Managing Callsign Certificates
LoTW uses public-key cryptography to authenticate QSOs submitted by each user. Public-key cryptography employs two separate but mathematically-related keys, one of which is private and one of which is public. Information encrypted with a private key can only be decrypted with its associated public key, proving that the holder of the private key was the source of the information.
When you direct TQSL to request a Callsign Certificate, it generates a private key and a public key. It stores the private key in a folder in your computer, and sends the public key to the ARRL. The ARRL creates a Callsign Certificate that links your callsign with your public key, places this Callsign Certificate in a file with a .tq6 filename extension, and then sends this file to you by email so you can load the Callsign Certificate into TQSL.
When you direct TQSL to digitally sign QSOs to be sent to LoTW, it uses the callsign in the specified Callsign Certificate to select the associated private key. TQSL uses this private key to generate an encrypted signature for each QSO, and sends the signatures and QSOs to LOTW. LoTW decrypts each received QSO signature using your public key, and verifies its consistency with the received QSO -- thereby proving that you are the source of that QSO and that the QSO's details have not been changed.
A Callsign Certificate is thus only useful when running TQSL on a computer on which the associated private key is present. You can copy a Callsign Certificate and its associated private key to another computer using the procedure described here.
If the private key associated with a Callsign Certificate goes missing or is damaged, TQSL's Callsign Certificates tab will display that Callsign Certificate with a broken icon: . To correct this, see these instructions.
If the private key associated with a Callsign Certificate goes missing or is damaged, TQSL's Callsign Certificates tab will display that Callsign Certificate with a broken icon: . To correct this, see these instructions.
If you have a valid Callsign Certificate for a callsign and direct TQSL to request a new Callsign Certificate for that callsign, the existing Callsign Certificate will be invalidated when LoTW processes the request.
- Viewing a Callsign Certificate's Properties
- Determining When a Callsign Certificate Will Expire
- Renewing a Callsign Certificate
- Replacing an expired Callsign Certificate
- Determining if a Callsign Certificate is Valid
- Maintaining Callsign Certificate Security
- Removing Password Protection from a Callsign Certificate
- Copying Callsign Certificates from One Computer to Another
- Saving a Callsign Certificate to a File
- Loading a Callsign Certificate from a File
- Requesting an Additional Callsign Certificate
- Accepting an Additional Callsign Certificate
- Deleting a Callsign Certificate
- Restoring a Deleted Callsign Certificate
- Dealing with a Broken Callsign Certificate
- Dealing with a Broken Callsign Certificate
- Dealing with a Broken Callsign Certificate
- Dealing with a Broken Callsign Certificate
- Dealing with a Broken Callsign Certificate