Re: [Fed-Talk] Adobe 8, digital signatures and supreme failure
Re: [Fed-Talk] Adobe 8, digital signatures and supreme failure
- Subject: Re: [Fed-Talk] Adobe 8, digital signatures and supreme failure
- From: "Timothy J. Miller" <email@hidden>
- Date: Tue, 31 Jul 2007 09:34:58 -0500
I *just* got this working with Charles Mae's (from Adobe) help.
You need to load the PKCS#11 *bundle* (not the module) into Reader.
Select Document | Security Settings, select on "PKCS#11 Module" and
click on "Attach Module". The path is:
/usr/libexec/SmartCardServices/pkcs11/pkcs11.bundle
Then you need to load the DoD PKI certificates Reader and establish
trust. This part is painful. Select Document | Manage Trusted
Identities. Select "Certificates" from the drop-down box. Click on
"Add Contacts". In the "Choose Contacts to Import" dialog, click on
"Browse" and select either a DoD CA certificate file *or* a PKCS#7
bundle of DoD CA certificates. PKCS#7 bundles can be downloaded from:
http://dodpki.c3pki.chamb.disa.mil/rel3_dodroot_1024.cac
http://dodpki.c3pki.chamb.disa.mil/rel3_dodroot_2048.cac
After importing the bundles, select a certificate in the bottom list
of the "Choose Contacts to Import" dialog and click "Trust." Click
the checkboxes for "Signatures and as a trusted root" and "Certified
documents." DO THIS FOR EVERY DOD PKI CA.
At this point you *should* be ready to sign. You'll need a PDF that
will support signatures--you can't sign arbitrary PDFs, only forms
developed for signatures.
I did have a problem after doing the above, but when I went back to
it the next day, the error had gone away. Not sure what happened or
why it cleared, but I had rebooted my laptop between sessions, so
maybe that had something to do with it.
-- Tim
On Jul 31, 2007, at 8:59 AM, Lawrence D Hare wrote:
Has anyone had any success using Adobe Reader V8 to digitally sign
a document using the certificate from a CAC on a Mac? This is what
I find happening:
I have got an SCR331 reader working fine, I can digitally encrypt
and sign using Mail, I can use Citrix and the CAC to access Citrix
enabled sites. All seems to work.
Keychain shows the CAC when it is inserted and I can open it with
the Pin, all works fine.
Adobe 8 has a Security Settings window under <Document><Security
Setting...>. It wants me to "Add an ID" so it knows about
certificates I may have.
If I click "Add ID" I get a window asking me to locate the
certificate. I have four options:
Browse for a file
Configure a roaming ID
Create a self-signed digital ID
Look for newly inserted hardware tokens.
I would have thought this latter would access my CAC but instead I
get a message telling me that "Acrobat could not find any new
Digital IDs..."
So I though to use the first. On the Mac this is a .p12 file.
In KeyChain I go to my CAC keychain and select all the keys, then I
go to <File><Export...> I am asked where to save the file and I
respond, then KeyChain asks for an export password. In this box it
requires a password and then a verify-password entry, so I am
assuming it is password protecting the file it is exporting. Either
way, I have tried all sorts of passwords! I have entered new,
complex, DoD compliant, passwords. I have tried the pin and other
passwords on the machine.
The result is the same each time. KeyChain crashes and brings down
just about every application running. The screen is covered in
Application Failed boxes. It's quite a site I can tell you!
Any suggestions? I cannot find any where else to go.
Thanks - Lawrence
_______________________________________
Lawrence Hare
GFEBS Systems Engineer Process Manager
(o) 703 682 3415
(c) 301 351 5439
email@hidden
http://GFEBS.army.mil/
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden