Signing

<< Click to Display Table of Contents >>

RayQC > 7.3 u2 > User Guide > Settings 

Signing

This signing view is only relevant for those RayQC instances, which are intended to create and edit signed checklist templates. Signing settings are not required for mere evaluation of signed checklist.

 

Managing signing options contains the following procedures:

 

Select the active key pair profile

Create new profiles

Test key validity

Edit profiles

Remove profiles

 

Read on to get further details on how to accomplish these management tasks.

 

Key Pair Profile Properties

In order to establish a working signing configuration, the following property settings are required:

 

Description

Short textual information about the profile for later recognition.

 

Certificate File

The *.cert file has to be copied to the %appdata%\Raynet\RayQC\config\Security directory. This is done automatically when a *.cert file is selected via the dialog triggered by the browse button at the right-hand side of the certificate field. Also the certificate properties from the file are retrieved and displayed in the Set up certificate field.

 

Private Key Selection

The *.pem file has to be copied to the %appdata%\Raynet\RayQC\config\Security directory. This is done automatically when the *.pem file that matches the certificate is selected via the dialog triggered by the browse button at the right-hand side of the Set up private key status indicator.

 

Once the key is available in RayQC, its validity can be tested as described below.

 

Certificate Chain Valid

This indicator provides information about the trust status of the certificate used within the current keypair profile. If the machine that runs the RayQC instance trusts the certificate, the checkbox is active. If the certificate is untrusted, it is disabled. The validity of the certificate is important for those setting configurations that cause RayQC to reject checklists, that are signed but by untrusted certificates (compare with the section about behavior settings).

 

papercliper

Note:

The "Certificate chain valid" state indicator relies on Windows certificate store status information that is already available at application launch. Therefore, it is recommended to establish the trust, if required at all, before RayQC is started and the actual key pair settings are defined.

 

 

tip

Tip:

To establish certificate trust, the root certificate of the one used within the current key pair profile has to be installed as trusted certificate. The installation may be done on a per-user or per-machine basis. It is recommended to prepare a machine based installation, to allow all users of a QC device to operate on the same certificate preparation level. The procedures required for certificate installation is Windows based, and therefore not described in detail within this documentation. Please refer to MSDN or other Microsoft resources to get details regarding this procedure.

 

Define the Active Key Pair Profile

1.Go to the settings area and click on the signing tab.
 

2.Expand the options list provided within the drop down menu named Active KeyPair Profile.
 

3.Select the desired profile.

 

papercliper

Note:

The profile selection is not saved permanently yet - closing RayQC at this point is equal to discarding the changes to the signing settings profile stock. To actually save the profile selection beyond the next application closure, the Accept button on the swipe bar has to be used.

 

To Create a New Key Pair Profile

1.Go to the settings area and click on the signing tab.
 

2.Click on the button Create at the right-hand side of the Active KeyPair Profile selector control.
 

3.Enter the name of the new profile as demanded by the displayed dialog.
 
The profile name has to be unique among the key pair profiles stored for the currently logged in Windows User on the machine that is running RayQC.
 

4.Click OK to save the new profile
 

5.A new option is automatically added to the Active KeyPair Profile selector control.
 

6.The new profile needs to be edited in order to set the parameters required to actually sign checklists with it.

 

papercliper

Note:

The new profile is not saved permanently yet - closing RayQC at this point is equal to discarding the changes to the signing settings profile stock. To save the profile for later re-use, the Accept button on the swipe bar has to be used.

 

To Test a Key

1.Go to the settings area and click on the signing tab.
 

2.Expand the options list provided within the drop down menu named Active KeyPair Profile.
 

3.Select the desired profile.
 

4.Click on the Test button at the right-hand side of the "Set up private key" controls.
If the button is disabled and cannot be clicked, the private key may not have been uploaded yet. If so, please use the browse button to transfer the key to the RayQC settings storage location.
The button should automatically become active.
 

5.A dialog is displayed, requesting the password required to encrypt the private key for signing.
Please, enter the password and click OK to start the key validation.
 

6.The test result is shown within an information dialog at the end of the test routine.

 

papercliper

Note:

There are several reasons why a key test might fail. Please follow the details of the failure message to adjust the right parameters for achieving successful validity.

 

To Edit a Key Pair Profile

1.Go to the settings area and click on the signing tab.
 

2.Expand the options list provided within the drop down menu named Active KeyPair Profile.
 

3.Select the desired profile.
 

4.The properties of the profile are loaded into the input fields below the Active KeyPair Profile selector.
 

5.Adjust them according to your needs. They are immediately effective and applied to the running RayQC instance.
 

 

papercliper

Note:

The new profile properties are not saved permanently yet - closing RayQC at this point is equal to discarding the changes. To save the profile for later re-use, the Accept button on the swipe bar has to be used.

 

To Remove a Key Pair Profile

1.Call the settings area and open the signing view.
 

2.Expand the options list provided within the drop down menu named Active KeyPair Profile.
 

3.Select the desired profile.
 

4.Click on the Remove button at the right-hand side of the Active KeyPair Profile control.
 

5.The profile is removed from the options list.

 

papercliper

Note:

The profile is not deleted permanently yet - closing RayQC at this point is equal to discarding the changes. To permanently remove the profile, the Accept button on the swipe bar has to be used.

Also be aware:

Once a profile is removed, it is not possible to modify checklist templates that have been signed by this certificate. Therefore, please be sure to have a copy of the certificate and key files in case of needing them again at a later time.