Can't get AusweisApp to work

Mar0xy

I tried installing all ccid packages, enabled pcscd and etc which resulted in the usb card reader option to start working but as I have none and use my phone that option doesn't really help me out. Trying to connect with my phone causes it to just print the error "Can't establish connection to smartphone as card reader(SaC)"

I have ran out of ideas what could cause this and am wondering if anyone has a clue.

I have also attempted to check the code for the Remote_IFD but as I don't really know CPP it led me nowhere
Governikus/AusweisApptree/community/src/ifd/remote

Here is the term output:

brianthehughes

Mar0xy

Supported systems: Android 9.0 or higher, iOS 14.0 or higher, macOS 12.0 or higher, Windows 10 (64 Bit) and 11, Windows Server 2016 (Version 1607), 2019, 2022.

https://www.ausweisapp.bund.de/fileadmin/user_upload/AusweisApp-2.2.2-NetInstallation_Integration.pdf
https://www.ausweisapp.bund.de/sdk/

Are you attempting to build this application on GhostBSD?

vimanuelt

Mar0xy After upgrading to the latest release, did you experience a similar issue?

Mar0xy

brianthehughes No it already exists as a port on FreeBSD same goes for Linux it exists on all distros as a package and works fine over there.

brianthehughes

Mar0xy
Oh my, that is a lot of build and runtime dependencies. I’ll check it out and see where I end up.

brianthehughes

Mar0xy

Using the package version of AusweisApp I was able to install and run the application without issue..

As I read more into the pre-requisites to attempt a connection, please confirm that you have the eID and PIN(s) required to proceed, and can - Check device and ID card, Change PIN.

Ultimately, without a the eID and the PIN, I am unable to get my phone to be allowed as a device and receive the same error as you. :-)

Please confirm that your eID function is activated.
Please confirm that your self-selected six-digit PIN is known. - Step 2.1

As no pairing is allowed until these are already in place.

ifd 2025.01.01 10:44:14.411 234090 W ConnectRequest::onError(ifd/base/ConnectRequest.cpp:173) : Connection error: QAbstractSocket::ConnectionRefusedError "Connection refused" default 2025.01.01 10:44:14.424 233840 ...viceModel::onEstablishConnectionDone(ui/qml/RemoteServiceModel.cpp:297) : Pairing finished: IfdConnector_ConnectionError | "An error occurred while trying to establi sh a connection to the smartphone as card reader (SaC)."

https://www.ausweisapp.bund.de/en/online-identification/what-you-need

1 - eID function is activated

To be able to identify yourself online, the eID function of your ID card or electronic residence permit must be activated. With the eID card, this is activated automatically.

How do I know if the eID function of my ID card is activated?

There are several ways to find out:

Your ID card was issued after July 2017. In this case, the eID function is also automatically activated for ID cards and electronic residence permits.
You use the "Check device and ID card" feature in AusweisApp on your smartphone and receive a positive result with a green check mark next to "eID function activated".
You go to your local public administration office to check whether the eID function of your ID card has been activated.

What if the eID function of my ID card is deactivated?

For activation, you can contact your local public administration office. You can find out about the opening hours, contact persons and responsibilities of the offices and authorities in your area by calling the public authority hotline 115 or on the Internet: https://servicesuche.bund.de/#/en.

2 - self-selected, six-digit PIN is known

Every time you identify yourself online, you must enter your self-selected, six-digit PIN to enable data transmission. If you do not know this PIN, there are several ways to set a PIN:

If you have never set a self-selected, six-digit PIN for your ID card and you have your five-digit transport PIN at hand, you can easily and conveniently set a PIN in AusweisApp using the "Change PIN" feature. You will find the five-digit transport PIN in the PIN letter you receive in the mail after you apply for a new ID card.
You set a new PIN for your ID card at the public administration office responsible for you. You can find out the opening hours, contact persons and responsibilities of the offices and authorities closest to where you live by calling the public authorities hotline 115 or on the Internet: https://servicesuche.bund.de/#/en.

