YubiKeys for Digital Signature in Adobe Acrobat Reader (Windows)
To set your YubiKey up for digital signature with Adobe Acrobat Reader on Windows, follow the instructions below. For instructions covering macOS, please refer to this article from SSL.com.
- Make sure your YubiKey is inserted, and has your signing certificate imported into slot 9c (this is the slot for digital signature).
-
Install the 32 or 64-bit version of the Yubico PIV Tool, depending on whether your Adobe software is 32 or 64-bit (YPT installers available here), then follow the instructions on https://developers.yubico.com/yubico-piv-tool/YKCS11/ under YKCS11 on Windows.
-
If you’re not sure whether your Adobe software is 32 or 64-bit, check its installation directory. If it is under C:\Program Files, then it is 64-bit, and if C:\Program Files (x86), 32-bit.
Open Acrobat, and navigate to Edit > Preferences.
Since Acrobat cannot interact with smart cards in Protected Mode (see attached screenshot), make sure Enable Protected Mode at startup is unchecked under Security (Advanced).
If you have to uncheck this, you may be prompted to restart Acrobat, in which case you should do so immediately, then reopen Edit > Preferences.
Navigate to Signatures > Identities & Trusted Certificates > More > PKCS#11 Modules and Tokens and click Attach Module.
Browse to C:\Program Files (x86)\Yubico\Yubico PIV Tool\bin (32-bit) or C:\Program Files\Yubico\Yubico PIV Tool\bin (64-bit) and select libykcs11.dll.
After attaching the module, you should see a > symbol next to PKCS#11 Modules and Tokens. Use this to expand and reveal PKCS#11 PIV Library (SP-800-73), then select it.
You should now see YubiKey PIV #XXXXXXXX listed under Token Label, where XXXXXXXX is your YubiKey's serial number. If you don't, click the refresh button, and restart Acrobat if it still doesn't show.
Once it appears, select it, click Login, enter your YubiKey's smart card PIN, and click OK.
Expand PKCS#11 PIV Library (SP-800-73) (on the left under PKCS#11 Modules and Tokens) and select YubiKey PIV #XXXXXXXX. Select your certificate (on the right), click the pencil icon, and click Use for Signing.
Acrobat is now configured to use the signing certificate on your YubiKey for digital signature and will offer it for usage when you go to sign something.