Help with our D-Trust Signature and Seal Cards

Do you have any questions about our D-Trust Signature and Seal Cards? We are happy to help. Check out our FAQs - you might find the answer to your question there. You can also reach us Monday to Friday from 7am to 6pm by calling the following phone number: + 49 (0)30 2598-0. 

FAQs - Frequently Asked Questions about our D-Trust Signature and Seal Cards

Here, you will find answers to questions customers frequently ask us. You can order our Signature and Seal Cards via the D-Trust Portal , using a one-time registration.

Ordering cards

According to legal requirements, ordering a signature or seal card must always be accompanied by the personal identification of the applicant. This is prescribed by the eIDAS Regulation for trust services. For this purpose you are required to present an official identification document (e.g. ID card), passport, or electronic residence permit (eRP), which is valid for at least four weeks from the point of submission.

Please note: Only authorised signatories of an organisation can apply for a seal card.

You have the following identification options when submitting your application:

  • PostIdent : Complete your application documents and confirm your identity at a post office using the PostIdent process. Submit an application here.
  • NotarIdent: Complete your application documents and confirm your identity using a notary. Submit an application here
  • EmbasssyIdent: Complete your application documents and confirm your identity using a German embassy abroad. Submit a request here.
  • IHK: More than 60 Chambers of Industry and Commerce across Germany offer a member service for signature cards. You will be guided through the application process and your identity will be confirmed at the same time. You can find a list of participating IHK offices here.
  • D-Trust registration offices: We allow customers who have a higher demand of signature or seal cards to use their own identification process for their customers or employees. If your organisation wishes to become a registration office, please contact the D-Trust sales department (vertrieb@d-trust.net). For authorities and public agencies, D-Trust offers the agency identification process BehördenIdent. You can find more information here.
  • D-Trust on site in Berlin: Please contact us at service@d-trust.net.

Depending on the card type, all cards can currently can either be ordered via the D-Trust portal, or via special application pages. This page explains which link can be used to order your card: Ordering signature and seal cards. 

Please use this link to order your follow-up card. 

Currently, only first-time orders for cards of the generation 4.x can be submitted via the D-Trust portal. 

Do you have a D-Trust signature card which is about to expire? If so, you can apply for a follow-up order here.

In addition to applying for a follow-up card electronically via the SMS TAN process, you can also request an order password to apply for a follow-up card digitally. After requesting the order password, it is generated by us and posted to you.

We offer a simplified application procedure, provided that the following two conditions are met:

  1. Your name has not changed.
  2. No more than 180 days have passed since the expiration of your previous signature card.
  3. The ID you submitted for identification purposes with the previous card is valid for at least four more weeks.

As part our simplified application procedure, you do not need to submit an ID document to request the follow-up card.

Please note: A follow-up application for seal cards is not available.

Generation 3.x cards can no longer be ordered as of September 2021.

A shop code enables your organisation to offer its own section in the D-Trust portal, if required. This section may include, for instance, a limited product selection or special identification procedures.

The shop code works like a key for accessing your organisation’s area. Please enter the shop code once after you have logged into the D-Trust portal. To do this, select ‘+Shop’ in the navigation bar. Once you first visit this page, your organisation’s shop will automatically appear every time you visit the website and will remain there. You must always be registered and logged in to use the application portal and a shop code.

Have you completed the identification process and sent all necessary documents to D-Trust? This must be done before your card can be made. The production of your signature or seal card undergoes several processes: From checking completed documents to certificate creation. Therefore, please allow for some time between requesting the signature or seal card and receiving it.

When you log into the D-Trust portal dashboard, you will see all the required steps alongside your order. At the end of the order process, you will also be provided with a checklist, which can help you with additional order processing and your personal identification.

You can find your current order status in the dashboard or your personal order overview under “My orders.” All steps from application checks to card production and dispatch are shown.

The following indicates your order status:

  • Open (blue): Your order has been submitted in the portal and various documents are available to you to download. D-Trust is waiting for you to post your application and identification information.
  • Waiting (red): An error was detected while checking your information, or your information is not yet complete. Our customer service team will contact you. Your card cannot be produced at this stage.
  • In Production (yellow): The certificate data is being created by D-Trust and the card will soon be produced.
  • Dispatched (yellow): Your card has been sent by recorded post. You will receive your card in the next few days.
  • Completed (green): The order has been fully processed and all the information (card & PIN letter) has been delivered to you. From now on you will find all information in the portal under “My Products.” Completed orders are moved from the order overview to the archive.

You can find your current product status in the dashboard or your personal order overview under “My products.” The validities of your cards are displayed here.

Products can be active or inactive.

  • Active: The product is available and valid.
  • Inactive: The product certificate is either expired or it has been revoked.

Products are displayed with the following status:

  • Valid (green): The product is ready to be used.
  • Not activated (blue): The product is still awaiting the activation of certificates. For orders via the D-Trust portal, certificates are automatically activated approx. 24 h after dispatch.
  • Revocation in progress (red): Revocation was actively requested via the D-Trust portal. The system takes a few minutes to process this task. This view can be updated manually if necessary.
  • Revoked (red): The product has been cancelled by the user or by a third person authorised to revoke the product.

Certificates for qualified signature cards are always issued to the applicant (natural person).

You can also have the name of the organisation where you are employed included in the certificate. In this case, an authorised signatory of the organisation must sign the ‘organisation affiliation certificate’ (OZB) for your application. The OZB form is generated during the application process and must be sent to D-TRUST along with the application documents.

Please note: Seal certificates (made out to legal entities) always include the name of the organisation. Only authorised signatories of an organisation can apply for a qualified seal card.

We offer two signature cards that include your profession.

Please use the following application page to order a signature card for individual signatures with your profession included.

You can receive a batch signature card for up to 100 signatures alongside your profession for each PIN entry.

A profession can only be included on the certificate for occupations represented by chambers or associations. Proof of D-Trust registration is required. For example, a confirmation of the relevant chamber or association can be submitted.

It is currently not possible to apply for signature cards with a profession included in the certificate via the D-Trust portal.

Partnered with more than 60 Chambers of Industry and Commerce across Germany, D-Trust offers a member service for signature cards. You will be guided through the application process and your identity will be confirmed at the same time. You can find a list of participating IHK offices here.

For experts who participate in electronic legal communications with courts a fact sheet that explains the procurement and use of signature cards can be accessed via the following link:

In addition, more detailed FAQs regarding the IHK expert card can be found using this link:

For publicly appointed and sworn experts in craft occupations , D-Trust offers a special application page. If this applies to you, please use this application page to order your signature card.
 

Card activation and installation

For security reasons, D-Trust provides all PIN and PUK codes via a PIN letter that is sent separately for each card. In addition, you will automatically receive the link to download the D-Trust Card Assistant software when D-Trust produces your card. We recommend that you always use the must current version of D-Trust Card Assistant.

This letter contains a Transport PIN, a Card PIN and a PUK for signature cards. When you activate your card, create your own signature PIN to replace the Transport PIN. Only once this has been completed is it possible to place qualified electronic signatures on your documents using your card. The Card PIN is provided for encryption and authentication on the advanced certificate stored on the card. We recommend replacing this card PIN by a PIN of your choice as well.

PIN letters for seal cards only contain a Transport PIN. You will set your customised seal PIN during the activation process. There is no Card PIN for seal cards, because they are only delivered with one certificate per card.

Please also note the quick guide provided on the topic. There and in the video, you will learn step by step how to activate the D-Trust Signature and Seal card.

If you enter an incorrect card PIN more than 3 times, the respective card will be locked.  To unlock the card, you will need your PUK and D-Trust Card Assistant software, which is also used to activate the card.
We recommend that you always use the must current version of D-Trust Card Assistant. The software is always made available to you for download when the card is sent to you.

Please note:

  • All generation 3.x cards are delivered with a card PUK and a signature or seal PUK. These two PUKs can only unlock the associated PIN. It is not possible to unlock the Transport PIN for these cards.
  • All generation 4.x cards are delivered with a PUK that can unlock the transport PIN, the card PIN as well as the signature or seal PIN. D-Trust Card Assistant, version 3.8.0.2 or higher, must be used for these cards.

One activation each is necessary to make it possible to check certificates.

  • All certificates of cards ordered via the D-Trust Portal are automatically activated approx. 24 h after the cards are sent. It is not necessary to confirm receipt of the card and PIN letter. Please contact our support team (support@d-trust.net), if you have not received your card within 14 days after being notified of dispatch.
  • For cards ordered via an alternative application (e.g. follow-up cards or profession cards), you must confirm receipt of the card and PIN letter. Please use the  SMS TAN method or return the receipt confirmation included with the PIN letter after signing it to D-Trust. Your card is activated only after D-Trust has received your confirmation and you can then create valid signatures.

Revoking signature and seal cards

If you have lost your signature or seal card, or it has fallen into the wrong hands, you must immediately revoke your certificates. Information about revocation can be found here.

Pursuant to the eIDAS regulation, a trust service provider (D-TRUST) must immediately revoke a qualified certificate if:

  • this is demanded by a signature key holder or their representative (third party authorised to revoke).
  • the certificate was issued on the basis of incorrect information.
  • the trust service provider discontinues its activities and these activities are not continued by another trust service provider.
  • the certificate holder (you) fails to fulfill their contractual obligations.
  • other reasons for revocation were stipulated in agreements.
  • the applicant complained that they did not receive their card and PIN letter within 14 days after receipt of a shipping notification.

As soon as you no longer need your signature or seal card, you can have it revoked or destroy it yourself – for instance, by using a hole punch – in order to destroy the chip. Please remember that you will need this card and its keys and PINs to once again decrypt any data that was encrypted using this card. Since you will still need the card for data decryption, you should store it in a secure location.

SMS TAN method 

D-Trust offers the option to use SMS-TAN for orders that were not submitted via the D-Trust portal. This also applies to all orders submitted to D-Trust before December 2021, or orders made after this date via alternative application routes (e.g. via D-Trust partners, customers, or resellers). 

If you have registered as a customer in the D-Trust Portal, the SMS-TAN method is not used. Products ordered via the portal do not support the SMS-TAN method. 

If you have not yet requested a signature or seal card, you can enter your mobile phone number as part of your first-time application. This exclusively applies to cards that were not ordered via the D-Trust portal. Your phone number is then exclusively stored with D-Trust for this purpose and can be used for the SMS TAN method.

There is also the option to register your mobile number later. To do this, you will need the registration secret that we already sent by post to the registered address for your signature card. Request your registration secret here.

Please note: If you have registered as a customer in the D-Trust Portal, the SMS-TAN method is not used. Products ordered via the portal do not support the SMS-TAN method. 

The SMS-TAN method has the following advantages:

  • Electronic activation
    Please confirm receipt of the card and PIN letter via SMS TAN. The card is typically activated within 30 minutes. However, due to system requirements, this can take up to 24 hours in some cases. You will in any case receive e mail confirmation and you can then immediately begin using your signature card.

Please note: If you ordered your card via the D-Trust Portal, activation is not necessary.

  • Electronic revocation
    If you suspect that your signature or seal card is being misused, you can have it revoked easily and quickly via SMS/TAN  in the revocation portal.

Please note: Please note that all cards provided via the D-Trust Portal cannot be revoked using the SMS/TAN method. These cards can be revoked once you have logged into the D-Trust portal. More information about certificate revocation can be found here.

  • Electronic request of a follow-up card 
    To order a follow-up card, you can use the SMS/TAN method as a digital alternative. If all requirements are met, the request is electronically sent to D-Trust. Dispatch by mail to D-Trust is not necessary.
  • Online card/replacement card claim
    When a claim is submitted for a signature or seal card, your application information will be displayed when the SMS/TAN method is used. Thus, it is not necessary to re-enter your information. 

Alternatively, you can request a replacement card from D-Trust by completing a new request.

Please note: For cards ordered via the D-Trust portal, the claim option can be found directly in the portal. More information about claims regarding your signature or seal can be found here.
 

BehördenIdent

BehördenIdent can be used to provide employees of a public authority with signature and seal cards. Requests for cards can be submitted in a simplified application procedure that includes the legally required identification of the applicant. The procedure is available to all federal, federal-state and local authorities.

Certain entries, such as occupational attributes or organizational data specific to an authority, can be pre‑set in the application pages. Applicants also benefit from the fact that they are identified directly on site by identification staff from their own authority and do not have to identify themselves using the PostIdent procedure, for example.

In order to use the BehördenIdent procedure, a contract must be concluded with D‑Trust. This can also be carried out by a higher‑level authority. As soon as the contract is in place, lower‑level authorities can be included in this contract as so-called Ident units.

The contracting partner must name a manager to D-Trust who is then responsible for the BehördenIdent units. This manager can then appoint employees as identification officers authorized to issue seals.

Public authority seals and specimen signatures must be deposited with D‑Trust in order to verify applications.

Every authority in Germany (at federal, federal-state and municipal level) can use BehördenIdent to help their employees to apply for signature and seal cards. The procedure is attractive for all authorities

  • looking to equip many employees with signature cards because this is required for new administrative procedures,
  • who wish to make it as easy as possible for their employees to apply for signature cards by guiding them through the application process and providing the necessary identification directly on site. Senior representatives of public authorities, in particular, can now be conveniently provided with a signature card. 

A seal custodian is a civil servant authorized to use the official seal on behalf of the respective public authority.

Please contact our sales department and send an e-mail to: vertrieb@d-trust.net. Our colleagues will be pleased to explain the procedure, discuss your requirements and, if you wish, prepare an individual offer and the relevant contract documents for you.