maehsi

Not entirely sure, but you should be able to do the pairing step without an eID @brianthehughes
All the stuff about PIN and eID you quoted comes after you managed to pair your phone as a card reader in the first place.
You should be able to recreate the problem by

installing the ausweisapp FreeBSD port and starting the app
installing the AusweisApp on Android via Play Store and starting it
Enter pairing mode on both instances of the application
When attempting the pairing step, you should get the same error as OP (and me)

Edit: A (hopefully) relevant part of my log:
qml 2025.02.15 20:30:06.106 102294 ReaderScanEnabler::enableScan(ui/qml/ReaderScanEnabler.cpp:40) : Starting scan on REMOTE_IFD card 2025.02.15 20:30:06.106 120999 ReaderManagerWorker::callOnPlugin(card/base/ReaderManagerWorker.cpp:131) : Start scan on plugin: governikus::RemoteIfdReaderManagerPlugin network 2025.02.15 20:30:06.110 102294 DatagramHandlerImpl::resetSocket(network/DatagramHandlerImpl.cpp:91) : Bound on port: 24727 card 2025.02.15 20:30:06.110 102294 ReaderManager::doUpdatePluginCache(card/base/ReaderManager.cpp:272) : Update cache entry: REMOTE_IFD qml 2025.02.15 20:30:06.241 102294 W ...ionModel::isScreenReaderRunning(ui/qml/ApplicationModel_generic.cpp:21) : NOT IMPLEMENTED qml 2025.02.15 20:30:07.039 102294 W (/qt/qml/Governikus/View/BaseController.qml:44) : No focus item found using TitleBar qml 2025.02.15 20:30:07.044 102294 ReaderScanEnabler::enableScan(ui/qml/ReaderScanEnabler.cpp:49) : Stopping scan on REMOTE_IFD card 2025.02.15 20:30:07.045 120999 ReaderManagerWorker::callOnPlugin(card/base/ReaderManagerWorker.cpp:131) : Stop scan on plugin: governikus::RemoteIfdReaderManagerPlugin network 2025.02.15 20:30:07.048 102294 ...mHandlerImpl::~DatagramHandlerImpl(network/DatagramHandlerImpl.cpp:104) : Shutdown socket card 2025.02.15 20:30:07.049 102294 ReaderManager::doUpdatePluginCache(card/base/ReaderManager.cpp:272) : Update cache entry: REMOTE_IFD default 2025.02.15 20:30:12.233 102294 ...viceModel::connectToRememberedServer(ui/qml/RemoteServiceModel.cpp:268) : Starting to pair. ifd 2025.02.15 20:30:12.233 102294 IfdClientImpl::establishConnection(ifd/base/IfdClientImpl.cpp:155) : Establishing connection to remote device. ifd 2025.02.15 20:30:12.234 120998 I ConnectRequest::setTlsConfiguration(ifd/base/ConnectRequest.cpp:88) : Start pairing to server ifd 2025.02.15 20:30:12.235 120998 IfdConnectorImpl::onConnectRequest(ifd/base/IfdConnectorImpl.cpp:107) : Request connection. ifd 2025.02.15 20:30:12.235 120998 W ConnectRequest::onError(ifd/base/ConnectRequest.cpp:173) : Connection error: QAbstractSocket::ConnectionRefusedError "Verbindung verweigert" default 2025.02.15 20:30:12.240 102294 ...viceModel::onEstablishConnectionDone(ui/qml/RemoteServiceModel.cpp:297) : Pairing finished: IfdConnector_ConnectionError | "Bei der Verbindung zum Smartphone als Kartenleser (SaK) ist ein Fehler aufgetreten." qml 2025.02.15 20:30:14.269 102294 ReaderScanEnabler::enableScan(ui/qml/ReaderScanEnabler.cpp:40) : Starting scan on REMOTE_IFD card 2025.02.15 20:30:14.269 120999 ReaderManagerWorker::callOnPlugin(card/base/ReaderManagerWorker.cpp:131) : Start scan on plugin: governikus::RemoteIfdReaderManagerPlugin

vimanuelt

Hi @Mar0xy,

I’ve looked into the issue, and it seems like the problem is occurring before the eID authentication process, likely during the initial pairing step. The error QAbstractSocket::ConnectionRefusedError suggests that the connection is being blocked or not properly initialized.

