Solution
This error generally occurs when when a user is digitally signing a PDF document using Adobe Acrobat with their certificate on their Safenet iKey (eToken) USB token. The problem here is that the certificate is set to use KSP (Key Storage Provider) as the default Cryptographic Provider. Although KSP is superior to CSP (Cryptographic Service Provider), it appears that Adobe Acrobat does not work with KSP yet. You will need to set the Cryptographic Provider to CSP for this certificate (or all certificates on your token that are used for Adobe PDF signing).
Below will explain how to do this in the SafeNet Authentication Client.
- Open the SafeNet Authentication Client Tools. This can be done from Program Files or by right-clicking on the SafeNet icon in your system tray and selecting Tools from the menu.
- Once open, you should see your token(s) plugged in on the side. Click on the 'golden gear' symbol at the top for the Advanced View.
- In the Advanced View, expand Tokens and then navigate to the certificate you use for signing. This will generally be underneath the User certificates group.
Note: If you click on the certificate, you can see what it is set to in the Private Key Data next to Cryptographic Provider field.
- Right-click on the certificate and select Set as CSP from the drop-down menu.
Note: You should repeat this step for all certificates that you perform Adobe PDF signing with. Certificates that are not used for Adobe PDF signing can be set as KSP.
- Please close the SafeNet Authentication Client and attempt to sign the document again. If you still have issues with signing, then please contact QuoVadis support for further assistance.