Topics

ANDRe: [DXLab] LOTW PASSWORD REMOVAL PLEA FOR DETAILED HELP

Brian K
 

If I may,

Ed's item #3 is a combination of ARRL's #3 and #4

Ed's item #4 is a combination of ARRL's item #5 and #6

The ARRL document makes reference to TWO DIFFERENT passwords.

From the ARRL item # 5
a Certificate Container Password

AND

From ARRL's # 6
"a password to unlock the Callsign Certificate" also called "the password used to protect the Callsign Certificate"

Ed's questions (there are three (3)) in Ed's item # 4 ALL refer to ARRL's item # 6.

From Ed's item #4 ......

".... Another window opens up. "Enter the password for your active W2GHD callsign certificate.
What is the active call sign certificate password?
Is it the one I use to sign onto the LOTW website?
How do I find it?...."

I am not a frequent user of LoTw, so I will allow a more seasoned user to answer Ed's questions.

Brian
KB3WFV

On Friday, November 1, 2019, 12:00:31 PM EDT, Dave AA6YQ <aa6yq@...> wrote:


Ed, question #4 as you report it below does not match question #4 in

https://lotw.arrl.org/lotw-help/removecertificatepassword/

We'll get nowhere if we're not referencing the same instructions.

Referring to

https://lotw.arrl.org/lotw-help/removecertificatepassword/

what is the first step you find confusing?

          73,

              Dave, AA6YQ


-----Original Message-----
From: DXLab@groups.io [mailto:DXLab@groups.io] On Behalf Of Ed
Sent: Friday, November 01, 2019 10:17 AM
To: DXLab@groups.io
Subject: Re: [DXLab] LOTW PASSWORD REMOVAL PLEA FOR DETAILED HELP

Dave,

In a previous post I wrote:

"Searching this forum I find many, many questions on how to remove the password requirement for uploading to LOTW.. It's plain to me I don't understand the procedure.or some of the terms.
Here's what I've been doing.

1. start the TQSL application ... OK

2. select TQSL's Callsign Certificates tab ... OK

3.click on the certificate whose password you wish to remove,  (OK) and then click the Save the callsign certificate for button to the right I select the desktop to place the new file W2GHD.p12 (OK)

4. a Certificate Container Password window will prompt you to enter a password, leave both the New password and Enter again to confirm textboxes empty, and click the Ok button  Left the new password line empty. (OK) Another window opens up. "Enter the password for your active W2GHD callsign certificate.What is the active call sign certificate password? Is it the one I use to sign onto the LOTW website? How do I find it?

Thank you,"


<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>     Virus-free. www.avg.com <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>     




Dave AA6YQ
 

+ AA6YQ comments below

 

Ed's item #3 is a combination of ARRL's #3 and #4

 

Ed's item #4 is a combination of ARRL's item #5 and #6

 

+ As I posted, we'll get nowhere until we're referencing the same instructions.  This is the "governing" article:

<https://lotw.arrl.org/lotw-help/removecertificatepassword/>

 

 

The ARRL document makes reference to TWO DIFFERENT passwords.

 

From the ARRL item # 5

a Certificate Container Password

 

+ That's not correct. Those words, which are rendered in bold font, are the caption of a window. Here's the full text of step 5:

"
5. a Certificate Container Password window will prompt you to enter a password; leave both the New password and Enter again to confirm textboxes empty, and click the Ok button"

 

 

AND

 

From ARRL's # 6

"a password to unlock the Callsign Certificate" also called "the password used to protect the Callsign Certificate"

 

+ Correct. This is the only password employed in the process; it is the password that Ed has been supplying each time he has submitted QSOs to LoTW.

 

        73,

 

                  Dave, AA6YQ

iain macdonnell - N6ML
 

On Fri, Nov 1, 2019 at 11:01 AM Dave AA6YQ <@AA6YQ> wrote:

+ AA6YQ comments below



Ed's item #3 is a combination of ARRL's #3 and #4



Ed's item #4 is a combination of ARRL's item #5 and #6



+ As I posted, we'll get nowhere until we're referencing the same instructions. This is the "governing" article:

<https://lotw.arrl.org/lotw-help/removecertificatepassword/>





The ARRL document makes reference to TWO DIFFERENT passwords.



From the ARRL item # 5

a Certificate Container Password



+ That's not correct. Those words, which are rendered in bold font, are the caption of a window. Here's the full text of step 5:

" 5. a Certificate Container Password window will prompt you to enter a password; leave both the New password and Enter again to confirm textboxes empty, and click the Ok button"





AND



From ARRL's # 6

"a password to unlock the Callsign Certificate" also called "the password used to protect the Callsign Certificate"



+ Correct. This is the only password employed in the process; it is the password that Ed has been supplying each time he has submitted QSOs to LoTW.
You're both correct, sort-of. The process does *make reference to* two
different passwords - one for protecting the contents of the P12
container, and another for decrypting the private key. It recommends
not setting the former (the P12 one).

73,

~iain / N6ML

Brian K
 

Ed's item # 4......

"........ Another window opens up. "Enter the password for your active W2GHD callsign certificate.What is the active call sign certificate password? Is it the one I use to sign onto the LOTW website? How do I find it?.........."

Dave AA6YQ's most recent answer.......

"......... it is the password that Ed has been supplying {using} each time he has submitted QSOs to LoTW."

I'll add that if Ed can not find his active call sign certificate password, or can not remember it, then he should contact the ARRL for assistance with getting a new one.

Asked
Answered
Next.....

Brian
KB3WFV

On Friday, November 1, 2019, 2:01:05 PM EDT, Dave AA6YQ <aa6yq@...> wrote:


+ AA6YQ comments below

 

Ed's item #3 is a combination of ARRL's #3 and #4

 

Ed's item #4 is a combination of ARRL's item #5 and #6

 

+ As I posted, we'll get nowhere until we're referencing the same instructions.  This is the "governing" article:

<https://lotw.arrl.org/lotw-help/removecertificatepassword/>

 

 

The ARRL document makes reference to TWO DIFFERENT passwords.

 

From the ARRL item # 5

a Certificate Container Password

 

+ That's not correct. Those words, which are rendered in bold font, are the caption of a window. Here's the full text of step 5:

"
5. a Certificate Container Password window will prompt you to enter a password; leave both the New password and Enter again to confirm textboxes empty, and click the Ok button"

 

 

AND

 

From ARRL's # 6

"a password to unlock the Callsign Certificate" also called "the password used to protect the Callsign Certificate"

 

+ Correct. This is the only password employed in the process; it is the password that Ed has been supplying each time he has submitted QSOs to LoTW.

 

        73,

 

                  Dave, AA6YQ

Dave AA6YQ
 

+ AA6YQ comments below

Ed's item # 4......

"........ Another window opens up. "Enter the password for your active W2GHD callsign certificate.What is the active call sign certificate password? Is it the one I use to sign onto the LOTW website? How do I find it?.........."

Dave AA6YQ's most recent answer.......

"......... it is the password that Ed has been supplying {using} each time he has submitted QSOs to LoTW."

I'll add that if Ed can not find his active call sign certificate password, or can not remember it, then he should contact the ARRL for assistance with getting a new one.

+ Ed has given no indication that he's lost his Callsign Certificate password. Let's not make this more complicated than necessary.


Asked
Answered
Next

+ This isn't a courtroom. The "completion criterion" for questions posted in this discussion group is "satisfied recipient". We're not there yet.

73,

Dave, AA6YQ

Joe Subich, W4TV
 

On 2019-11-01 2:16 PM, iain macdonnell - N6ML wrote:

You're both correct, sort-of. The process does *make reference to* two
different passwords - one for protecting the contents of the P12
container, and another for decrypting the private key. It recommends
not setting the former (the P12 one).
Not exactly true. The password for decrypting the private key is the
one assigned when loading the P12 container and is typically the same
as the password of the P12 container (amateurs being generally lazy and
using the same password within tQSL).

Further, it is this password for decrypting the private key that is
being removed by storing the *unencrypted* certificate in the P12
container and reloading the *unencrypted* certificate *without*
assigning a new password in step 9 of
<https://lotw.arrl.org/lotw-help/removecertificatepassword/>

The bottom line, unless one is using a shared/public computer, there
is little if any value in encrypting the private key within tQSL.
There is more value in encrypting (password protecting) the P12
containers themselves, particularly when placed in a backup/storage
location (on-line storage, thumb drive, etc.) that is more likely to
be compromised but that is an entirely different discussion.

73,

... Joe, W4TV

iain macdonnell - N6ML
 

On Fri, Nov 1, 2019 at 12:23 PM Joe Subich, W4TV <lists@...> wrote:

On 2019-11-01 2:16 PM, iain macdonnell - N6ML wrote:

> You're both correct, sort-of. The process does *make reference to* two
> different passwords - one for protecting the contents of the P12
> container, and another for decrypting the private key. It recommends
> not setting the former (the P12 one).

Not exactly true. The password for decrypting the private key is the
one assigned when loading the P12 container and is typically the same
as the password of the P12 container (amateurs being generally lazy and
using the same password within tQSL).
Which part of my statement is untrue? You may choose to use the same
value for both passwords, but they are different passwords, for
different purposes.


Further, it is this password for decrypting the private key that is
being removed by storing the *unencrypted* certificate in the P12
container and reloading the *unencrypted* certificate *without*
assigning a new password in step 9 of
<https://lotw.arrl.org/lotw-help/removecertificatepassword/>
The ONLY action that results in the password being stored unencrypted
for use by TQSL is leaving the prompt for a "New Password" blank when
loading the P12 file. You can specify a password for the P12 container
when completing the process, and still result in the private key being
stored unencrypted afterwards, so long as you leave that "New
Password" blank when loading the P12 file (after entering the
"password to unlock the .p12 file") . I just tested and confirmed
this.


The bottom line, unless one is using a shared/public computer, there
is little if any value in encrypting the private key within tQSL.
There is more value in encrypting (password protecting) the P12
containers themselves, particularly when placed in a backup/storage
location (on-line storage, thumb drive, etc.) that is more likely to
be compromised but that is an entirely different discussion.
The bottom line is that the process involves asking the user for two
different passwords, and users find that (amongst other aspects)
confusing. TQSL is better than it used to be, but it's still
intimidating to many users.

73,

~iain / N6ML

Dave AA6YQ
 

+ AA6YQ comment below

The bottom line is that the process involves asking the user for two different passwords, and users find that (amongst other aspects) confusing.

+ The instructions in

<https://lotw.arrl.org/lotw-help/removecertificatepassword/>

+ require the user to produce exactly one password: the password of his or her Callsign Certificate, in step 6.

+ Step 5 does not require the user to produce a password.


TQSL is better than it used to be, but it's still intimidating to many users.

+ I'm still trying to get to the bottom of exactly what Ed finds confusing in the above-cited instructions. Based on the quotes in his posts, he appear to be referencing a different set of instructions.

+ Until we get Ed up and running with a password-free Callsign Certificate, I would appreciate it if everyone would hold off on using this thread to critique LoTW or TQSL.

73,

Dave, AA6YQ

Ed
 

Dave and all,

I didn't mean to cause such a ruckus. Throwing in the towel I've applied for a fresh certificate for LOTW. I hope to start over and avoiding bugging the group anymore.

Ed W2GHD