OpenPGP is a widespread and secure method for digitally encrypting messages and files and thus protecting them from access by unauthorized third parties. This encryption is based on a so-called public key method, in which everyone participating in a communication requires a key pair consisting of a public and a private key. On the one hand, the public key is published for potential mail contacts. This is used to encrypt messages or files sent to you. The private key, on the other hand, remains in your possession and should be protected with a secure password. With its help you can decrypt the encrypted messages or files

More information at: openpgp.org.

To create a key pair consisting of a private and a public OpenPGP key for your e-mail address, you can use existing software. Partially free software for different operating systems can be found on this vendor list

Please note that for a successful authentication, the stored name in the OpenPGP key corresponds to that of your credential!

To protect your private OpenPGP key from misuse, it is highly advisable to set a secure password for accessing the private OpenPGP key.

Other recommendations:

1. For additional security, your OpenPGP key should not have an unlimited validity, but should have an expiration date of, for example, two years. This expiration date can be extended at any time - even if it has already been expired - via the private OpenPGP key!
2. In the event that the private OpenPGP key has been compromised or the password has been forgotten, a revocation certificate should also be created for immediate revocation of the OpenPGP key.

Once the key pair has been created, you can export it. While you can publish your public key, you must explicitly protect your private key from misuse and loss! For example, you should copy it to a secure medium that is not accessible by third parties.

You can attach your authenticated public OpenPGP key to your e-mail, for example, or include it in your e-mail signature or make it publicly available via your homepage. Please also note the individual settings for using the OpenPGP key in your e-mail program.

Governikus provides the online service for authenticating your OpenPGP key on behalf of the German Federal Office for Information Security (BSI). This online service compares the name read from your ID card, your electronic residence permit or eID card for citizens of the European Union with the name specified in your OpenPGP key. If the names match, your public key is electronically signed by Governikus, confirming the match. The Governikus public key can be used to verify the Governikus electronic signature.

Governikus public OpenPGP key

Key identifier: A4BF43D7
Fingerprint: 864E8B951ECFC04AF2BB233E5E5CCCB4A4BF43D7

You can use your ID card as your online ID. Alternatively, you can also use the electronic residence permit or the eID card for citizens of the European Union.
In this case, your ID card data will only be transmitted after you have successfully entered your self-selected, six-digit PIN.
More information at: personalausweisportal.de/en

You can install the federal government's AusweisApp on your smartphone, computer or tablet free of charge. It allows you to read your online ID card and thus identify yourself digitally.
More information at: ausweisapp.bund.de/en

To read your online ID card via the AusweisApp, you need a suitable NFC-enabled smartphone.
New Field Communication (NFC) is a transmission standard for exchanging data wirelessly over short distances. This is also used, for example, when paying with a smartphone. Nowadays, almost all smartphones are equipped with this technology. You can find a list of NFC-enabled smartphones here.

Alternatively, you can also use a suitable card reader.