Announcement

Collapse
No announcement yet.

[MacOS] Which certificates are accepted for signing?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [MacOS] Which certificates are accepted for signing?

    I'm trying to test the digital signature feature in Foxit Reader on Mac, and I can't figure out what criteria the software has for selecting which certificates to show in the "My Digital IDs" list in the Select Certificate dialog box.
    I have several personal certificates, with keys, in "My Certificates" in the login keychain, but only one of them is shown in the list. What requirements does Foxit Reader place on a signing certificate?

    /Hans

  • #2
    hansliss Sorry for the inconvenience. May I know detailed information for reference?
    1. what's version MAC OS?
    2. what's version of Foxit reader installed? please go to HELP menu and click "about Foxit reader" to see detailed info.
    3. can you please send certificate to us for testing?
    4. can you please check if another application has the same issue?
    If above information is sensitive, please send them to us by email: [email protected]. we will check and reply to you ASAP. thanks.

    Comment


    • #3
      I would just like to know how Foxit Reader selects which certificates to show. I am using the latest version of Foxit Reader, downloaded yesterday, on MacOS 10.14.6.

      Do you require any specific attributes on the certificate? Is it enough that the Key Usage (2.5.29.15) Usage is "Digital Signature" or do you require "Non-Repudiation" as well? Do you have requirements on the key length? Do you have requirements on the Public Key Info Usage? Key algorithm? Do you do CRL checks? Do you support SAN (2.5.29.17)? How to you use the Common Name/SAN fields to identify the signer? Do you have requirements on the intermediary or root CA certs, the trust placed on them or specific attributes? Do you require the intermediate/CA certs to be stored in a specific place?

      You must have documentation on all this stuff somewhere, I just can't find it. Is there a log file and maybe trace options so figure out how the selection works?

      Comment


      • #4
        I'm also having similar issue
        Mac 10.15.3 foxit 3.4.0.10.12
        I have added the certificate to MacOS keychain but it isn't showing in "My digital IDs" section
        It seems to work fine with. acrobat DC for Mac

        Comment


        • #5
          Code Industry's "Master PDF Editor" does indeed show all my certificates, but instead it inexplicably lists all certificates as self-signed, so I couldn't possibly recommend that application either. We don't need additional confusion when it comes to PKI.

          Comment


          • #6
            Hi all,
            Thank you for posting here and sorry for the inconvenience. Yes, we did receive some feedback that the certificates can not be recognized by Foxit Reader for Mac, but we fail to reproduce it. So we appreciate if you can send us the info amanda_liang mentioned to [email protected] so our team could do further testing, thank you.

            Comment


            • #7
              Originally posted by richell_huang View Post
              Hi all,
              Thank you for posting here and sorry for the inconvenience. Yes, we did receive some feedback that the certificates can not be recognized by Foxit Reader for Mac, but we fail to reproduce it. So we appreciate if you can send us the info amanda_liang mentioned to [email protected] so our team could do further testing, thank you.
              I've answered the majority of Amanda Liang's questions, but she also suggested sending the certificate in question. I'm sorry, but that's not possible, and I sincerely hope no one else does this either. The problem is, a certificate is useless on its own for this test. You need the private key as well, otherwise there's no way Foxit Reader will try to sign anything. And the private key should NEVER be sent to anyone. You need to make sure you understand this when you interact with customers, and to make all your customer support people understand this. Do NOT encourage customers to send you their private keys! I'm sorry if I sound harsh, but I work with this stuff daily, and a lack of understanding among end users about how PKI mechanisms work is one of the most difficult issues to solve when it comes to document security and email security.

              If you can't reproduce this and find out what causes Foxit Reader to ignore certain keys, I'm afraid the software is probably of limited use to us.

              Comment


              • #8
                Originally posted by hansliss View Post

                I've answered the majority of Amanda Liang's questions, but she also suggested sending the certificate in question. I'm sorry, but that's not possible, and I sincerely hope no one else does this either. The problem is, a certificate is useless on its own for this test. You need the private key as well, otherwise there's no way Foxit Reader will try to sign anything. And the private key should NEVER be sent to anyone. You need to make sure you understand this when you interact with customers, and to make all your customer support people understand this. Do NOT encourage customers to send you their private keys! I'm sorry if I sound harsh, but I work with this stuff daily, and a lack of understanding among end users about how PKI mechanisms work is one of the most difficult issues to solve when it comes to document security and email security.

                If you can't reproduce this and find out what causes Foxit Reader to ignore certain keys, I'm afraid the software is probably of limited use to us.
                Sorry for being rude. Yes, I understand that, the certificate contains sensitive info. This issue has been reported to our QA and Dev team, hope they pay more attention to it and figure it out soon in future.

                Comment


                • #9
                  Originally posted by richell_huang View Post

                  Sorry for being rude. Yes, I understand that, the certificate contains sensitive info. This issue has been reported to our QA and Dev team, hope they pay more attention to it and figure it out soon in future.
                  No rudeness noticed, and absolutely none intended. It would be great if you could find out more about this. Let me know if I can help in any way (short of sending you my private keys )!

                  Comment


                  • #10
                    Thank you so much for your kind understanding. If we need further help, or any update about it, I will poste here.

                    Comment

                    Working...
                    X