Please report the loss of a card to D‑TRUST immediately. The same applies if you suspect card misuse. In cases like these, you should have the card revoked immediately. After that, all the signatures generated with this card will be classified as invalid.

Revocation can be requested in writing or online via the customer portal (https://my.d-trust.net/sperren). For organizational purposes, a person authorized to revoke the card is appointed for each card and D‑TRUST then provides this person with a revocation password.

D‑Trust offers the following products in conjunction with BehördenIdent:

  • Single signature cards
  • Batch signature cards for up to 100 signature processes
  • Multi-signature cards
  • Single seal cards
  • Multi-seal Cards

Information about the organization (issuing authority) or professional attributes can be automatically stored for the applicant. When you use the BehördenIdent process, there is no need to check the data in individual cases, since the organization’s details have already been checked and stored centrally at D‑TRUST when the BehördenIdent contract was concluded.

No. With BehördenIdent, all of a public authority’s applicants are identified on site by the respective designated seal custodians who send the identification data together with the application directly to D‑TRUST. Prior to this, a check is also carried out to ensure that the necessary documents are complete.

All applicants must be employees of the respective authority that is registered as an Ident unit with D‑Trust. Identification of non-agency applicants is not possible in this process. Applicants must always present a valid identification document (ID card or passport) to the identification officer.

The cards ordered can be sent directly to the applicant by registered mail. Alternatively, the cards can be sent centrally to the seal custodian who can then issue them to the applicants.

For security reasons, the PIN letters are always sent directly to applicants.

General questions

To use your signature or seal card, you will need a card reader and additional software, depending on the application you wish to use. 

You can purchase suitable card readers, middleware or signature software from REINER SCT in the Bundesdruckerei shop.

Certain applications, such as Microsoft Outlook, Lotus Notes or Firefox, do not communicate directly with the reader and require middleware (e.g. Nexus Personal). D-Trust works with many manufacturers of signature software. You can find at list at the end of these FAQs.

Here you will find an excerpt of current applications that support qualified electronic signatures.

The application of the EU product database EPREL (EU Product Database for Energy Labelling) requires the use of qualified seals. Please order at least one qualified seal card (individual seal card, D-Trust Card Standard seal) via the D-Trust portal. If you already have a D-Trust Multi-seal card, you can also use this card.

The use of the D-Trust Qualified Seal ID is not permitted for the EPREL application.

The application of the EU product database EPREL (EU Product Database for Energy Labelling) requires the use of qualified seals. One special feature is the required entry of the so-called organisation identifier (pursuant to Standard ETSI EN 319 412-1) in the EU portal interface of the EPREL application. 

In order to read out the organisation identifier from your D-Trust seal card, you will need the D-Trust Card Assistant software. This will be provided for you as a free download when you order a seal card from D-Trust. Please observe the instructions in the PDF guide on reading out the organisation identifier.

The seal card is only used once to add a seal to the company registration information stored with EPREL and thereby confirm it. This seal is required both for newly added companies, as well as for companies that have been registered with EPREL for a while. The company information whose origin and identity are confirmed in this way are stored in the EPREL database.

A standard signature or seal card is designed for individual signatures for each PIN entry in the workplace. Batch and multi cards differ from standard cards as they allow for multiple signature processes with a one-time PIN entry. 

In addition, the cryptographic keys used in the cards also differ. While the standard cards work with RSA keys, multi-sign cards use ECC-based keys.

D-Trust multi-sign cards are secured environments, such as server rooms. f you need multiple signatures in your office, please use the D-Trust Card M100 for batch signatures of up to 100 per PIN entry. 

D-Trust does not offer batch processing cards for qualified seals.

In all cases, special licensed signature software is required to use a multi-sign card.

Our cards at a glance:

Card designation Application area Number of documents processed per PIN entry
Signature D-Trust Card 4.1(a) Standard Signature per 1 document
Signature D-Trust Card 4.1(a) M100 Signature up to 100 documents
Signature D-Trust Card 4.1(a) Multi Signature unlimited
Seal D-Trust Card 4.4 Standard Seal per 1 document
Seal D-Trust Card 4.4(a) Multi Seal unlimited

Unlike a signature card, the certificates of a seal card are issued to a legal entity (e. g. a public agency or organisation). Since no natural person is named in the seal card certificate, a seal card can be used by all authorised employees. Seal cards are always used when a stamp or confirmation by an organisation is required (e. g. certificates, notices, etc.).

Below is a list of signature software from various manufacturers that you can use with our signature cards .

The certificate of a signature card contains the following personal data: family name, first name (name used) and optionally an email address.

