sign-me

We will be pleased to assist you with any questions you may have regarding sign-me. Would you like to know about the sign-me requirements for your system environment? Or perhaps about the sales partners who you can contact? Then you have come to the right place. We can also offer you useful tips, security information and details of the sign-me software.

Remote signature with sign-me

File size: 851.5 KB

Format: PDF

Registration

As a private user, you can register and identify yourself on the web portal www.sign-me.de. Simply proceed as follows:

  1. Open the www.sign-me.de website in your browser.
  2. Click ‘Register’.
  3. Enter your data in the registration form and click ‘Continue’ to confirm. You will immediately receive an e‑mail with a confirmation link.
    Note: Please enter your personal data as shown on your ID card.
  4. Open the e‑mail with the confirmation link in your personal e‑mail box and click the link to complete registration.
    Note: If you do not receive an e‑mail from us, please check your spam folder.

You are now successfully registered. As the next step, you can log on to www.sign‑me.de to identify yourself.

As a user employed by a corporate/government customer, you will usually be directed from the signature process to registration and identification (in-band identification) if you do not yet have a sign-me account.

To register, please provide the following information:

  • First name
  • Family name
  • Mobile phone number (including the country code)
  • E‑mail address
  • Password
  • Consent to the Privacy Policy

Please ensure that you enter all personal data as shown on your ID document. Further data, such as academic title, nationality and home address, are added during the identification process.

When registering, sign-me users can choose between a mobile phone number or a German landline number for two-factor authentication of signatures.

If a landline number is selected, a PIN must be additionally specified for accessing the landline network TAN. In this case, although the respective telephone rings during the qualified signature process, the landline TAN is only announced after the PIN has been entered.

You can change to a different landline or mobile phone number, but the identification process will then have to be repeated.

The landline number must be entered directly during registration or can be changed at a later date. In order to change the number, please proceed as follows:

  1. Login to www.sign-me.de with your username.
  2. Go to ‘Personal data’ → ‘Mobile phone number’.
  3. Enter the new landline or mobile phone number in the box provided and accept the change by clicking ‘Save’.

Identification

The identification process for private users is as follows:

  1. Login to www.sign-me.de.
  2. Click ‘Identification’. Note: We recommend that you use the free online ID function of your ID card. To use this, you will need:
    • A notebook and a card reader or an NFC‑enabled smartphone
    • AusweisApp2 which must be installed and started on your notebook
    • The online ID function of your ID card activated and your PIN
  3. You can also opt to use Video‑Ident, Giro-Ident or the eID method offered by our partner identity TM. Please note that each of these three methods costs 50 coins. To opt for this, select ‘Other identification’. You will need the following for video identification:
    • A notebook with a microphone and camera or a smartphone
    • Your ID card or other means of identification, e.g., a passport
    • Follow the instructions provided by our partner identity TM

As a user employed by a corporate/government customer, you will usually be directed from the signature process to registration and identification (in-band identification) if you do not yet have a sign-me account. The costs are usually covered by the company/public authority and users do not have to purchase credit.

Registration with sign-me is followed by one-time identification. We currently offer the following methods of identification. All methods of identification except POS Ident are available on the web portal; the specialist applications and signature workflows may not offer all methods.

  1. Video‑Ident: You will need a desktop PC, laptop, smartphone or tablet in this case. All devices must have a camera and microphone. You will also need a stable Internet connection and your valid ID document at hand. If you wish to use a device other than your smartphone to identify yourself via Video‑Ident, you will still need a mobile phone to receive an SMS‑TAN. Our partner identity TM will check your identity in a video conference offered by our partner and conducted with you and a trained Video‑Ident agent. The Video‑Ident method has been evaluated for eIDAS conformity and its security has been confirmed. Your personal data will be fully protected during this procedure.

    Note: The Video‑Ident method can only be used with the following Windows, Android and iOS browsers: On a desktop PC, these are, in particular, Mozilla Firefox, Safari, Chrome, Edge and Opera. Unfortunately, it is not possible to use Microsoft’s Internet Explorer. On mobile devices, only Chrome can be used for Android and Safari for iOS devices.
     
