Q.1 What is Aadhaar Paperless Offline e-KYC?
Ans. It is a secure sharable document which can be used by any Aadhaar number holder for offline verification of Identification.
A resident desirous of using this facility shall generate his/her digitally signed Aadhaar details by accessing UIDAI resident portal. The details will contain Name, Address, Photo, Gender, DOB, hash of registered Mobile Number, hash of registered Email Address and reference id which contains last 4 digits of Aadhaar Number followed by time stamp in a digitally signed XML. It will provide Offline Aadhaar Verification facility to service providers/Offline Verification Seeking Entity (OVSE) without the need to collect or store Aadhaar number.
Q.2 How to generate Offline Aadhaar?
Ans.The process of generating Aadhaar Offline e-KYC is explained below:
- Go to URL https://resident.uidai.gov.in/offlineaadhaar
- Enter ‘Aadhaar Number’ or ‘VID’ and mentioned ‘Security Code’ in screen, then click on ‘Send OTP’ or ‘Enter TOTP’. The OTP will be sent to the registered Mobile Number for the given Aadhaar number or VID. TOTP will be available on m-Aadhaar mobile Application of UIDAI. Enter the OTP received/TOTP. Enter a Share Code which be the password for the ZIP file and click on ‘Download’ button
- The Zip file containing the digitally signed XML will be downloaded to device wherein the above mentioned steps have been performed.
Q.3 Who are the users of this Aadhaar Paperless Offline e-KYC?
Ans. Any Aadhaar number holder who desires to establish his/her identity to any service provider (OVSE) using digitally signed XML downloaded from UIDAI website can be a user of this service. The service provider should have provisions of providing this Aadhaar Paperless Offline e-KYC at their facility and do the offline verification
Q.4 How to share this Paperless Offline eKYC document with the service provider?
Ans. Residents can share the XML ZIP file along with the Share Code to the service provider as per their mutual convenience.
Q.5 How will service providers use Aadhaar Offline e-KYC?
Ans. The process of Aadhaar Offline e-KYC Verification by Service Provider is:
- Once service provider obtains the ZIP file, it extracts the XML file using the password (share code) provided by the resident.
- The XML file will contain the demographic details such as Name, DOB, Gender and Address. Photo is in base 64 encoded format which can be rendered directly using any utility or plane HTML page. Email Address and Mobile number are hashed.
- Service Provider has to collect Email Address and Mobile number from residents and perform below operations in order to validate the hash:
Mobile Number:
Hashing logic: Sha256(Sha256(Mobile+ShareCode))*number of times of last digit of Aadhaar Number
Example :
Mobile number: 9800000002
Aadhaar Number: 123412341234
Share Code: Abc@123
Sha256(Sha256(9800000002+ Abc@123))*4
In case if Aadhaar Number ends with Zero or 1 (123412341230/1) it will be hashed one time.
Sha256(Sha256(9800000002+ Abc@123))*1
Email Address:
Hashing Logic: This is a simple SHA256 hash of the email without any salt
- Entire XML is digitally signed and Service Provider can validate the XML file using the signature and public key available on the UIDAI website.(https://uidai.gov.in/images/uidai_offline_publickey_26022019.cer).
Q.6 Can this Offline Paperless eKYC document be shared to other entities by the Service Provider?
Ans. Service Providers shall not share, publish or display either Share Code or XML file or its contents with anyone else. Any non-compliance of these actions shall invite actions under Sections 17 and 25 of The Aadhaar (Authentication) Regulation, 2016, Sections 4 and 6 of The Aadhaar (Sharing of Information) Regulation, 2016 and Sections 29(2), 29 (3) and 37 of The Aadhaar Act, 2016.
Q.7 How this Aadhaar Offline Paperless eKYC document is different from the other identification documents produced offline by residents?
Ans. Identity verification can simply be accomplished by providing an identity document like PAN card, Passport etc to the service provider. However, all these documents, which may be used for identification can still be forged and faked which may or may not be possible to verify offline instantaneously. The document verifier has no technological means to verify the authenticity of the document or the information it contains and has to trust the document producer. Whereas, the XML file generated by the Aadhaar number holder using Aadhaar Paperless Offline e-KYC is digitally signed document using UIDAI digital signature. Thus, the service provider can verify the demographic contents of the file and certify it to be authentic when doing the offline verification
Q.8 Where can I find the Public Certificate for Digital Signature validation?
Ans. Public certificate for Digital signature validation can be downloaded from here.