I have searched far and wide, still can't figure out nor find any solution to disabling FIPS mode. Any documents that are configured to use digital signatures for us error out when signing with the following error:
"The document could not be saved. Use of non FIPS cryptography is not permitted while in FIPS mode." Then states document couldn't be signed obviously.
Anyone find a solution to this? I tried the bFIPSMode=0 manual HKCU entry that doesn't do anything. I also disabled protected mode. This instance of Adobe DC is on Windows 10.
Thanks for any help!
Please confirm if you are setting the registry key correctly at the below mentioned path:
Correct, I have that entry yet FIPS mode is still enabled and the error is persistent.
We could not reproduce the issue in house. We are able to use non FIPs compliant algorithms while signing when FIPS is disabled[with PM on/off] and not able to create with FIPs enabled.
Please could you tell us the Signature algorithm for the certificate[Select the digital id--View Details--Details--Signature Algorithm] .
Have you set any registry key to specify digest method while signing? Please could you go to HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\Security\cPubSec and send us a screenshot of the registries set under this key.
I had to manually create the "HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\" path since it did not exist. So I would need to manually create "\Security\cPubSec" as well? What should I put under this key?
If you had to manually create that your Reader version is not DC. Please share the full version number shown by About Acrobat Reader.
Adobe Acrobat Reader DC Continous Release | Version 2018.011.20038
Yes, that is DC, though it’s not the latest. You should have that in the registry if Reader ever ran. What does Regedit have under HKCU\Software\Adobe ?
Only "\DC\AVGeneral" that I manually created for bFIPSMode
What do you have under HKCU\Software? Anything else other than Adobe ?
Just the usual: Classes, Microsoft, Policies
It sounds as you may have very strict registry blocks stopping software reading and writing preferences. Check with your admins for policies.
It's been some years since this question was posted, but I don't see that anyone provided an answer, so here it is:
For those of you who do not control the admin rights to a .pdf, but need to sign it and are receiving above error message, you just need to drag .pdf to your desktop, and then open it with Adobe Acrobat Reader. You should then be able to sign it.
This solution sounds incredibly simple and I don't know why dragging a file onto my desktop and opening the document would then allow me to save a FIPS document. I tried it anyway and dragging this file to my desktop before opening it did not change the unwanted behavior.
I tried saving the doc to my desktop and it did NOT resolve the issue.