Hi @shahzaib_4286,
Hope you are doing well. Sorry for your experience working with CSPs on Acrobat.
There are a few prerequisites when working with CSPs on Acrobat.
If you are using Windows Cert Store, Acrobat may only use CSPs that implement all expected functions or conform to certain policy/OID expectations.
So, ensure your certificate is imported properly into the “My” (Personal) store.
Also, double-check your CSP setup under:
For 32-bit system: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\<Your CSP Name>
For 64-bit system: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider
Make sure the following entries are present and valid:
ImagePath: Full path to your DLL
Type: Should be 1 for your algorithm
Set SigInFile if applicable.
You can configure a PKCS#11 module in Acrobat via digitalids.xml or use Adobe’s Cloud Signature Consortium interface. A suggestion would be to consider converting your CSP interface to PKCS#11 or Microsoft CNG/KSP for better compatibility.
If none of the above works, share a trace of the workflow.
Use Process Monitor from SysInternals to check:
-
If Acrobat tries to read your CSP registry keys.
-
If your DLL is being loaded or blocked.
-
If there's a permissions/DLL loading error.
Also, please share your registry setup or the signing workflow you are following in Acrobat (certificate store, token usage), for further investigation.
Look forward to hearing from you.
Regards,
Souvik.
Hi! Thanks so much for the detailed reply and helpful pointers.
I was able to solve the issue on my end. The main problem was that although my CSP was correctly registered and the certificate existed, Acrobat wasn't invoking my CSP because the certificate context wasn’t properly linked to the CSP provider.
I fixed it by explicitly setting the CRYPT_KEY_PROV_INFO on the certificate context before adding it to the "MY" store, like this:
PCCERT_CONTEXT toRet = CertCreateCertificateContext(
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
cert1Der,
sizeof(cert1Der)
);
CRYPT_KEY_PROV_INFO info;
ZeroMemory(&info, sizeof(CRYPT_KEY_PROV_INFO));
info.pwszContainerName = const_cast<LPWSTR>(L"7546"); // Must match token container
info.pwszProvName = const_cast<LPWSTR>(L"CSP v1.0"); // Must match CSP name in registry
info.dwProvType = PROV_RSA_FULL;
info.dwKeySpec = AT_SIGNATURE;
CertSetCertificateContextProperty(
toRet,
CERT_KEY_PROV_INFO_PROP_ID,
CERT_SET_PROPERTY_INHIBIT_PERSIST_FLAG,
&info
);
HCERTSTORE hStore = CertOpenStore(
CERT_STORE_PROV_SYSTEM,
0,
NULL,
CERT_SYSTEM_STORE_CURRENT_USER,
L"MY"
);
CertAddCertificateContextToStore(
hStore,
toRet,
CERT_STORE_ADD_REPLACE_EXISTING,
NULL
);
After doing this, Acrobat correctly invoked my custom CSP when signing.
Your suggestions about verifying the CSP registry keys and using tools like Process Monitor were spot on — they helped confirm that the DLL was being loaded properly. For others who might run into similar issues, I’d definitely recommend checking the CRYPT_KEY_PROV_INFO linkage and using ProcMon to trace Acrobat’s behavior.
Thanks again for your support!
AdChoices