  2. The online ID function (eID) of the ID card – you will need the following to identify yourself:
    • Your valid ID card with the eID function activated and your PIN
    • AusweisApp2 which must be installed on the device of your choice. This app is supplied by the German government free of charge at the following link: www.ausweisapp.bund.de/download/windows-und-mac/. The app must also be started on the desktop PC/laptop before use. When using a smartphone/tablet, AusweisApp2 will start automatically when used.
    • If you wish to identify yourself using a smartphone/tablet, this device must have an NFC-enabled interface. A list of compatible devices can be found at the following link: www.ausweisapp.bund.de/mobile-geraete/.
    • If you wish to identify yourself using a desktop PC/laptop, you will need a card reader for the ID card.
  3. eID-Ident: The following requirements must be met when identification is carried out via eID by our identification service provider identity TM:
    • Your valid ID card (or electronic residence permit) with the eID function activated and your PIN
    • Via smartphone: the identity app must be installed on your device (iOS/Android) and it must have an NFC interface. Start the identification process from sign-me in the browser. This will take you to the identity TM method selection page, where you will also be offered eID-Ident, among other things. Scanning the QR code will launch the identity TM app. Alternatively, you can launch the app and enter your last name and the reference number indicated on the method selection page. Then follow the instructions provided by the app and the agent.
    • Via desktop PC/laptop: As an alternative to identification via the identity app, you can identify yourself using an external reader on your desktop PC/laptop and Ausweisapp2. In this case, Ausweisapp2 must be installed and started. This app is available free of charge at the following link. After starting identification from sign-me in your browser, you will then be directed to the method selection page of identity TM where you can select eID. Follow the instructions provided there.
  4. Giro‑Ident: Giro‑Ident is an identification method in which an identity that has already been verified in compliance with the Money Laundering Act (e.g., a user with an active online banking account) is used to verify a new identity. For sign‑me, Giro‑Ident can be used with an active online banking account and a TAN method at participating financial institutions (currently: German savings banks, cooperative banks (Volksbank and Raiffeisenbank). Go to the identification page and check whether your bank supports Giro‑Ident. The process is as shown below:
    • The bank is selected from the list
    • The user is forwarded to the online banking portal of the participating bank and then logs in
    • The identification data to be transmitted to sign‑me is displayed
    • This data is confirmed and released by generating and entering a TAN
    • Transmitted data is checked and forwarded to sign‑me
  5. PoS‑Ident: PoS-Ident is an identification procedure in which a trained employee of a company/public authority identifies its users on site. In order to use PoS‑Ident either as a company or public authority, the following criteria must be met:
    • As a D‑TRUST customer, the company or public authority has concluded an agreement with identity TM
    • The PoS software is installed on the identifier’s device
    • The identifier has completed face-to-face or online training and has been additionally identified
    • The user has a mobile phone

The PoS‑Ident method can be generally completed in a matter of minutes. To do this, the identifier logs into the identity TM portal via the PoS software. The identifier collects the user’s personal data and takes a photo of the user’s ID card. The user checks the data collected and consents to further processing by entering an SMS‑TAN. The identifier compares the photo on the ID card with the user and then transmits the verified data of the user, which the user confirms by entering an SMS‑TAN. identity TM again verifies the data captured and then confirms successful identification of the user.

Note: Please note that private individuals using the identification methods provided by our partner identity TM (i.e., Video‑Ident, Giro‑Ident and eID) on the web portal will be charged 50 coins. Using the online ID function, you can identify yourself directly and currently free of charge on the sign‑me portal ‘Online with ID card (eID)’ (not: ‘Other identification’).

In the case of users from companies or public authorities, identification is carried out from the specialist application or the signature workflow – in this case, do not use the web portal. Identification processes are not paid with coins, but charged to the respective company/public authority.

For information concerning cost structures and the PoS method, please contact our partner identity TM.

Identification remains valid as long as the card used is valid, in any case for at least two years. You can see the validity of identification in the web portal under the ‘Identify’ menu item. The validity period of the certificates depends on the type of identification. You will be notified in due time by e‑mail that your certificate is due to expire and you will receive information regarding reissuance. We are obliged by law to inform you by e‑mail when new certificates are issued.

Video identification required for sign-me can be carried out with our identification service provider identity TM in both German and English. If the browser in which you are using sign-me is set to a language other than German, you will be put through to an identity TM agent who can perform identification in English.

