[haukem]

This is not indented as a bullet prove government authentication system, if you need this use the eID card directly.

The goal is to have a CA for (existing) OpenPGP keys which checks if the name in it is matching the one from the identity card. When you sign a PGP key to tell that you trust it you should compare the name in the identity card or passport with the one from the key, this system does it automatically.

One tricky part is that many people like me leave out some names in the PGP key. In the first implementation of the PGP signing service it only ensured that at least one first name and one last name is also in the PGP key. I do not know if this is still the case.

The German Federal Office for Information Security (BSI) is supporting GPG4Win since many years, see for example here: https://www.golem.de/news/bsi-deutsche-behoerden-bekommen-gp...

Disclaimer: I worked for Governikus some years ago and worked on the initial version of this service.

[codethief]

> I worked for Governikus some years ago and worked on the initial version of this service.

Do you happen to still know some people at Governikus? I've been wondering for years why their AusweisApp2 is so ridiculously bad. (For everyone else: It's the official government app to scan the NFC chip in your ID to use it for authentication online.) I have not been able to authenticate successfully even once in all these years. Every single time the app keeps telling me I should scan my ID again, and again, and again. Contacting Governikus support has been completely useless as well, and the reviews on the Google Play Store speak for themselves I think.

Why is it so hard to fix this and why does Governikus support keep pretending I'm simply not scanning my ID "correctly" (i.e. holding my ID against my phone in the right way) when clearly the app is not working properly?

[kuschku]

I've been using the ausweisapp on several phones, it's always worked reliably.

But you have to hold the ID in the spot for NFC scanning for a solid minute, including while you type the PIN.

[codethief]

> But you have to hold the ID in the spot for NFC scanning for a solid minute, including while you type the PIN.

And I did. I have tried all kinds of ID <> phone positions (I also looked up where exactly the NFC chip is in my phone) and always made sure not to move ID at all while scanning it.

I have even tried it on other phones, and I also asked several friends. No one has been able to use the app successfully.

[kuschku]

I've had it working on several Google Pixels, Nokias, and Sony Xperias. With the eID of myself and several friends.

Try if you can reliably read and write simpler NFC cards (e.g. a Mifare card as common for eTicket or university cafeteria cards). I'd like to see if it's something NFC-related or related to the eID specifically.

I'll make sure to continue to check this thread for a reply from you, as I'm now genuinely interested in what's going wrong here.

[codethief]

Thanks so much for trying to help me! I appreciate it.

I don't have any other NFC cards, unfortunately. But I've tried it on a BQ Aquaris X Pro, Google Pixel 3a and Google Pixel 5 (my current phone).

Also, the app manages to read my ID initially (it displays some personal data of mine) but then it asks me to scan the card another couple times and the third or fourth readout then fails (every single time) and I end up being back to square one (because I need to start the whole authentication process again).

[kuschku]

> Also, the app manages to read my ID initially (it displays some personal data of mine) but then it asks me to scan the card another couple times and the third or fourth readout then fails (every single time)

Then it's definitely a case of bad positioning. The app has a limit of three or four attempts, so you're definitely running into that, but if you're seeing the app able to read some data but not reliably, then you don't have the card in the right position.

It may be that while positioning the card you, unknowingly, put it in the right position for a short moment, which allows it to read some data, but by the time it's actually trying to authenticate, you're already out of position.