Troubleshooting Steps to Try:

1. Verify Dependencies

Ensure all necessary packages are installed:

pkg info | grep pcscd

Make sure pcscd is installed and running:

sudo service pcscd start

2. Check Network Connectivity

The logs show that the application binds to port 24727.
Check if anything is listening on this port:

sudo sockstat -l | grep 24727

If nothing is listening, try running the app as root:

sudo AusweisApp2

3. Enable Debug Logging

Run the application in debug mode to gather more details:

AusweisApp2 --debug

This might provide more insights into why the connection is refused.

maehsi

Thank you for your suggestions. I have tried them all, with no change to the behavior of the application.
sudo sockstat -l | grep 24727
returns this when Ausweisapp is running:
maehsi AusweisApp 7075 18 tcp4 127.0.0.1:24727 *:* maehsi AusweisApp 7075 19 tcp6 ::1:24727 *:* maehsi AusweisApp 7075 38 udp46 *:24727 *:*

logs seem to be too large to post here

maehsi

The option --debug does not work, instead --keep seems to be the only similar option. For some reason, two logs are created, log 2:
default 2025.02.17 21:04:00.843 107550 Env::createSingleton(global/Env.h:127) : Create singleton: governikus::SignalHandler init 2025.02.17 21:04:00.843 107550 printInfo(init/Bootstrap.cpp:59) : Logging to "/tmp/AusweisApp.viKqRv.log" init 2025.02.17 21:04:00.843 107550 I printInfo(init/Bootstrap.cpp:61) : ################################################## init 2025.02.17 21:04:00.843 107550 I printInfo(init/Bootstrap.cpp:65) : ### Application: AusweisApp init 2025.02.17 21:04:00.843 107550 I printInfo(init/Bootstrap.cpp:65) : ### Application Version: 2.2.2 init 2025.02.17 21:04:00.843 107550 I printInfo(init/Bootstrap.cpp:65) : ### Organization: ausweisapp2 init 2025.02.17 21:04:00.843 107550 I printInfo(init/Bootstrap.cpp:65) : ### Organization Domain: init 2025.02.17 21:04:00.843 107550 I printInfo(init/Bootstrap.cpp:65) : ### System: GhostBSD 24.10.1 init 2025.02.17 21:04:00.843 107550 I printInfo(init/Bootstrap.cpp:65) : ### Kernel: 14.1-STABLE init 2025.02.17 21:04:00.843 107550 I printInfo(init/Bootstrap.cpp:65) : ### Architecture: x86_64 init 2025.02.17 21:04:00.843 107550 I printInfo(init/Bootstrap.cpp:65) : ### Device: maehsi-ghostbsd init 2025.02.17 21:04:00.843 107550 I printInfo(init/Bootstrap.cpp:65) : ### Qt Version: 6.8.1 init 2025.02.17 21:04:00.843 107550 I printInfo(init/Bootstrap.cpp:65) : ### OpenSSL Version: OpenSSL 3.0.15 3 Sep 2024 init 2025.02.17 21:04:00.844 107550 I printInfo(init/Bootstrap.cpp:67) : ################################################## init 2025.02.17 21:04:00.846 107550 printInfo(init/Bootstrap.cpp:77) : Library path: "/usr/local/lib/qt6/plugins" init 2025.02.17 21:04:00.847 107550 printInfo(init/Bootstrap.cpp:77) : Library path: "/usr/local/bin" init 2025.02.17 21:04:00.847 107550 printInfo(init/Bootstrap.cpp:80) : TLS backends: QList("openssl", "cert-only") | using: "openssl" default 2025.02.17 21:04:00.847 107550 Env::createSingleton(global/Env.h:127) : Create singleton: governikus::VolatileSettings default 2025.02.17 21:04:00.847 107550 ResourceLoader::init(global/ResourceLoader.cpp:45) : Register resource: "/usr/local/share/ausweisapp2/AusweisApp/AusweisApp.rcc" | true default 2025.02.17 21:04:00.847 107550 Env::createSingleton(global/Env.h:127) : Create singleton: governikus::AppSettings network 2025.02.17 21:04:00.850 107550 NetworkManager::setApplicationProxyFactory(network/NetworkManager.cpp:516) : proxy -> system default 2025.02.17 21:04:00.850 107550 Env::createSingleton(global/Env.h:127) : Create singleton: governikus::NetworkManager default 2025.02.17 21:04:00.919 107550 FileDestination::getPath(global/FileDestination.h:62) : "config.json" not found in following destinations | QStandardPaths::LocateFile default 2025.02.17 21:04:00.919 107550 FileDestination::getPath(global/FileDestination.h:66) : "/home/maehsi/.local/share/ausweisapp2/AusweisApp" default 2025.02.17 21:04:00.919 107550 FileDestination::getPath(global/FileDestination.h:66) : "/usr/local/share/ausweisapp2/AusweisApp" default 2025.02.17 21:04:00.919 107550 FileDestination::getPath(global/FileDestination.h:66) : "/usr/share/ausweisapp2/AusweisApp" securestorage 2025.02.17 21:04:00.919 107550 SecureStorage::load(secure_storage/SecureStorage.cpp:191) : Try locations: QList("", "", ":/config.json") securestorage 2025.02.17 21:04:00.919 107550 SecureStorage::loadFile(secure_storage/SecureStorage.cpp:158) : Load SecureStorage: ":/config.json" securestorage 2025.02.17 21:04:00.923 107550 SecureStorage::load(secure_storage/SecureStorage.cpp:278) : SecureStorage loaded: true securestorage 2025.02.17 21:04:00.923 107550 I SecureStorage::load(secure_storage/SecureStorage.cpp:279) : Vendor "ausweisapp2" default 2025.02.17 21:04:00.923 107550 Env::createSingleton(global/Env.h:127) : Create singleton: governikus::UiLoader gui 2025.02.17 21:04:00.923 107550 UiLoader::load(ui/base/UiLoader.cpp:109) : Try to load UI plugin: "qml" gui 2025.02.17 21:04:00.923 107550 UiLoader::setEnvironment(ui/base/UiLoader.cpp:268) : Set environment: "QSG_INFO" = "1" gui 2025.02.17 21:04:00.923 107550 UiLoader::setEnvironment(ui/base/UiLoader.cpp:268) : Set environment: "QT_SVG_ASSUME_TRUSTED_SOURCE" = "1" gui 2025.02.17 21:04:00.923 107550 UiLoader::load(ui/base/UiLoader.cpp:124) : Load plugin: QJsonObject({"IID":"governikus.UiPlugin","MetaData":{"default":true,"env":{"QSG_INFO":"1","QT_SVG_ASSUME_TRUSTED_SOURCE":"1"},"userInteractive":true},"archlevel":1,"className":"UiPluginQml","debug":false,"version":395264}) default 2025.02.17 21:04:00.927 107550 UiPluginQml::onUseSystemFontChanged(ui/qml/UiPluginQml.cpp:940) : Using "AusweisApp_Roboto" with styles QList("Regular", "Medium", "Bold") init 2025.02.17 21:04:00.928 107550 AppController::onUiPlugin(core/controller/AppController.cpp:427) : Register UI: governikus::UiPluginQml gui 2025.02.17 21:04:00.928 107550 UiLoader::load(ui/base/UiLoader.cpp:109) : Try to load UI plugin: "webservice" gui 2025.02.17 21:04:00.928 107550 UiLoader::load(ui/base/UiLoader.cpp:124) : Load plugin: QJsonObject({"IID":"governikus.UiPlugin","MetaData":{"default":true,"passive":true,"readerManager":false},"archlevel":1,"className":"UiPluginWebService","debug":false,"version":395264}) init 2025.02.17 21:04:00.928 107550 AppController::onUiPlugin(core/controller/AppController.cpp:427) : Register UI: governikus::UiPluginWebService gui 2025.02.17 21:04:00.928 107550 UiLoader::load(ui/base/UiLoader.cpp:109) : Try to load UI plugin: "websocket" gui 2025.02.17 21:04:00.928 107550 UiLoader::load(ui/base/UiLoader.cpp:124) : Load plugin: QJsonObject({"IID":"governikus.UiPlugin","MetaData":{"default":true},"archlevel":1,"className":"UiPluginWebSocket","debug":false,"version":395264}) init 2025.02.17 21:04:00.928 107550 AppController::onUiPlugin(core/controller/AppController.cpp:427) : Register UI: governikus::UiPluginWebSocket default 2025.02.17 21:04:00.928 107550 Env::getShared(global/Env.h:336) : Spawn shared instance: governikus::HttpServer network 2025.02.17 21:04:00.928 107550 HttpServer::bindAddresses(network/HttpServer.cpp:65) : Cannot start server: "The bound address is already in use" | QHostAddress("127.0.0.1") | 24727 network 2025.02.17 21:04:00.928 107550 HttpServer::bindAddresses(network/HttpServer.cpp:69) : Abort init of http server because of fatal error... network 2025.02.17 21:04:00.928 107550 HttpServerRequestor::getRequest(network/HttpServerRequestor.cpp:57) : Request URL (GET): QUrl("http://127.0.0.1:24727/eID-Client?Status") network 2025.02.17 21:04:00.930 107550 HttpServerStatusParser::parseReply(network/HttpServerStatusParser.cpp:69) : Status Code: 200 "OK" network 