Tweet
I'm trying to place a digital signature using a digital identity certificate from a smart car through Foxit Reader for macOS into a PDF document created by LibreOffice Writer built-in PDF generator, and it consistently fails at first step.
Foxit Reader is version 11.1.0.0925
macOS is 10.13.6 running on MacBookPro 15" Mid2015 with dual graphics and 16GB RAM
smart card reader is:
Product ID: 0x3437
Vendor ID: 0x08e6 (Gemalto SA)
Version: 2.01
Speed: Up to 12 Mb/sec
Manufacturer: Gemalto
smart card is standard contact-chip card bearing digital identity certificates and keys compliant to EU Regulation 910/2014
there are two certificates on the card, one for identification only, and the other for signing. Both are valid until September 2024
Signing PDF documents works erratically when I use the same setup with latest available Adobe Reader (2021.001.20155). I.e. first signing attempt usually fails, but only when attempting to save the signed document, and the next attempt immediately after is successful. Rarely, it works in first attempt.
These are the steps:
1. Foxit Reader freshly installed
2. smart card reader plugged into USB, the reader green LED flashes
3. smart card inserted, green LED lights up steadily
4. PDF document opened using Foxit Reader (which is NOT default application for PDF)
5. Following steps from Foxit Reader User Manual
https://help.foxit.com/manuals/pdf-r...al_Certificate
I select the lower cerificate (for signing) and click OK, The dialog disappears and an alert pops up immediately:
6. I disconnect the smart card reader and reboot the Mac (BTW, this instruction is completely wrong, on a Mac this *NEVER* helps, it's not Windows)
7. After reboot, I go back to step 2, everything is the same, including the error message
8. I repeat from step 5, only I use the other (upper) certificate. Same result.
9. I unplug the reader, quit Foxit and repeat from step 2, selecting upper certificate. Same result.
10. I unplug the reader, quit Foxit and repeat from step 2, selecting lower certificate. Same result.
11. I run Keychain Access (stock utility application of macOS), change both certificates trust from "System Default" to "Always trust" for all categories, then remove the smart card, reboot, reinsert the card, run Keychain Access again and check, the trust setting is now "Always Trust" for both certificates.
12. Repeat from step 5 twice, for both certificates, Same result
13. I quit Foxit
14. I unlock the certificates through Keychain Access (enter PIN) and leave the card inserted (so certificates are unlocked for some minutes)
15. I repeat from step 4, twice, for both certificates. Same result.
16. First conclusion, signing doesn't work in Foxit Reader
17. I open the same document in Adobe Reader (smart card still inserted and unlocked), signing works in second attempt, as usually
18. I remove the smart card and unplug the reader.
19. I open the SIGNED document in Foxit Reader to see if it recognizes and validates the signature. Foxit reports 1 signature, and that it has problems. Clicking on the signature visible stamp shows message that the signature cannot be validated because the identity of the signer is unknown.
20. Same signature in same document is orderly validated in the online web service where I upload the signed documents, and in Adobe Reader. This is what Adobe Reader says about the signature:
This is the complete account of my attempts.
So, is this some trivial problem (I have to click on some setting in Foxit, or adjust some user preference in some file), or your software simply doesn't work with these features properly? I'm sort of hoping for the first answer because in this case I'd, of course, switch from Adobe to Foxit for both signing AND editing PDF files. ?
Thanks in advance for any help!
Foxit Reader is version 11.1.0.0925
macOS is 10.13.6 running on MacBookPro 15" Mid2015 with dual graphics and 16GB RAM
smart card reader is:
Product ID: 0x3437
Vendor ID: 0x08e6 (Gemalto SA)
Version: 2.01
Speed: Up to 12 Mb/sec
Manufacturer: Gemalto
smart card is standard contact-chip card bearing digital identity certificates and keys compliant to EU Regulation 910/2014
there are two certificates on the card, one for identification only, and the other for signing. Both are valid until September 2024
Signing PDF documents works erratically when I use the same setup with latest available Adobe Reader (2021.001.20155). I.e. first signing attempt usually fails, but only when attempting to save the signed document, and the next attempt immediately after is successful. Rarely, it works in first attempt.
These are the steps:
1. Foxit Reader freshly installed
2. smart card reader plugged into USB, the reader green LED flashes
3. smart card inserted, green LED lights up steadily
4. PDF document opened using Foxit Reader (which is NOT default application for PDF)
5. Following steps from Foxit Reader User Manual
https://help.foxit.com/manuals/pdf-r...al_Certificate
- Click Protect > Sign & Certify > Place Signature.
- Press and hold the mouse button down, and drag to draw a signature field for your signature.
- (Optional) If you choose not to sign document immediately after the signature is placed, click on the signature field you drawn to continue.
- In theSelect Certificate dialog box, select the digital ID file, specify the selection preference, and click OK.
I select the lower cerificate (for signing) and click OK, The dialog disappears and an alert pops up immediately:
6. I disconnect the smart card reader and reboot the Mac (BTW, this instruction is completely wrong, on a Mac this *NEVER* helps, it's not Windows)
7. After reboot, I go back to step 2, everything is the same, including the error message
8. I repeat from step 5, only I use the other (upper) certificate. Same result.
9. I unplug the reader, quit Foxit and repeat from step 2, selecting upper certificate. Same result.
10. I unplug the reader, quit Foxit and repeat from step 2, selecting lower certificate. Same result.
11. I run Keychain Access (stock utility application of macOS), change both certificates trust from "System Default" to "Always trust" for all categories, then remove the smart card, reboot, reinsert the card, run Keychain Access again and check, the trust setting is now "Always Trust" for both certificates.
12. Repeat from step 5 twice, for both certificates, Same result
13. I quit Foxit
14. I unlock the certificates through Keychain Access (enter PIN) and leave the card inserted (so certificates are unlocked for some minutes)
15. I repeat from step 4, twice, for both certificates. Same result.
16. First conclusion, signing doesn't work in Foxit Reader
17. I open the same document in Adobe Reader (smart card still inserted and unlocked), signing works in second attempt, as usually
18. I remove the smart card and unplug the reader.
19. I open the SIGNED document in Foxit Reader to see if it recognizes and validates the signature. Foxit reports 1 signature, and that it has problems. Clicking on the signature visible stamp shows message that the signature cannot be validated because the identity of the signer is unknown.
20. Same signature in same document is orderly validated in the online web service where I upload the signed documents, and in Adobe Reader. This is what Adobe Reader says about the signature:
This is the complete account of my attempts.
So, is this some trivial problem (I have to click on some setting in Foxit, or adjust some user preference in some file), or your software simply doesn't work with these features properly? I'm sort of hoping for the first answer because in this case I'd, of course, switch from Adobe to Foxit for both signing AND editing PDF files. ?
Thanks in advance for any help!
Comment