Following identification using the Video‑Ident method, the online ID function of your ID card, Giro‑Ident or at a PoS, you can immediately sign with simple, advanced and qualified signatures. If you have any further questions regarding the different identification options, please refer to the FAQ: ‘What identification options are available and what do I need for this?’.

Signature creation and two-factor authentication

The visual placement of a signature can be carried out in a number of ways. To do this, go to ‘Sign your own PDF’ within the sign-me web portal.

After uploading a PDF document, you can place the signature on each page. Apart from the default options (top/bottom right/left), you can also position the signature freely (‘Place manually’).

You can now choose the page where the signature should appear. In addition to the default options (first page/last page), you can also select ‘Place manually’ in order to specify or navigate to another page at the bottom of the page view.

Special case: You can also skip the visual placement of a signature. To do this, simply select ‘Invisible’ under the ‘Position of the signature on the page’ item. This will not affect the legal validity of your qualified electronic signature. When creating a qualified electronic signature, only the electronic recording of the underlying signature certificate is important.

Note: If you as a company use sign‑me via your own specialist application, you can use the API to define where the optical signature field should be placed. If you use sign‑me via an integrated signature workflow from one of our partners, you can already determine there where the optical signature field should be positioned in the document.

The usual Windows, Android and iOS browsers are supported, i.e.:

  • Mozilla Firefox
  • Google Chrome
  • Microsoft Edge
  • Microsoft Internet Explorer
  • Safari
  • Opera

Note: With a view to browser use, special terms apply when identification is carried out by our identification service provider identity TM (see FAQ: ‘How can I identify myself with sign‑me?’).

Only PDF/A files with a maximum of 10MB can be signed on the sign‑me web portal.

When using sign‑me via the web portal, the PDF documents must be uploaded. When connecting via the API to your own or a partner’s workflow, it is also possible to upload only one hash value for signing. Some partner applications can also be used on premise, in which case there is no need to upload the documents to the partner system.

The sign-me 2FA (two-factor authentication) app can now be used as a convenient alternative to SMS-TAN. You can install this app on Android from the Google Play Store and on iOS from the Apple App Store. You will then need to connect the app to your sign-me account once. To do this, go to ‘Settings’ in www.sign-me.de and under ‘App login’ choose a PIN for the releases and scan the QR code with the sign-me 2FA app.

If you wish to use a different device, for instance, if you have a new smartphone, please start a new login under ‘Settings/App Login’ and the connection with the old device will then be cancelled.

If you want to use SMS-TAN again instead of the app, start a new login but do not complete it.

The app is intuitive to use. To sign, select ‘Sign with app', the app will automatically open on your smartphone and you will be requested to release the signature with your PIN.

It is not possible to upload and sign an encrypted document in the web portal or via a specialist application. Security is also guaranteed when using the sign-me web portal. Access from the web portal is TLS-encrypted. What’s more, the PDF file is also uploaded to the sign‑me server in the D‑TRUST security area. Only authorized administrators can access the sign‑me system. The signed documents are deleted after five days.

Personal data, contracts and data protection

You can change your personal data any time in the ‘Personal data’ section of your personal sign‑me account. If you have already been identified and if your personal data (including your mobile phone number) changes, you will be required to identify yourself again (this may be subject to payment of a fee). Only then will you be able to sign again. To do this, select the ‘Identification’ menu item after you have saved your changed personal data, and follow the instructions. If you forget your password and send a request, we will also be forced to block your certificate and to have you identified again.

When you register for your sign-me account, you must accept the Privacy Policy because we will need to process personal data in order to identify you. The data collected and used will be limited to the data required to confirm your identity in line with the applicable legal regulations. Identification service providers will delete the data after seven days.

As part of the process of creating your sign‑me account (registration, identification), you must accept the following documents:

  • General Terms and Conditions
  • Export conditions
  • Certificate Policy (CP)
  • Certificate Practice Statement (CPS)
  • PKI user information for qualified certificates
  • Subscriber agreement

In addition, you must accept the Privacy Policy of D‑TRUST and, if applicable, of identity TM, and you must consent to the generation of signature certificates for using sign‑me. After you have registered and identified yourself, you can access all the documents that you have acknowledged and accepted at any time in your sign‑me account under the ‘Use documents’ menu item.

Your sign‑me account can only be deactivated by D‑TRUST’s Call and Support Center. In this case, please send an e‑mail to support [at] d-trust.net and enter the username of your sign‑me account as the sender.

Certificates

As a sign‑me remote signature user, login to your sign-me account. Select the corresponding certificate in the sign-me account under ‘Signature certificates’. Now select ‘Revoke’. You do not need to identify yourself again to have your certificates reissued following revocation as long as your past identification is still valid and can be used again. To create new certificates, please go to the ‘Identification’ menu item and proceed as instructed.

In your sign‑me account, go to ‘Settings’ and select the ‘Repository’ menu item. Click the checkbox ‘Publish signature certificates in the future’ in order to decide whether or not you wish to have your future signature certificates published in D‑TRUST’s repository service. Interested parties, including those who are not sign‑me partners, who wish to obtain a signature from you can view the repository service to see which signature certificates you have. This repository contains information about each signature certificate issued (just like a telephone directory for signature certificates). Even without publication, sign‑me can be used to the full extent.

Certification and Validation

The remote signature solution sign-me, which is offered by qualified trust service provider D‑TRUST and used to create qualified electronic signatures, is certified. The accreditation body in charge is the Federal Network Agency, the conformity assessment body is TÜV IT and the certificate can be found here. D‑TRUST is a qualified trust service provider according to eIDAS, it is authorized to offer the qualified signature and is registered in the European Trusted List.

Open the signed PDF document in a PDF viewer that supports eIDAS validation, such as Adobe Acrobat Reader DC (under Windows and iOS only, not Android). Alternatively, you can also use the digiSeal reader from secrypt. After opening the signature window, you will see that

  • the issuer is an eIDAS-qualified trust service provider from the EU Trusted List, such as D‑Trust,
  • the signatures are ‘qualified’,
  • these are combined with qualified time stamps, where appropriate, and
  • that the signatories are the persons stated.

An embedded qualified time stamp is used both for the signature via the web portal and via connected workflow systems. This time stamp enables long-term validation of the signature.

Costs and signature credit

sign‑me can be used via a company's applications, e.g., for loan contracts, insurance policies, temporary employment contracts or applications to public authorities. The service is typically free of charge for the signatories, both during signing and identification, and is billed to the respective companies or public authorities.

If you wish to use sign‑me via the web portal as a private user, all you have to do is register with sign‑me. After you have registered, you will receive ten sign‑me coins. However, you will have to identify yourself before you can use sign‑me to sign. You can do this (currently free of charge) on the sign‑me portal using the online ID function. Please remember that each of the identification methods provided by our partner identity TM (i.e., Video-Ident, Giro-Ident and eID) costs 50 coins. You can then sign with qualified (5 coins per signature), advanced (2 coins per signature) and simple (free) signatures.

More information related to using the different signature levels (qualified, advanced or simple) can be found here in the FAQ section.

To top up your coins with sign‑me, please login to your sign‑me account. Then click the ‘Top up’ link in the menu or go directly to the shop of our partner REINER SCT. Please enter your username (sign‑me e‑mail address) here. You can then select a package, for instance, sign‑me signature credit with 500 coins (100 qualified signatures) or sign‑me signature credit with 25 coins (five qualified signatures). The package price also includes one-time identification as well as issuance of one certificate each for simple, advanced and qualified signatures. Once you have completed your purchase, you will receive an e‑mail with a link which you can use to initiate identification and top up the coins in your sign‑me account, if necessary. The company REINER SCT handles ordering, processing and billing.

More detailed information can be found in the Solutions & Products section.

You might also be interested in

Order your online signature

Would you like to order one of our products? Then you have come to the right place. If you are a public agency, please contact us through our public agency support.

Order

Service & Support

We have a comprehensive service portal that you can use to contact our support team in a quick and convenient manner. You will find there the support you need if you have technical problems along with information on the requirements for our solutions and possible applications as well as the respective documentation and price lists.

Service & Support

FAQ - Frequently Asked Questions

We have compiled the answers to frequently asked questions here for you.

Find out more