Announcement

Collapse
No announcement yet.

Digial Signature with certificate from smart card renders error -25316

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Bug Digial Signature with certificate from smart card renders error -25316

    I'm trying to place a digital signature using a digital identity certificate from a smart car through Foxit Reader for macOS into a PDF document created by LibreOffice Writer built-in PDF generator, and it consistently fails at first step.

    Foxit Reader is version 11.1.0.0925
    macOS is 10.13.6 running on MacBookPro 15" Mid2015 with dual graphics and 16GB RAM

    smart card reader is:
    Product ID: 0x3437
    Vendor ID: 0x08e6 (Gemalto SA)
    Version: 2.01
    Speed: Up to 12 Mb/sec
    Manufacturer: Gemalto

    smart card is standard contact-chip card bearing digital identity certificates and keys compliant to EU Regulation 910/2014
    there are two certificates on the card, one for identification only, and the other for signing. Both are valid until September 2024

    Signing PDF documents works erratically when I use the same setup with latest available Adobe Reader (2021.001.20155). I.e. first signing attempt usually fails, but only when attempting to save the signed document, and the next attempt immediately after is successful. Rarely, it works in first attempt.

    These are the steps:

    1. Foxit Reader freshly installed
    2. smart card reader plugged into USB, the reader green LED flashes
    3. smart card inserted, green LED lights up steadily
    4. PDF document opened using Foxit Reader (which is NOT default application for PDF)
    5. Following steps from Foxit Reader User Manual
    https://help.foxit.com/manuals/pdf-r...al_Certificate
    • Click Protect > Sign & Certify > Place Signature.
    • Press and hold the mouse button down, and drag to draw a signature field for your signature.
    • (Optional) If you choose not to sign document immediately after the signature is placed, click on the signature field you drawn to continue.
    • In theSelect Certificate dialog box, select the digital ID file, specify the selection preference, and click OK.
    The Select Certificate dialog box shows this

    Click image for larger version  Name:	Screen Shot 2022-01-07 at 22.01.25.png Views:	1 Size:	104.6 KB ID:	186746

    I select the lower cerificate (for signing) and click OK, The dialog disappears and an alert pops up immediately:

    Click image for larger version  Name:	Screen Shot 2022-01-07 at 22.01.36.png Views:	1 Size:	41.9 KB ID:	186747

    6. I disconnect the smart card reader and reboot the Mac (BTW, this instruction is completely wrong, on a Mac this *NEVER* helps, it's not Windows)

    7. After reboot, I go back to step 2, everything is the same, including the error message

    8. I repeat from step 5, only I use the other (upper) certificate. Same result.

    9. I unplug the reader, quit Foxit and repeat from step 2, selecting upper certificate. Same result.

    10. I unplug the reader, quit Foxit and repeat from step 2, selecting lower certificate. Same result.

    11. I run Keychain Access (stock utility application of macOS), change both certificates trust from "System Default" to "Always trust" for all categories, then remove the smart card, reboot, reinsert the card, run Keychain Access again and check, the trust setting is now "Always Trust" for both certificates.

    12. Repeat from step 5 twice, for both certificates, Same result

    13. I quit Foxit

    14. I unlock the certificates through Keychain Access (enter PIN) and leave the card inserted (so certificates are unlocked for some minutes)

    15. I repeat from step 4, twice, for both certificates. Same result.

    16. First conclusion, signing doesn't work in Foxit Reader

    17. I open the same document in Adobe Reader (smart card still inserted and unlocked), signing works in second attempt, as usually

    18. I remove the smart card and unplug the reader.

    19. I open the SIGNED document in Foxit Reader to see if it recognizes and validates the signature. Foxit reports 1 signature, and that it has problems. Clicking on the signature visible stamp shows message that the signature cannot be validated because the identity of the signer is unknown.

    20. Same signature in same document is orderly validated in the online web service where I upload the signed documents, and in Adobe Reader. This is what Adobe Reader says about the signature:

    Click image for larger version  Name:	Screen Shot 2022-01-07 at 22.26.33.png Views:	1 Size:	77.7 KB ID:	186748

    This is the complete account of my attempts.

    So, is this some trivial problem (I have to click on some setting in Foxit, or adjust some user preference in some file), or your software simply doesn't work with these features properly? I'm sort of hoping for the first answer because in this case I'd, of course, switch from Adobe to Foxit for both signing AND editing PDF files. ?

