Re: [Fed-Talk] [Non-DoD Source] Re: Can't sign PDFs after updating to 10.11.6
Re: [Fed-Talk] [Non-DoD Source] Re: Can't sign PDFs after updating to 10.11.6
- Subject: Re: [Fed-Talk] [Non-DoD Source] Re: Can't sign PDFs after updating to 10.11.6
- From: Basil Decina <email@hidden>
- Date: Tue, 20 Sep 2016 13:53:41 -0400
Don’t know if people were still having this problem (of not being able to CAC-sign PDFs after upgrading to 10.11.6) — but I was. None of the suggestions on Fed-Talk worked (but thanks for the answers). However… I did find the answer on this post on one of Adobe’s forums.
The following worked for me with Adobe Acrobat Reader DC (2015.017.20053) and Adobe Acrobat XI (11.0.17)...
https://forums.adobe.com/thread/2184274
Specifically post number 16 (from “sillybaku”)
Basically one has to “attach” the PKCS#11 module to one’s signing cert. (It may or may not work with those using Centrify as the interwebs say that Centrify doesn’t uses PKCS#11.)
BTW, signing has changed a but as now Adobe asks one for ones’ “password” when presented with the CAC signature for validation — that “password” is really one’s CAC pin.
Basil
On Jul 28, 2016, at 5:09 PM, Dann, Geoff CIV EXWC, PW62 <email@hidden> wrote:
> I've been quick-reading this thread....
> My NMCI Windows box, Acrobat Reader DC, sometimes fails to sign a pdf, giving a cryptic error message, and sometimes does work.
> Full Adobe Acrobat just works, all the time.
> So I wonder if the problems many are seeing is not specific to OSX, but is a function of Adobe Reader DC or some other link in the chain.
> geoff
>
> -----Original Message-----
> From: fed-talk-bounces+geoff.dann=email@hidden [mailto:fed-talk-bounces+geoff.dann=email@hidden] On Behalf Of Mark Bienz
> Sent: Thursday, July 28, 2016 10:30 AM
> To: Blumenthal, Uri - 0553 - MITLL
> Cc: Fed Talk
> Subject: [Non-DoD Source] Re: [Fed-Talk] Can't sign PDFs after updating to 10.11.6
>
> 10.11.6
>
>> On Jul 25, 2016, at 3:26 PM, Blumenthal, Uri - 0553 - MITLL <email@hidden> wrote:
>>
>> On 7/25/16, 15:20 , "Mark Bienz" <email@hidden> wrote:
>>
>>> I get the same error and I am running Centrify.
>>
>> What can I say? I am not running Centrify. I’m using a fork of the
>> OpenSC.tokend and the current OpenSC master (both are Open Soruce),
>> which is far far easier to build that SmartCardServices (I confess
>> that I failed to even build SmartCardServices, and just gave up on
>> it). And I posted the screenshot of a successful signature made by
>> Acrobat DC under 10.11.6 using signing key on a PIV token with the above setup.
>>
>> When I need a PKCS#11 module - I use
>> /Library/OpenSC/lib/opensc-pkcs11.so,
>> but so far it was only for Firefox and Thunderbird.
>>
>> Are you running on 10.11.5 or 10.11.6? (Not that it should matter,
>> but Acrobat under 10.11.5 only uses SHA-1 when the signing key is on a token.
>> Under 10.11.6 this problem seems to have disappeared all by itself,
>> and the signature shown on the screenshot I posted here used SHA-256.)
>>
>>
>>>> On Jul 25, 2016, at 3:16 PM, Blumenthal, Uri - 0553 - MITLL
>>>> <email@hidden> wrote:
>>>>
>>>> On 7/25/16, 15:14 , "David Mueller" <email@hidden> wrote:
>>>>
>>>>>> On Jul 25, 2016, at 12:03 PM, Blumenthal, Uri - 0553 - MITLL
>>>>>> <email@hidden> wrote:
>>>>>>
>>>>>> Indeed, when I was adding identity from the CAC, I added it via
>>>>>> Preferences -> Signatures -> Identities & Trusted Certificates
>>>>>> (More…)
>>>>>> ->
>>>>>> Digital IDs -> Add ID -> My existing digital ID from “A device
>>>>>> connected to this computer”
>>>>>
>>>>> This didn’t work for me. After selecting “a device connected to
>>>>> this computer” and clicked next, I get:
>>>>>
>>>>> “Adobe Acrobat DC could not find any new digital IDs. If your
>>>>> digital ID is on a hardware token, please make sure it is plugged
>>>>> in and the token interface is properly configured. Contact your
>>>>> system administrator for further assistance.”
>>>>
>>>> Ah, I see. Definitely the lack of a working tokend (that you
>>>> side-stepped by importing CAC-accessing PKCS#11 module directly).
>>>> Nice work-around!
>>>>
>>>>>
>>>>> Not that it ultimately matters since I have something that works
>>>>> for me.
>>>>> Might be a CACkey versus something else (OpenSC or
>>>>> SmartCardServices) issue though.
>>>>
>>>> :-)
>>>> _______________________________________________
>>>> Do not post admin requests to the list. They will be ignored.
>>>> Fed-talk mailing list (email@hidden)
>>>> Help/Unsubscribe/Update your Subscription:
>>>>
>>>> This email sent to email@hidden
>>>
>>>
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden