About Logbook of The World

	About
	Key Terms and Concepts
	Getting Started

Flowchart

Submitting QSOs

		State Diagram
		Viewing Accepted QSOs
		Correcting Submitted QSOs

	Viewing Confirmed QSOs
	Determining Why a QSO Isn't Yet Confirmed
	Updating Confirmations
	Viewing and Applying For Award Credit

		DXCC		NPOTA		VUCC
		WAS		WAZ		WPX

Maintenance

		Backup and Recovery
		Alerts From LoTW
		Callsign Certificate Expiration
		Renewing a Callsign Certificate
		Replacing an Expired Callsign Certificate
		Changing Your Primary Callsign
		Setting Up TQSL on a New Computer
		Managing Callsign Certificates
		Managing Station Locations
		TQSL
		LoTW Account

Advanced Usage

		Multiple Callsigns and Operating Locations
		Multiple Computers
		Club Callsigns
		DXpeditions
		QSL Managers
		Application Developers
		Localizing TQSL

Reference

		Mission and Objectives
		Callsign Certificate Security
		Privacy Policy
		Required Documentation
		Logging Applications
		LoTW Files and Icons
		TQSL Callsign Certificate Icons
		TQSL Command Line Interface

Status

		LoTW Queue Status
		QSO and QSL Statistics

Getting Help

		Frequently Asked Questions
		Troubleshooting
		Getting Help via Email
		Submitting a Help Ticket
		Computer Basics
		Internet Basics

Topic Titles

Managing Callsign Certificates

LoTW uses public-key cryptography to authenticate QSOs submitted by each user. Public-key cryptography employs two separate but mathematically-related keys, one of which is private and one of which is public. Information encrypted with a private key can only be decrypted with its associated public key, proving that the holder of the private key was the source of the information.

When you direct TQSL to request a Callsign Certificate, it generates a private key and a public key. It stores the private key in a folder in your computer, and sends the public key to the ARRL. The ARRL creates a Callsign Certificate that links your callsign with your public key, places this Callsign Certificate in a file with a .tq6 filename extension, and then sends this file to you by email so you can load the Callsign Certificate into TQSL.

When you direct TQSL to digitally sign QSOs to be sent to LoTW, it uses the callsign in the specified Callsign Certificate to select the associated private key. TQSL uses this private key to generate an encrypted signature for each QSO, and sends the signatures and QSOs to LOTW. LoTW decrypts each received QSO signature using your public key, and verifies its consistency with the received QSO -- thereby proving that you are the source of that QSO and that the QSO's details have not been changed.

A Callsign Certificate is thus only useful when running TQSL on a computer on which the associated private key is present. You can copy a Callsign Certificate and its associated private key to another computer using the procedure described here.

If the private key associated with a Callsign Certificate goes missing or is damaged, TQSL's Callsign Certificates tab will display that Callsign Certificate with a broken icon: . To correct this, see these instructions.

If the private key associated with a Callsign Certificate goes missing or is damaged, TQSL's Callsign Certificates tab will display that Callsign Certificate with a broken icon: . To correct this, see these instructions.

If you have a valid Callsign Certificate for a callsign and direct TQSL to request a new Callsign Certificate for that callsign, the existing Callsign Certificate will be invalidated when LoTW processes the request.