This is the solution: it assumes you are using CACKey, but can probably be translated to other middleware: Verify permissions of /Library/CACKey/libcackey.dylib are correct; they should be -rwxr-xr-x (755) and owned by root, group admin. If they're not, change them using Terminal.app: sudo chown root:admin /Library/CACKey/libcackey.dylib sudo chmod 755 /Library/CACKey/libcackey.dylib In Adobe Reader DC, open Preferences, then go to Signatures --> Identities & Trusted Certificates --> More... Cick "PKCS#11 Modules and Tokens" Click "Attach Modules" Enter path to your PKCS#11 module; for CACKey this is /Library/CACKey/libcackey.dylib Click "OK" Click the little triangles to open up the module until you see the card Click the card Click on the email signing certificate (look for one issued by DOD EMAIL CA-xx and includes Intended usage of Digital Signature) Click the "Usage Options" popup menu and select "Use for Signing" Click Close, then Click OK. The above steps will need to be repeated for each user account on the machine. If you're using something other than CACKey, then you'll need to determine the path for your PKCS#11 module. If you have Firefox or Thunderbird installed, then it's the same as the one you have configured in those applications in order to use your CAC. Once this configuration change has been made, the signature dialog box will change slightly to include a field to enter your PIN (or as Adobe calls it, "certificate password"), as shown in the screen shot below. You'll need to enter your PIN here, rather than clicking Sign and then getting the standard OS X dialog to enter your PIN.
... View more