2025.02.17 21:04:00.930 107550 HttpServerStatusParser::parseReply(network/HttpServerStatusParser.cpp:69) : Header | access-control-allow-origin: * network 2025.02.17 21:04:00.930 107550 HttpServerStatusParser::parseReply(network/HttpServerStatusParser.cpp:69) : Header | access-control-allow-private-network: true network 2025.02.17 21:04:00.930 107550 HttpServerStatusParser::parseReply(network/HttpServerStatusParser.cpp:69) : Header | content-length: 237 network 2025.02.17 21:04:00.930 107550 HttpServerStatusParser::parseReply(network/HttpServerStatusParser.cpp:69) : Header | content-type: text/plain; charset=utf-8 network 2025.02.17 21:04:00.930 107550 HttpServerStatusParser::parseReply(network/HttpServerStatusParser.cpp:69) : Header | date: Mon, 17 Feb 2025 20:04:00 GMT network 2025.02.17 21:04:00.930 107550 HttpServerStatusParser::parseReply(network/HttpServerStatusParser.cpp:69) : Header | server: AusweisApp2/2.2.2 (TR-03124-1/1.4) network 2025.02.17 21:04:00.931 107550 HttpServerStatusParser::parseReply(network/HttpServerStatusParser.cpp:74) : Found version info VersionInfo({"Implementation-Title":"AusweisApp2","Implementation-Vendor":"ausweisapp2","Implementation-Version":"2.2.2","Name":"AusweisApp2","Specification-Title":"TR-03124-1","Specification-Vendor":"Federal Office for Information Security","Specification-Version":"1.4"}) webservice 2025.02.17 21:04:00.931 107550 ...WebService::handleExistingApp(ui/webservice/UiPluginWebService.cpp:107) : We are already started... calling ShowUI network 2025.02.17 21:04:00.931 107550 HttpServerRequestor::getRequest(network/HttpServerRequestor.cpp:57) : Request URL (GET): QUrl("http://127.0.0.1:24727/eID-Client?ShowUI=CURRENT") webservice 2025.02.17 21:04:00.932 107550 ...WebService::handleExistingApp(ui/webservice/UiPluginWebService.cpp:129) : ShowUI request succeeded init 2025.02.17 21:04:00.932 107550 C AppController::start(core/controller/AppController.cpp:150) : Cannot initialize UI init 2025.02.17 21:04:00.932 107550 C AppController::start(core/controller/AppController.cpp:117) : Cannot start application controller, exit application init 2025.02.17 21:04:00.932 107550 initApp(init/Bootstrap.cpp:191) : Enter main event loop... init 2025.02.17 21:04:00.934 107550 AppController::completeShutdown(core/controller/AppController.cpp:332) : Emit fire shutdown gui 2025.02.17 21:04:00.934 107550 UiLoader::shutdown(ui/base/UiLoader.cpp:197) : Shutdown UiLoader: QList("qml", "webservice", "websocket") gui 2025.02.17 21:04:00.935 107550 UiLoader::preparePlugin(ui/base/UiLoader.cpp:149) : Shutdown UI: "qml" gui 2025.02.17 21:04:00.935 107550 UiLoader::preparePlugin(ui/base/UiLoader.cpp:149) : Shutdown UI: "webservice" gui 2025.02.17 21:04:00.935 107550 UiLoader::preparePlugin(ui/base/UiLoader.cpp:149) : Shutdown UI: "websocket" default 2025.02.17 21:04:00.935 107550 ResourceLoader::shutdown(global/ResourceLoader.cpp:71) : Unregister resource: "/usr/local/share/ausweisapp2/AusweisApp/AusweisApp.rcc" | true init 2025.02.17 21:04:00.935 107550 AppController::completeShutdown(core/controller/AppController.cpp:338) : Quit event loop of QCoreApplication default 2025.02.17 21:04:00.935 107550 Env::createSingleton(global/Env.h:140) : Destroy singleton: governikus::UiLoader default 2025.02.17 21:04:00.935 107550 Env::createSingleton(global/Env.h:140) : Destroy singleton: governikus::NetworkManager default 2025.02.17 21:04:00.935 107550 Env::createSingleton(global/Env.h:140) : Destroy singleton: governikus::AppSettings default 2025.02.17 21:04:00.935 107550 Env::createSingleton(global/Env.h:140) : Destroy singleton: governikus::VolatileSettings default 2025.02.17 21:04:00.935 107550 Env::createSingleton(global/Env.h:140) : Destroy singleton: governikus::SignalHandler init 2025.02.17 21:04:00.936 107550 initApp(init/Bootstrap.cpp:201) : Leaving application... bye bye!

