Dual-signature commands

To complete some commands, two authority signatures are required. For these commands there are two entries in the Role Access Control Points tree, one indicating issue authority and one indicating co-sign authority. If a role contains both permissions, both signatures are collected automatically when an authority with that role is used to execute the command. If an authority with a role containing only issue authority is used to execute the command, the command is held in a pending command buffer until a signature is collected from a second authority whose role contains the co-sign permission.

When working with a single crypto module, use the Co-Sign tab in the notebook to collect the second signature for the command. When working with a domain group, a window opens asking you to co-sign the command.

The following operations are dual-signature commands: