Austria has a very popular Qualified Electronic Signature and user identification eID method called Handy-Signatur. It’s a mobile app that is installed on 2.6 million people’s phones at the time of writing this article. It is free to use for the end user.
A-trust, who is the operator of the Handy-Signatur, also publishes real time graphs of the usage. From there we can see that every day about 150 000 qualified electronic signatures are created.
In the end of 2021 the Handy-Signatur app should be upgraded to ID Austria. However all the existing integrations should keep on working.
Some time ago Austria also had national eID cards with electronic function but in 2019 it was shut down so no more new cards are issued. Old cards will still work until they are expired.
How to Integrate
Integration with Handy signature or ID Austria is very peculiar. There is an API layer called “Citizen Card Environment Security layer” where you will make POST request with XML requests. You can include XML request in the POST body or you can specify the DataURL where security layer will send the query to get the XML to process. You can also specify RedirectURL where user will be redirected later.
Test environment is available at https://test1.a-trust.at/mobile/https-security-layer-request/test.aspx where you can see what kind of XML commands are available. This test environment sends NullOperationRequest XML and has DataURL that will return the actual XML. Since the documentation is very limited and very confusing then best recommendation is to use this test app, change DataURL and proxy the command to see what commands must look like.
If you find the Austrian Security Layer overly complicated and hard to implement then you have an option to buy Signatur-Box which is an on site server with software and it exposes REST API that is much easier to integrate. However this will also mean additional cost.
Going live
To go live into production you need to sign a contract with A-trust for user identification and creating signatures separately. If you want to integrate Handy-Signatur qualified electronic signatures into your website then due to all this complexity you should consider around 10 000 – 20 000 EUR for the cost of the project. However if you decide to use eID Easy then integration will be much easier (read cheaper). This is because eID Easy has implemented all of this on its own and purchased the needed amount of yearly qualified electronic signatures. At the same time each signature price will stay about the same as direct integration.
Additionally, you can use HandySignatur with our existing integrations on platforms like iManage, Nextcloud and Sharepoint.
To integrate Handy-Signatur with us, contact us here!
See also these links to help you further
Useful spec https://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114-en/bindings/Bindings.en.html
Main spec: https://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114-en/Index.en.html
XSD Schema https://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/core/Core-1.2.xsd
Support forum https://forum.buergerkarte.at/board/5-handy-signatur-und-bürgerkarte/