the other log is definitely too large to post here. I can't find anything in it that gives away more than the snippet I already posted.

brianthehughes

The application blocks communication unless the pin is entered. Including pairing. This is by design as the user is unlocking the application to pair it with a device. The application is the authority. During my attempts at diagnosis I also believed that one should be able to pair a device with the app first, but that is not the case as the user must first authenticate with the app to add a device. That device is then able to read the card via NFC to the application. During my efforts I do believe I ended up at the developer docs before I provided the conclusion that it is impossible to test without an eID and pin. Governikus/AusweisAppblob/community/docs/installation/CommunicationModel_en.pdf

eID
pin
app (and you need to enter the pin to enable)
pairing

I do hope the OP was able to connect directly with support resources.

maehsi

brianthehughes
I don't believe that to be correct. I still have a machine with Windows 10 at my disposal. Pairing works exactly like this:

Open the application on both desktop PC and Android phone
Enter pairing mode on both devices
Enter pairing PIN (randomly generated and shown on phone display) on desktop PC
Android phone now works as a connected German ID card reader

The following steps after pairing was successful would be:

Put phone on ID card
Click authentication button of some German gov agency on desktop PC in the browser
ID card is read, information is transferred between Ausweisapp on desktop and phone, and the server for this stuff
Enter personal eID card PIN
I am authenticated and can usually fill out some form

To be sure, I just deleted the pairing on that windows PC and the phone I have and repeated those steps as I described them. That is how it works. On GhostBSD, at step 3, I enter the pairing PIN and get the connection error.

I have uploaded 2 logs on my Google Drive, one for GhostBSD and one from the Windows application (which works): https://drive.google.com/drive/folders/1u-6TI_8TapDmorznBVRQRluTk1E8EDsR?usp=drive_link

brianthehughes

I concede your evidence. I did not try on Mac or Windows. Well done.

maehsi

vimanuelt I just tried it again after the upgrade and it still displays the same error.

Mar0xy

vimanuelt I essentially gave up back then and just use it only on mobile or if I need it on desktop I end up using a VM which is less than ideal but there is currently simply no way around it