Explanation needed for FIPS mode setting in Acrobat Reader DC

Report · May 06, 2021

I have seen a lot of older posts regarding an issue similar to this, but for some reason I cannot see the answers (though they were marked as successfully answered).

What I need is an explanation of how to tell, within Adobe Acrobat Reader DC, whether FIPS cryptography is turned on or off. We (U.S. Department of the Navy, Naval Sea Systems Command) are currently experiencing an issue whereby if they attempt to fill, sign, and then save a fillable, signable PDF form using Adobe Acrobat DC (the full version) we get an error message saying that "Document could not be saved. Use of non-FIPS cryptography is not permitted while in FIPS mode" (attachment with screencap). But if we do the same thing in Reader DC, it works just fine.

My question is, when the message says "while in FIPS mode" is that referring to the mode that Adobe is in, or the mode Windows is in? If it's Adobe, how can I see the setting in each of the to applications?

We are using Reader DC version 2021.001.20138 and Acrobat DC version 2020.013.20074.

Thank you.

Tim David

Report · May 07, 2021

Hi Tjdavid

Hope you are doing well and sorry for the trouble. As described you are getting the error 'Document could not be saved. Use of non-FIPS cryptography is not permitted while in FIPS mode'

Are you on a personal machine or IT managed work machine?

Please check the correct answer marked in a similar discussion https://community.adobe.com/t5/acrobat-reader/disable-fips-mode-in-adobe-acrobat-reader-dc/m-p/10188... and see if that helps.

For more information on FIPS, please check out the help page https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/fips.html

Regards

Amal

Regards
Amal

Report · Aug 10, 2021

My question is

why did the original posters question not get answered?

Quote:

My question is, when the message says "while in FIPS mode" is that referring to the mode that Adobe is in, or the mode Windows is in?

Report · Oct 27, 2021

Can you kindly help me understand the information provided in the link above. When I read the FIPS statement, I read it as Adobe will never be FIPS compliant because it uses RSA proprietary encryption algorithms. Is this true. How do I get past this error WITHOUT diabling FIPS mode.

"Adobe utilizes certified and unmodified encryption modules licensed from RSA Security within desktop and server products. Therefore, Adobe will not show up in the NIST Cryptographic Module Validation Program vendor lists."

FIPS Compliance — Acrobat DC Application Security Guide (adobe.com)

Report · Oct 27, 2021

Hi there

Hope you are doing well. please check out the correect answers marked in the similar discussion listed below and see if that works:

- https://community.adobe.com/t5/acrobat-discussions/error-saving-pdf-using-fips/td-p/10267547#M128265

- https://community.adobe.com/t5/acrobat-reader-discussions/disable-fips-mode-in-adobe-acrobat-reader-...

Regards

Amal

Regards
Amal

Report · Oct 27, 2021

Sorry Amal but the posts do not answer the question. I can diable FIPS through the registy pushed via GPO but this is a Cat II finding. The goal is to be compliant with DISA STIG policies. This error occurs and the only workaround I have seen is to turn off FIPS.

The question I am looking to be answered refers to the statement in the FIPS url above. From my interpretation, Adobe will never be FIPS compliant because it uses RSA proprietary encryption algorithms.

YES / NO ???

We have FIPS compliant forms that cannot be signed and get the exact error as the original poster. Looking for options to fix this without disabling FIPS through the regisrty.

Quote from the adobe website:

Adobe utilizes certified and unmodified encryption modules licensed from RSA Security within desktop and server products. Therefore, Adobe will not show up in the NIST Cryptographic Module Validation Program vendor lists.

Report · Oct 28, 2021

Hi there

Please give us some time to get it checked with the team. We will share the update as soon as we will hear anything from them.

Thanks for your time and patience

Regards

Amal

Regards
Amal

Report · Oct 24, 2022

Good day,

I know it has been quite some time but was this ever researched and resolved?

Report · Oct 24, 2022

I never received a staisfactory answer for this problem. In the end, the only solution we found was to purchase Adobe DC OR disable FIPS. Neither solution was a great one.

Report · Oct 28, 2022

Hi @defaultldmcgtrk95rk

Hope you are doing well.

For more information about our FIPs support please go through the help page https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/fips.html

There’s no such thing as turning “FIPs crypto” on or off. Acrobat FIPS mode can be on or off as described above. There’s no in-between.

Hope this information will help

Regards

Amal

Regards
Amal

Report · Oct 30, 2022

Amal,

No one said anything about turning off FIPS crypto. Disabling FIPS is all over google for exact reasons we are trying to uncover.

In my opinion, Adobe has done a poor job in providing support. Quote from you Oct 28, 2021:

Please give us some time to get it checked with the team. We will share the update as soon as we will hear anything from them."

The answer is still not provided in this thread. I asked a YES/NO question. Did not receive a response. Question reiterated below for clarity:

From my interpretation, Adobe will never be FIPS compliant because it uses RSA proprietary encryption algorithms.

YES / NO ???

Report · Dec 09, 2022

@defaultldmcgtrk95rk

The issue isn't necessarily an issue with the Adobe program itself but with the forms we are using. I would suggest looking at a form(s) that you've been having issues with and checking the security used on it. All in all, this isn't really an actual STIG implementation issue, more over an admin issue.