Copy link to clipboard
Copied
I have two certificates, physically residing on the same (Belgian) government issued smart card. One is labeled "Authentication" (Intended usage: sign transaction), and the other is labeled "Signature" (Intended usage: sign document). I have been trying to add a signature to a pdf document in Acrobat Pro XI (trial) on WIndows 8 Home (64 bit). It works perfectly with the "Authentication" certificate, but all attempts with the "Signature" certificate yield the following error:
Error encountered while signing:
The Windows Cryptographic Service Provider reported an error:
Access was denied because of a security violation.
Error Code: 2148532330
The only relevant difference between both certificates that I have been able to spot, is in the "key usage" field of the certificate ("sign transaction" versus "sign document"). Any thoughts on what might be wrong?
Thanks.
Copy link to clipboard
Copied
"Sign transaction" means that the certificate is used to sign digital signatures. "Sign document" (in Acrobat-speak) actually means non-repudiation (revocation check is required for this certificate, subject to user preferences). Certificates that I have, have both . "Sign transaction" and "Sign document" usage bits set. You canot sign with a certificate that does not have "Sign transaction" usage. I do not know what's the purpose of a certificate that has only Non-repudiation (aka "Sign Document") usage set.
Copy link to clipboard
Copied
Hi,
I have the same problem. I've tested with Adobe Reader version 9.5, 10.1 and 11.0.3 and different OS versions All versions give the same error.
This is also with a Belgian Eid card. Same behavior: can sign with authentication certificate, but not with signature certificate.
Any one knows a solution for this?
Copy link to clipboard
Copied
Hey,
Problem is not linked to Adobe but seems to be a general problem with the Belgian eID and probably his middleware when accessing the certificate with KeyUsage=Non-Repudiation". You can easily reproduce he problem when signing a message under OUTLOOK (2010) and also with DigiSigner or PDF Sign & Seal from Ascertia. Need to find a contact at Fedict (the guys which have ownership of the Belgian eID middleware).
Copy link to clipboard
Copied
I assume you are implying "biztax" application here, right?
I have contacted their program lead, with no result at all.
Past days I have been searching for a solution - reinstalls / new systems - no solution.
This issue appeared a week or two ago only.
I found http://forums.adobe.com/message/5338853 useful - but no positive results either.
http://test.eid.belgium.be/faq/faq_nl.htm obviously didnt help either.
If anyone finds a solution to this issue, please do let me know - any help is appreciated.
Biztax tells to use the "signature", not the "authentication" - but it is only Auth. that is showing up as option to sign (that works)
ps, did you fiddle with the Adobe Reader XI security settings and import that PKI etc as well? I hoped that would be the breaktrough. Sadly i'm still crying in my chair.
Oh, and dont forget: they claim nobody else got this issue. Maybe one or two people. (We got about 8 customers experiencing exactly the same symptoms at the same time )
> I noticed that when I try to open the pdf document that is 'signed' by the government it is not showing the filename in the title bar, but only " - Adobe Reader". every piece of info helps I guess.
Obviously last version of Reader 11.0.03
Copy link to clipboard
Copied
Hi,
I actually got a very helpful response from the people at FedICT. They made me manually install the module C:\Windows\System32\beidpkcs11.dll from the Edit>Preferences>Signatures>Identities & Trusted Certificates menu (>Attach Module). I am now able to use the "Signature" certificate to sign documents in Acrobat XI Pro.
Great!
Copy link to clipboard
Copied
Hi m-beck,
I tried to do the same - but Adobe Reader was unable to "sign in" to that module. Is there a known password for this?
Maybe it is not asking for one when using the Pro edition?
I use the free adobe reader.
Copy link to clipboard
Copied
AAA_BE,
I can say that I had to be signed in to Windows with an account that has administrator rights in order to do what I described. Also, you could consider turning "Protected Mode" off in Reader (Edit>Preferences>Security (Enhanced)>Enable Protected Mode at startup [uncheck]).
m-beck
Copy link to clipboard
Copied
"Oh, and dont forget: they claim nobody else got this issue. Maybe one or two people. (We got about 8 customers experiencing exactly the same symptoms at the same time )"
... is bullshit. As mentioned earlier, a similar access denied problem can be reproduced with other tools than the Adobe tool. Signing with OUTLOOK and third-party PDF signing tools produce similar error messages.
I opened a ticket at Fedict and will put their return on the forum once received.
Copy link to clipboard
Copied
I did not completely understand what you mean - but you are saying that this is an issue completeley in the hands of fedICT right?
I have opened several mails, including to their chief - with no result.
Only response I have had so far was "Select the signature cert". helpful.
Hopefully they can give you more useful information
Copy link to clipboard
Copied
Hi AA, John, Others that are searching
First off all I would like to thank you all for your troubleshooting and analysis, that gives me the chance to just read, pick up and jump into this...
since today we have the same issue. We can logon (authenticate) but are unable to sign a PDF. error code: 2148532330
Did someone, since its 8 days ago, get answer from FedICT? Then, how did you contact these guys because I just can't get true to their support line or lets say, to the support that would make sence to solve this issue.
Situation is like this:
Windows terminal server 2008 R2
people work with thin clients or laptops
IE 10.0.9200.16576
Adobe reader X
e-ID v4.0.4 142
I just updated adobe to version 10.1.7
Hope to get some feedback. If you need more info from me, please do not hesitate to ask.
kind regards
Rikke
Copy link to clipboard
Copied
Hello all,
I forgot to mention that I received a message from fedICT about the issue.
"follow this to make the problem go away"
It is utter bullshit if you ask me - I still think they screwed up with their own certificates / software - but it does work now.
I used this procedure earlier but it didnt work then. Now the hamsters in their servers started to do their job I guess.
So how do I upload a pdf in here with those instructions....
Nevermind - cheated a bit in imageshack and hopefully you can open this pdf:
http://imageshack.us/photo/my-images/43/windowscryptographicerr.pdf
Click on that continue to media button on the topright.
Hope this helps
Copy link to clipboard
Copied
Good morning, i dont know if you resolved your problem because the problem is there since 2013 but i found a solution. I had the same problem.
And in fact, your card id has to be connetced to your pc. And when you choose your signature, you have to put your pin code of your card Id on your connector.
The program says nothing but your connector ask your pin.
Nothing tells you to do that and it's the problem but if you see the connector you will see that ask you the pin code.
Voila, how my problem "error code 2148532330" has been resolved. 🙂
Copy link to clipboard
Copied
What is a "connector"?
Copy link to clipboard
Copied
I got the following answer from FEDICT which describes a workaround while they are working on an update of their middleware
U kan als tijdelijke workaround de volgende procedure volgen:
Onze ontwikkelaars zijn momenteel bezig met nieuwe installatiepakketjes te bouwen die deze nieuwe minidriver bevatten. We hopen deze zo snel mogelijk te kunnen publiceren op onze website.