Skip to main content
Melis23165497yn91
Melis23165497yn91
Participant
March 18, 2026
Question

Elliptic Curve Support

  • March 18, 2026
  • 2 replies
  • 87 views

Hi,


I am encountering an "Unsupported Algorithm" error when trying to sign documents with a NIST P-384 (EC) certificate via a PKCS#11 module, although RSA signatures work perfectly with the same setup. Since Adobe's official documentation states that Elliptic Curve cryptography is supported, but the signature cannot be created in this case, I would like to ask for your guidance on how to resolve this. Is there a specific configuration or a known compatibility issue in Acrobat Reader regarding hardware-based EC signatures that we should follow?

Best Regards,

Melis.

      2 replies

      patrik.akd
      patrik.akd
      Participant
      March 27, 2026

      I can confirm the same issue. After extended PKCS#11 library debugging we’ve come to a conclusion that as soon as key has type CKK_EC (or deprecated CKK_ECDSA) Adobe fails with “Unsupported Algorithm”.

       

      So from my understanding it is not even an algorithm issue but Adobe does not support CKK_EC key type at all while using PKCS#11 libraries.

       

      There is no way to resolve this, it is an unsupported key type which Adobe should implement.

      MikelKlink
      MikelKlink
      Participating Frequently
      March 18, 2026

      Only very specific elliptic curves in combination with specific hash algorithms using a specific encoding are supported by Acrobat.

      Can you share an example PDF signed using your EC certificate for analysis?

      MikelKlink
      MikelKlink
      Participating Frequently
      March 18, 2026

      Oops, sorry, I read too superficially, you have the problem while signing  in Acrobat and I thought you had issues validating a so signed document.

      Melis23165497yn91
      Melis23165497yn91Author
      Participant
      March 23, 2026

      Hi Mikel,

      Thank you for your follow-up.

      While Adobe Acrobat successfully handles the validation of existing ECC-based signatures, the "Unsupported Algorithm" error occurs specifically at the creation of a new digital signature using a hardware-based PKCS#11 module.

      Could there be a hidden preference or a registry setting required to explicitly enable or troubleshoot hardware-based ECC signing?

      Terms & ConditionsAccessibility statement
      Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices