Sign and encrypt documents with your eHSM Hardware Security Module and Acrobat Reader DC

Last updated 2019-02-08

This how-to will guide you to setup Acrobat Reader DC to sign and encrypt documents with the eHSM

Using the eHSM has definite security advantages over using keys stored on your disk. If an attacker or ransom ware gets a hold of the key, they can impersonate you and access your encrypted documents. Even though the eHSM is a powerful and flexible HSM, it can also be used as a PKCS#11 token to secure your document signing keys.

We will focus on setting up your digital ID with eHSM - for general usage and reference, see certificate based signatures and securing PDFs with certificates on Adobe’s website.

Note: The screenshots were taken on Mac OS - on Windows they are very similar.

  1. Open Adobe’s preferences/settings page and scroll down to “Signatures”

    Adobe Settings - Signatures

  2. In the section “Identities & Trusted Certificates” click “More…”

    On the page that opens, click on “PKCS#11 Modules and Tokens” and then “Attach Module”

    Enter the path to the eHSM shared object file (ehsm.dll on Windows, libehsm.dylib on Mac and on Linux). You can download the file for your OS here.

    Adobe Add Modules

  3. Once the module is attached, you will see tree expand and the information of the module shown.

    Adobe Module Added

  4. Click on the label of the eHSM in the tree on the left (eHSM1 as shown in the screenshot)

    This page will show you information on certificates currently on your eHSM (if any).

    Adobe Token Info

  5. If you do not have a digital ID yet or want to import your digital ID, click on the “+” icon.

    You will be prompted for the HSM user password and then an option to create a digital ID or import an ID.

    Adobe Add ID Info

  6. For demonstration purposes we are going to create a digital ID.

    Adobe Certificate Info

  7. You are now all set-up to use the digital ID from the pkcs#11 HSM.

    No you can sign and encrypt documents using this digital ID by opening the “Certificates” Tool menu under “Tools”.

    Adobe Certificate Tool

    This will add the following menu:

    Adobe Certificate Tool Menu

  8. Open the document you want to sign, click on “Digitally Sign” and select the certificate you just created:

    Adobe Select Certificate

Subscribe to receive updates

* indicates required