)
- Date of birth
- Place of birth
- Address
- Document type
- Nationality
- Religious/ artist name (if applicable)
- Issuing country
- Residence permit
See also Personalausweis attributes.
# Use cases
Personalausweis can be used for digital onboarding of new users, authentication of recurring users and also as part of the sign flow to be able to sign documents electronically:
Onboarding a new customer:
The end-user wants to sign up for insurance with a company that offers identity proofing through Personalausweis. Provided the end-user already possesses the Personalausweis card, they will be able to sign up remotely without having to enter any personal details manually.
Authenticating a recurring customer:
The end-user wants to log in to their insurance company’s website to review the conditions of their insurance policy. Their identity was already verified when they signed the insurance policy.
Authenticating during signing:
The end-user is asked to sign the insurance policy documents and uses Personalausweis to identify themselves as part of the electronic signing flow.
Technically, you use the same service in these use cases. However, you should consider how you set the ID method up in each user flow, since onboarding a new customer is a one-time occurrence, while authentication is a repetitive action for the customer.
# Authentication
Before the end-user can authenticate using the Personalausweis ID card, they must install AusweisApp2 on their device (computer or a mobile). They must also have the Personalausweis card reader at hand or alternatively an NFC-capable mobile device to read the card.
The authentication flow consists of the following main steps (for both mobile and computer):
- The end-user is informed that they must have AusweisApp2 installed on their device. If this is not installed, they are instructed to download the app (see Download AusweisApp2).
- The end-user selects the Start AusweisApp2 button on their device.
- AusweisApp2 displays the available Personalausweis attributes (you can configure which attributes should be displayed).
- The end-user selects the Proceed to PIN entry button.
- The end-user can now either use the card in combination with a card reader or an NFC-capable mobile phone.
- The end-user is prompted to enter their 6-digit PIN-code on the card-reader or mobile phone.
- Once verified, the end-user is redirected to your defined target page.
See below for image sliders of the computer and mobile flows.
# Authenticate with AusweisApp2 on a computer
The end-user has two options reading the Personalausweis card via a computer, either in combination with a USB card reader or with an NFC-capable mobile phone. This example shows the desktop application in combination with a card reader:
# Authenticate with AusweisApp2 on a mobile
This example shows how to identify with Personalausweis on a mobile:
Notes:
- In the mobile flow, the end-user places the ID card behind the mobile phone (instead of into the Personalausweis card reader).
- The second information screen ("We tried to launch your AusweisApp2") disappears automatically after a couple of seconds if AusweisApp2 is already installed. If not, this screen stays until the end-user selects the download button.
# Download AusweisApp2
If AusweisApp2 is not installed, the end-user is instructed to download the app.
From a computer, the download button goes to the Ausweisapp2 download page (opens new window).
From a mobile device, the end-user is directed to either the Google Play or App Store page.
The link at the bottom, "I'm on a computer/mobile device", is displayed in case the system misinterprets the device type. If so, the end-user can follow the link to the correct device screen.
# Signing
With Signicat's electronic signature solution, the end-user can use Personalausweis as part of the signing flow, e.g. to sign the insurance policy documents with Personalausweis.
Data from Personalausweis is classified as high level of assurance (LoA). This means it can be used with Signicat's electronic signature solution for Advanced Electronic Signatures (AES).
# Integrating with the Personalausweis through Signicat
Web integration with Personalausweis is done via the same API as Signicat's other ID methods. See Getting started with authentication for more information. Through the single point of integration, merchants get access to Signicat's wide portfolio of integrated ID methods, as well as other services like identity proofing.
# Personalausweis attributes
You can configure which attributes Personalausweis should return. Here is an example where all attributes are selected (in German):
# Response examples
Below are the responses from two test users with all attributes switched on (in English). Since neither of the test users has an academic or an artistic title, those fields are empty.
Attribute name | Example 1 | Example 2 |
---|---|---|
npa.birth-name | Gabler | |
npa.given-names | Erika | André |
npa.family-names | Mustermann | Mustermann |
npa.date-of-birth | Wed Aug 12 00:00:00 CEST 1964 | Wed Jun 17 00:00:00 CEST 1981 |
npa.artistic-name | ||
npa.academic-title | ||
npa.date-of-expiry | Mon Apr 05 00:00:00 CEST 2027 | Mon Apr 05 00:00:00 CEST 2027 |
npa.document-type | ID | AR |
npa.document-validity | Valid | Valid |
npa.issuing-state | D | D |
npa.nationality | DEU | AZE |
npa.place-of-birth | BERLIN | FRANKFURT (ODER) |
npa.place-of-residence | D:null:51147:KÖLN:HEIDESTRASSE 17 | D:null:03222:LÜBBENAU/SPREEWALD:EHM-WELK-STRAßE 33 |
npa.residence-permit | ERWERBSTÄTIGKEIT/BESCHÄFTIGUNG GESTATTET |
For a code example that includes a defined scope, see the OIDC response examples page.
# Test information
Signicat's test environment preprod.signicat.com is available 24×7 and may be used during your development and test phase.
After you register with Personalausweis as a service provider, you will receive a client ID which will allow you to access the testing environment.
# Personalausweis test card
To get Personalausweis test cards for your sales team, send an email stating the number of cards needed and a shipping address to the following email address: dif-eid@bsi.bund.de
This is an example test card: