Re: [Fed-Talk] Can't sign PDFs after updating to 10.11.6
Re: [Fed-Talk] Can't sign PDFs after updating to 10.11.6
- Subject: Re: [Fed-Talk] Can't sign PDFs after updating to 10.11.6
- From: Mark Bienz <email@hidden>
- Date: Thu, 28 Jul 2016 13:30:08 -0400
10.11.6
> On Jul 25, 2016, at 3:26 PM, Blumenthal, Uri - 0553 - MITLL <email@hidden> wrote:
>
> On 7/25/16, 15:20 , "Mark Bienz" <email@hidden> wrote:
>
>> I get the same error and I am running Centrify.
>
> What can I say? I am not running Centrify. I’m using a fork of the
> OpenSC.tokend and the current OpenSC master (both are Open Soruce), which
> is far far easier to build that SmartCardServices (I confess that I failed
> to even build SmartCardServices, and just gave up on it). And I posted
> the screenshot of a successful signature made by Acrobat DC under 10.11.6
> using signing key on a PIV token with the above setup.
>
> When I need a PKCS#11 module - I use /Library/OpenSC/lib/opensc-pkcs11.so,
> but so far it was only for Firefox and Thunderbird.
>
> Are you running on 10.11.5 or 10.11.6? (Not that it should matter, but
> Acrobat under 10.11.5 only uses SHA-1 when the signing key is on a token.
> Under 10.11.6 this problem seems to have disappeared all by itself, and
> the signature shown on the screenshot I posted here used SHA-256.)
>
>
>>> On Jul 25, 2016, at 3:16 PM, Blumenthal, Uri - 0553 - MITLL
>>> <email@hidden> wrote:
>>>
>>> On 7/25/16, 15:14 , "David Mueller" <email@hidden> wrote:
>>>
>>>>> On Jul 25, 2016, at 12:03 PM, Blumenthal, Uri - 0553 - MITLL
>>>>> <email@hidden> wrote:
>>>>>
>>>>> Indeed, when I was adding identity from the CAC, I added it via
>>>>> Preferences -> Signatures -> Identities & Trusted Certificates (More…)
>>>>> ->
>>>>> Digital IDs -> Add ID -> My existing digital ID from “A device
>>>>> connected
>>>>> to this computer”
>>>>
>>>> This didn’t work for me. After selecting “a device connected to this
>>>> computer” and clicked next, I get:
>>>>
>>>> “Adobe Acrobat DC could not find any new digital IDs. If your digital
>>>> ID
>>>> is on a hardware token, please make sure it is plugged in and the token
>>>> interface is properly configured. Contact your system administrator for
>>>> further assistance.”
>>>
>>> Ah, I see. Definitely the lack of a working tokend (that you
>>> side-stepped
>>> by importing CAC-accessing PKCS#11 module directly). Nice work-around!
>>>
>>>>
>>>> Not that it ultimately matters since I have something that works for
>>>> me.
>>>> Might be a CACkey versus something else (OpenSC or SmartCardServices)
>>>> issue though.
>>>
>>> :-)
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be ignored.
>>> Fed-talk mailing list (email@hidden)
>>> Help/Unsubscribe/Update your Subscription:
>>>
>>> This email sent to email@hidden
>>
>>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden