Governikus Logo
BSI Logo
On behalf of

Authenticate OpenPGP keys

Simple, secure, fast and anytime - with the electronic identity function of your ID card

Authenticate OpenPGP keys

Simple, secure, fast and anytime - with the electronic identity function of your ID card

Person with two devices

How it works

Make preparations

Keep your ID card with eID function and your smartphone handy.

Learn more about eID

Identify yourself online

Identify yourself online with your ID card using the free AusweisApp.

Learn more about the AusweisApp

Authenticate your OpenPGP public key

Check and authenticate your OpenPGP public key.

Learn more about OpenPGP

Receive e-mail

Take your OpenPGP key, authenticated by Governikus, from your e-mail inbox.

Visual sequence from left to right Visual sequence from left to right Visual sequence from left to right

The advantages

A certified OpenPGP key creates trust

Hand gives key to another hand

With an OpenPGP key, you can securely encrypt your e-mail communications and ensure that your messages and files cannot be read by unauthorized third parties. By authenticating your public OpenPGP key via the eID function of your ID card, you can achieve additional trust for your e-mail communication: the e-mail address assigned to the OpenPGP key is provided with your real name and you actually have access to the associated e-mail mailbox.

What is OpenPGP?

OpenPGP is a widespread and secure method for digitally encrypting messages and files and thus protecting them from access by unauthorized third parties. This encryption is based on a so-called public key method, in which everyone participating in a communication requires a key pair consisting of a public and a private key. On the one hand, the public key is published for potential mail contacts. This is used to encrypt messages or files sent to you. The private key, on the other hand, remains in your possession and should be protected with a secure password. With its help you can decrypt the encrypted messages or files

More information at:

Create an OpenPGP key

To create a key pair consisting of a private and a public OpenPGP key for your e-mail address, you can use existing software. Partially free software for different operating systems can be found on this vendor list

Please note that for a successful authentication, the stored name in the OpenPGP key corresponds to that of your credential!

To protect your private OpenPGP key from misuse, it is highly advisable to set a secure password for accessing the private OpenPGP key.

Other recommendations:
  1. For additional security, your OpenPGP key should not have an unlimited validity, but should have an expiration date of, for example, two years. This expiration date can be extended at any time - even if it has already been expired - via the private OpenPGP key!
  2. In the event that the private OpenPGP key has been compromised or the password has been forgotten, a revocation certificate should also be created for immediate revocation of the OpenPGP key.
Once the key pair has been created, you can export it. While you can publish your public key, you must explicitly protect your private key from misuse and loss! For example, you should copy it to a secure medium that is not accessible by third parties.

Using the authenticated OpenPGP key

You can attach your authenticated public OpenPGP key to your e-mail, for example, or include it in your e-mail signature or make it publicly available via your homepage. Please also note the individual settings for using the OpenPGP key in your e-mail program.

Public OpenPGP key from Governikus

Governikus provides the online service for authenticating your OpenPGP key on behalf of the German Federal Office for Information Security (BSI). This online service compares the name read from your ID card, your electronic residence permit or eID card for citizens of the European Union with the name specified in your OpenPGP key. If the names match, your public key is electronically signed by Governikus, confirming the match. The Governikus public key can be used to verify the Governikus electronic signature.

Governikus public OpenPGP key

Key identifier: A4BF43D7
Fingerprint: 864E8B951ECFC04AF2BB233E5E5CCCB4A4BF43D7

Hand gives key to another hand
Person with a smartphone in one hand and an ID card in the other.

Easy and fast with the eID function

Person with a smartphone in one hand and an ID card in the other.

Your ID card with eID function serves as proof of your real identity in the digital world. With the online ID function, you can identify yourself securely on the Internet. This allows you to deal with official procedures or business matters simply, securely, quickly and at any time.

For this you will need:

Your online ID card

You can use your ID card as your online ID. Alternatively, you can also use the electronic residence permit or the eID card for citizens of the European Union.
In this case, your ID card data will only be transmitted after you have successfully entered your self-selected, six-digit PIN.
More information at:

The AusweisApp

You can install the federal government's AusweisApp on your smartphone, computer or tablet free of charge. It allows you to read your online ID card and thus identify yourself digitally.
More information at:

Smartphone as card reader

To read your online ID card via the AusweisApp, you need a suitable NFC-enabled smartphone.
New Field Communication (NFC) is a transmission standard for exchanging data wirelessly over short distances. This is also used, for example, when paying with a smartphone. Nowadays, almost all smartphones are equipped with this technology. You can find a list of NFC-enabled smartphones here.

Alternatively, you can also use a suitable card reader.

Now authenticate your OpenPGP public key with the eID function.