    Thanks in advance for any help!
    Last edited by smayoo; 01-07-2022, 10:00 PM.

  • #2
    Hello? Anybody? Please? ?

    Comment


    • #3
      We are so sorry for missing your thread. It seems Foxit fails to recognize the certificate you mentioned, would you mind sharing us some web link about the certificate so we could do further checking and investigation? Thank you.
      And we appreciate if you can submit a ticket from Create ticket to submit one pdf file that signed with Adobe Reader so we can do some further testing, Thank you a lot in advance.

      Comment


      • #4
        Certifying body is
        https://www.certilia.com/

        Company AKD from Croatia.

        Comment


        • #5
          Originally posted by richell_huang View Post
          And we appreciate if you can submit a ticket from Create ticket to submit one pdf file that signed with Adobe Reader so we can do some further testing, Thank you a lot in advance.
          I tried to log into this submit ticket service, but neither my username, nor my E-mail address and password work. It says "Incorrect account or password". ?

          Comment


          • #6
            smayoo ,For the message "Incorrect account or password" you received,please click here to set a new password for your account firstly prior to submitting a ticket to us.

            Comment


            • #7
              (although I don't understand why would I need to reset my password that actually works to log into the forum) I followed the link and tried to reset the password, and - i can't. The message is "failed to send password reset mail".

              Anticipating your next question, ?, no, I'm not illiterate, and yes, I've succesfully passed countless Turing tests (aka captcha questions) before. This one you have has a technical problem. To prove it, I'm uploading a sceeen capture video to show my attempts (m4v file is zipped due to your forum restrictrions).
              Attached Files

              Comment


              • #8
                smayoo

                For signing problem with the error "The credential selected for signing is invalid. The error is -25316", I've escalated it to Foxit internal bug tracking system for the QA and Dev team's further investigation. Internal Report ID#: MACLNX-10888.

                Regarding the log in problem, could you please provide us your email address for your Foxit account so we could further proceed? Thank you.
                Last edited by cherry; 01-23-2022, 08:16 AM.

                Comment


                • #9
                  My E-mail address is visible in the screen capture video I've posted in my previous post. It is

                  [email protected]

                  Comment


                  • #10
                    Sorry for the inconvenience. The email registered on forums website can not be recognized directly on our official website, you need to sign up an account with your email from https://www.foxit.com/ (click on 'Log in' button on top right corner to choose 'create an account') before submitting a ticket, thank you.

                    Comment


                    • #11
                      OK, I did all that now, and uploaded a document signed with the same certificate, using Adobe Reader. Support ticket number is 161075

                      Comment


                      • #12
                        smayooCurrently our Foxit PDF Editor/Reader for MAC still doesn't support to sign signature from smart card yet,that is the reason why you received the error message when you tried to digitally sign using the smart-card.

                        Regarding this situation,I have submitted the suggestion "Support to sign using the smard-card." as a new feature request to our product management team with suggestion ID#MACLNX-10888,so that it may be considered in future versions.

                        Any further questions or concerns,please contact us again at any time.

                        Comment


                        • #13
                          Thank you for your reply. I understand the reality of the situation, but I still feel silly (in a way), since you make pretense as everyrthing should be working fine, and then it turns out that even you (from Foxit support staff) don't have that simple piece of information - that a feature is still not implemented. Oh, well... ?

                          Anyway, Foxit reader is removed from my Mac. Incidentally, I'm informing you that your background update service is making a mess with CPU time, and you obviously know about that for a while now, but have done nothing about it so far. And not only that. It remains making a mess even after removing the application, so we need to manually search for it through the system area of filesystem and actually hack it into oblivion.

                          It seems to me that your development team has a long way to go before they produce a proper and well-behaving application for macOS. I'll come back and check the progress in... um... 17 years or so?

                          Comment


                          • #14
                            smayoo ,We apologize for any difficulty using Foxit Software. Regarding the high CUP usage situation that you mentioned, it has already been rectified in our latest released version 11.1.1 of Foxit PDF Reader for Mac which could be downloaded from the link below:
                            https://cdn01.foxitsoftware.com/pub/...L10N.Setup.pkg

                            Any further questions or concerns,please contact us again at any time.


                            Comment

                            Working...
                            X