Unable to read smart card device when digitally signing PDF document

Report · Dec 27, 2019

Windows 10 Enterprise

Adobe Acrobat DC (2015) v 15.006.30508

90 Meter SmartCard Manager Plus 1.6.35 S

I'm on a VDI network trying to make a master image for my environment. My issue is that when trying add a signature to a PDF I click on certificates to create my signature box and the window to sign the document comes up showing my certificate and when I click Sign my token is not being read. It gives me a message to insert smart card. I click cancel and receive the following message:

Error Information
The windows Cryptographic Service Provider reported an error:
The action was cancelled by the user.
Error Code: 2148532334

Any help would be appreciated. There are many forms that we use that need to be digitally signed.

Report · Dec 28, 2019

So have you tried to sign with a self-signed certificate? and see if you get the same issue?

Are all the root certificates updated, the middleware and smart card reader drivers?

Are all certificates of authority properly stored in the correct certificate store location?

Report · Dec 30, 2019

I can sign with a self-signed certificate. Everything is up to date.

Report · Dec 30, 2019

Hi,

So if using a self-sign certificate works, and everything is up to date, then you can assume that the smart card reader could be bad.

Try connecting a new or just another smartcard reader and see if that happens again.

Worst case scenario would be, that the chip in that card is possibly getting worn out?

Another trick that seems to work is to open Internet Explorer settings, and remove all of the old user certificates.

You can also deep dive in Windows 10 and use this guidance:

https://answers.microsoft.com/en-us/windows/forum/all/removing-old-digital-certificates-in-windows-1...

Report · Dec 31, 2019

I've tried other card readers. This is happening to all our users on base, it is not only happening on one workstation and one person. I've checked my certs and they are not expired. We log into our workstation with our token and digitally sign and encrypt emails without issue. Any other ideas?

Report · Dec 31, 2019

Hi,

Taking into consideration the Adobe Security Bulletin for your version this error is not addressed yet.

It seems that a registry entry could be corrupt and maybe a reinstallation of the whole certificate store and all of the users’ digital certificates will be the way to go.

Also, it may be that the Adobe Acrobat doesn’t provide support yet for hashing algorithm higher than SHA1 which is deprecated (not the same as discontinued).

As you may already know SHA1 is phased out and SHA2 is becoming a more secured standard in combination with SSL implementation. According to what I’m reading if the Adobe Acrobat encounters an algorithm higher than what it can support it will fallback to SHA1.

One possible workaround, although highly discouraged due to weak security, is to modify the registry entry to default to SHA1 instead.

Nevertheless, here are some of the links I’ve found of interest to hopefully resolve your issue:

Error Codes – From militarycac.com

https://militarycac.com/errorcodes.htm

When the error is related to signing with the default Cryptographic Provider but the Key storage provider is superior

https://support.quovadisglobal.com/kb/a409/the-keyset-is-not-defined-when-signing-with-adobe-acrobat...

Loading Trusted Root Certificates:

https://www.adobe.com/devnet-docs/acrobatetk/tools/AdminGuide/advancedconfig.html#aatl-and-eutl-cert...

Feature Lockdown (registry lockable settings)

https://www.adobe.com/devnet-docs/acrobatetk/tools/PrefRef/Windows/FeatureLockdown.html

How to fix in Win10 -recreating user profile in the domain

https://www.thewindowsclub.com/cryptographic-service-provider-error