Registration Authority Client includes applications and tools that allow the registration authority to activate the QES functionality on eID card and issue qualified and other certificates. In this way the eID card becomes a security token for creating a qualified signature – Secure Signature Creation Device (SSCD).
The following processes are covered:
Installation of the QES/ES profile into the eID chip: Application for installation of the QES/ES profile ensures the establishment of the necessary data structures on the card enabling the usage of the card as an SSCD for creation of qualified electronic signature (QES) or electronic signature (ES).
Activate the eID SSCD: In order to activate the functionality of the eID SSCD for creating QES the values of the QES PIN and QES PUK must be set by the cardholder. Secure PIN and PUK entry via smart card readers with PIN Pad are supported.
Generate key pair and store qualified certificate on eID card: Issuing of the electronic certificates (for QES and ES) can be done via specialized PKCS#11 library solution designated for RA. First, the certificate key pair is generated by the card and then the certificate request is created. Registration authority sends the certificate request to the Accredited Certification Authority (ACA) to issue a certificate. RA application stores the issued certificate on the card.