Sign and encrypt documents with your eHSM Hardware Security Module and Acrobat Reader DC
This how-to will guide you to setup Acrobat Reader DC to sign and encrypt documents with the eHSM
Using the eHSM has definite security advantages over using keys stored on your disk. If an attacker or ransom ware gets a hold of the key, they can impersonate you and access your encrypted documents. Even though the eHSM is a powerful and flexible HSM, it can also be used as a PKCS#11 token to secure your document signing keys.
We will focus on setting up your digital ID with eHSM - for general usage and reference, see certificate based signatures and securing PDFs with certificates on Adobe’s website.
Note: The screenshots were taken on Mac OS - on Windows they are very similar.
-
Open Adobe’s preferences/settings page and scroll down to “Signatures”
-
In the section “Identities & Trusted Certificates” click “More…”
On the page that opens, click on “PKCS#11 Modules and Tokens” and then “Attach Module”
Enter the path to the eHSM shared object file (ehsm.dll on Windows, libehsm.dylib on Mac and libehsm.so on Linux). You can download the file for your OS here.
-
Once the module is attached, you will see tree expand and the information of the module shown.
-
Click on the label of the eHSM in the tree on the left (eHSM1 as shown in the screenshot)
This page will show you information on certificates currently on your eHSM (if any).
-
If you do not have a digital ID yet or want to import your digital ID, click on the “+” icon.
You will be prompted for the HSM user password and then an option to create a digital ID or import an ID.
-
For demonstration purposes we are going to create a digital ID.
-
You are now all set-up to use the digital ID from the pkcs#11 HSM.
No you can sign and encrypt documents using this digital ID by opening the “Certificates” Tool menu under “Tools”.
This will add the following menu:
-
Open the document you want to sign, click on “Digitally Sign” and select the certificate you just created:
