This website contains information about the root certificate authority CVCA-ePass operated by the Federal Office for Information Security (BSI).
The CVCA-ePass represents the national trust anchor of the authorization PKI, that grants access to the passport function of official ID documents, by endowing the Document Verifier (DV) at the next hierarchical level with the necessary access rights.
The certificates used in the ePass-CVCA PKI are self-descriptive Card Verifiable Certificates (CV-certificates) compliant with the ISO Standard 7816 (ISO/IEC 7816-4:2005, ISO/IEC 7816-6:2004, ISO/IEC 7816-8:2004).
The current main public key is available as self-signed certificate (CVCA-ePass certificate) has the SHA-256 „fingerprint“ of 7d c4 3c a8 6f 98 d8 bb 05 83 6d 26 f9 3c 3d cc 8b 6c 99 22 2d 77 8c 6f bd 33 a2 94 bb 06 6d 9d
The corresponding link certificate is available under (CVCA-ePass link certificate). It has the SHA-256 „fingerprint“ of 55 be bf cf f2 33 ee 44 b4 01 ea f9 2f b6 39 a7 ad ba 47 a8 d1 58 29 16 b5 0f 87 0d 13 c8 02 13
The secondary communication channel is fax: +49228 9582 5722.
The certificate policy of the CVCA-ePass (CVCA-ePass CP) describes the conditions under which the authorization certificates in the ePass-CVCA PKI are issued.
In general, organizational and technical requirements for the recognition, issue, management, usage, withdrawal and the renewal of certificates for the access to the ePass feature of official ID documents are defined in the certificate policy.
Download of the Certificate Policy for the ePass feature of the official ID documents Certificate Policy für die ePass-Anwendung der hoheitlichen Dokumente; Version 1.0 (PDF, 2MB, File is accessible) (in German)