Menu
Menu
Menu
Contact us

Terms of use

For the website: pgp.governikus.de

Status 09.03.2023

1. scope

1.1 These Terms of Use apply to the use of the service Authenticate OpenPGP Keys, which is provided by Governikus GmbH & Co. KG (hereinafter referred to as Governikus KG) on behalf of the German Federal Office for Information Security (BSI).

1.2 Deviating provisions do not apply unless they are expressly recognized in writing by Governikus KG.

2. object

2.1 The subject of these Terms of Use is the provision of the Open-PGP Key Authentication service as a web application that enables the upload of a public key and the online ID card function is used to match the data from the ID card. This public key is signed by the application and then sent to the ID card holder at a specified email address.

In detail, the application includes the following functions,

  1. Extraction of first and last names as well as possible academic degrees from the identity card.
  2. Creation of the user identifier, which is composed of the read data (first and last name and the specified e-mail address),
  3. Uploading the PGP public key via a web form, which is transmitted to the Governikus server, compared with the user identifier and assigned to it if it matches,
  4. Signature of the user identifier with the private key by means of an electronic signature without trust level
  5. Encryption of the signed certificate with the user's public key and transmission to the user's e-mail address.

The actions described in a) to e) together constitute the OpenPGP key attestation. This attestation is not an attestation within the meaning of the Attestation Act.

2.2 Only the electronic identity data from the ID card or the electronic residence permit or the Union citizen card is compared with the user identifier of the PGP key. No further checks, such as the cryptographic suitability of the key, are performed.

3. requirements

3.1 To authenticate a PGP key, the following are required

  1. a previously created PGP key,
  2. an identity card, or an electronic residence permit or a Union citizen card with activated online ID function,
  3. knowledge of the PIN for one of the means of identification mentioned under b),
  4. A card reader or NFC-enabled terminal device and the AusweisApp, as well as
  5. An e-mail address

of the users is needed.

3.2 Users may only use the service personally. It is not permitted to provide an e-mail address that is not assigned to the user.

 

4. costs

Governikus KG provides the service free of charge.

 

5. technical availability of the service

No assurances are made regarding the availability of the service. Governikus KG will strive for high availability by means of quality assurance measures.

 

6. restriction

The service may not be used for unlawful purposes, whether in violation of applicable law, regulatory requirements or third party rights. The Service may not be represented to third parties as its own service.

 

7. support

There is no entitlement to support or user assistance in any form.

 

8. revocation instruction (right of revocation for consumers:inside)

8.1 Right of revocation

You have the right to revoke this contract within fourteen days without giving any reason. The withdrawal period is fourteen days from the date of conclusion of the contract.

To exercise your right of withdrawal, you must send us (Governikus GmbH & Co. KG, Hochschulring 4, 28359 Bremen, Germany, telephone number: +49 421 204 95-0, e-mail address: onlineshop@governikus.de) by means of a clear declaration (e.g. a letter sent by post, e-mail) of your decision to revoke this contract.

8.2 Consequences of revocation

If you withdraw from this contract, we must refund all payments we have received from you, including delivery costs (with the exception of additional costs resulting from the fact that you have chosen a type of delivery other than the cheapest standard delivery offered by us), without delay and at the latest within fourteen days from the day on which we received notification of your withdrawal from this contract.

For this repayment, we will use the same means of payment that you used for the original transaction, unless expressly agreed otherwise with you; in no case will you be charged for this repayment.

 

9. data security, data protection

Governikus KG complies with the applicable data protection regulations, in particular those resulting from the EU General Data Protection Regulation (GDPR). Governikus KG will use the personal data transmitted to it solely for the purpose of authenticating OpenPGP keys and will not store it permanently. Everything else follows from the data protection declaration for the OpenPGP key authentication service.

 

10 Liability and warranty

10.1 Governikus KG assumes no liability for damages resulting from the use of the service, except in cases of gross negligence or intent.

10.2 Governikus KG is liable according to the legal regulations in case of intent or gross negligence, in case of injury of life, body or health of a person.

10.3 Governikus KG is not liable for the loss of data.

10.4 Since the service is provided free of charge, Governikus KG does not assume any warranty.

 

11. final provisions

11.1 If individual provisions of these Terms of Use are or become invalid, these Terms of Use shall otherwise remain valid. The invalid provision shall then be replaced by a valid provision that comes as close as possible to the economic result of the invalid provision. The same shall apply accordingly to loopholes in the contract.

11.2 Governikus KG reserves the right to adapt these terms of use at any time to changed legal or technical conditions, or with regard to further developments of the service or technical progress, whereby the basic functionalities of the service remain unchanged.

11.3 With regard to the entire offer of Governikus KG, the law of the Federal Republic of Germany applies exclusively.

11.4 Place of performance and exclusive place of jurisdiction shall be the Free Hanseatic City of Bremen.