Onboard Users
This guide explains how to onboard users to become signers. This requires onboarding them as approvers and creating an SKA-protected signing key.
Create an Approver
Every user who wants to create Qualified Electronic Signatures or Seals must onboard as an approver. This involves creating an approver key pair. The corresponding approver certificate can then be attached to the SKA policy of the signing key, to be used to authorize usage of the signing key.
- Create an approver
with an approver key pair.
- When using the TSB, you can use the TSB's approver management and onboard the approver to the Securosys Authorization App.
- Create a Certificate Signing Request (CSR) for the approver public key.
- Send the CSR to the CA and have it issue an approver certificate.
Instead of the Securosys Authorization App, you can develop a custom app for your users. The user flows are the same. The user simply needs a secure application to hold their approver key pair.
Create an SKA key
Create an SKA key, via the REST API or via the JCE API. Attach the previously issued approver certificate to the SKA policy. For organization seals, attach multiple approver certificates and define an m-of-n SKA policy.
Next Steps
Use the created SKA key to create a Qualified Electronic Signature.