Please note that especially in the case of several first names, the preferred first name (name used) should be stated in the application process. The number of characters in the certificate is limited, so the name used is employed.

In addition, organisational information, profession or further certificate extensions, such as pseudonyms or monetary restrictions, can be entered in the certificate.

You can have a pseudonym in your certificate. The pseudonym will then appear in the certificate instead of your name. This will be indicated by ":PN".

A fee is charged for each pseudonym which can be assigned just once.

Pseudonyms requested for D Trust standard cards or for a D-Trust Multicard 100 are generally assigned by D-Trust.

A chosen pseudonym that, for example  refers to the company name or describes the purpose of the signature card, can be entered in the application in conjunction with a D-Trust Multicard. If the pseudonym selected already exists, we will have to reject or number your selected pseudonym.

It makes sense to enter a pseudonym, for example, when multi-sign cards are used for electronic invoice management.

Please note: Many eGovernment applications cannot be used if the certificate contains a pseudonym. Pseudonyms are generally not used on seal cards.

No, a signature card that has been issued to a natural person may only be used by this person. All legally binding declarations made in this way are always deemed to be made by the owner of the certificate, no matter who actually used the signature card. Therefore, you should always take particularly good care of your signature card, store it in safe place and never disclose your personal PIN. Please cancel your card if you suspect it has been misused.

Please note: A D-Trust seal card that has been issued to a legal entity can be used by several authorised individuals.

You can purchase additional products for your signature or seal card, such as readers, in Bundesdruckerei shop at REINER SCT .

The following devices have been tested with our generation 4.1 cards:

  • cyberJack RFID standard
  • cyberJack RFID komfort
  • cyberJack one
  • cyberJack wave 

The device cyberJack e-com is not recommended for use with our current cards.

Card readers can be purchased in the Bundesdruckerei shop at REINER SCT .

You can order additional cards issued in your name. You can find the appropriate links to the product you require in our order overview.

Have you already posted all required documents? This must be done before your card can be made. The production of your signature or seal card undergoes several processes: From checking completed documents to certificate creation. Therefore, please allow for some time between requesting the signature or seal card and receiving it.

  1. The status of your orders and existing products is displayed directly in the dashboard of the D-Trust portal. Please log in to the D-Trust portal to query the status. 
  2. If you did not use the D-Trust portal for your order, you can query your card’s processing status online with D-Trust GmbH. To do this, go to status query and enter your individual request ID there, which you will find at the top right of the request form.
  3. To view your follow-up card’s processing status, please go to  status query for follow-up cards.

For security reasons your PIN letter will be sent to you two days after the signature or seal card was sent.

Please first contact our support team to address potential causes. You can find additional information about filing claims regarding our card products here.
 

You will receive an email from us in time stating that your signature or seal card is due to expire.

You can then request a follow-up card for your signature card. Please submit your follow-up card request here.

We offer a simplified application procedure, provided that the following two conditions are met:

  1. Your name has not changed.
  2. No more than 180 days have passed since the expiration of your previous signature card.
  3. The ID you submitted for identification purposes with the previous card is valid for at least four more weeks.

As part our simplified application procedure, you do not need to submit an ID document to request the follow-up card.

Please note: A follow-up application for seal cards is not available.
 

Adobe Reader automatically recognises signatures in documents and allows you to view a signature window. This window displays valid signatures with a green mark and you can see further details.

If Adobe Reader shows the signature as unknown, you can update the trust services.

In your Adobe Reader, go to “Edit” and select “Settings.” You will find the item “Trust Services” here. At this point, you can trigger an update to the latest version of the Adobe Trusted List and the European Trusted List. After an update, the previously unknown signature should be shown as valid when checked again.
 

LDAP stands for “Lightweight Directory Access Protocol.” It is essentially the public telephone directory for digital certificates. Here you can query the status of certificates in the D-Trust directory service .

Depending on the certificate product selected, the certificates are published in the LDAP directory service. For signature and seal cards, you can select in the application process whether you would like to use this option.

Please note in this regard that some applications require publication in the LDAP. These include, for example, the Federal Procurement platform and the Emissions Trading Authority.

You can revoke consent to publish certificates in the D-Trust online certificate database effective for the future at any time. Please indicate your application ID on the written revocation request and send it to to D-Trust GmbH, Antragsbearbeitung (application processing department), Kommandantenstr. 15, 10969 Berlin, Germany.

If you decide to opt out of D-Trust’s online certificate database entries, this decision cannot be reversed at a later date.
 

83957D74-EDC5-464B-BF6C-C02F109A766D

Initialization of your D-Trust Card

Piktogramm für Support
D-Trust
Support
+49 (0) 30 2598 – 0