Digital signature with okular

I want to digitally sign pdf-documents with ocular and it looks quite good in the beginning. I go into the menu “tools”, choose “digitally sign”. The cursor changes to a cross and I have to select the rectangle where to put the signature. After that a dialog opens, where I have to put in the pin of my smart card. Then I have to select my certificate (there is only one “D-TRUST 4.1 S …”). But than okular goes into an infinite loop wanting the pin of my smart card again and again (“Enter password (if any) to unlock certificate: D-TRUST Card 4.1 S…”). It doesn’t matter whether I just hit enter without entering a pin or whether I give the pin. The dialog comes again. The only way to end this is to click on “cancel” button.
The LED of my card reader flashes every time I put in the PIN or when I select the certificate and the certificate from the smart card is in the dialog box. So it seems, that the communication with the card reader works.
I didn’t find a way to get any debug information.
What could I do, to get further?
May system is opensuse leap 15.4 all updates installed, opensc installed. Smart Card from D-Trust and card reader from reinersct cyperjack comfort.

No reply at all, am I in the wrong forum?

Maybe your setup combination is so rare (Okular, D-Trust, reinersct cyberjack) that nobody else hit this problem…

I would be glad to get some tips how to debug

If you start okular from a konsole terminal and attempt to add the digital signature, does that yield any clues about what is failing?

Just in case the following guide is useful…
https://docs.kde.org/stable5/en/okular/okular/signatures.html
https://docs.kde.org/stable5/en/okular/okular/config-pdf.html#config-pdf-digital-signatures

I haven’t used okular with digital signatures, (so pure speculation on my part), but another thought I had is did you first navigate to Settings > Configure Backends… > PDF and point it at the desired certificate database?

Apologies in advance if on the wrong track on this.

1 Like

Now I’ve updated to Leap 15.5. I hoped, that it will bring me a bit further in this topic. But the connection to the card reader does not work anymore. So even a step back
In Firefox the access of the card reader and the smart card works and I see my certificates stored on the smart card. That is a bit funny, as the documentation of okular says, that it uses the firefox database.
To react on some of the tips above. Starting okular on the terminal does not bring any debug information. And all the tutorials mentioned above about signing pdfs are about local signature files, not about signing with a card and a card reader. So I’m still stuck here :frowning:
Any tips how to connect the nss database to the card reader?

After searching the internet and trying a bit, I got two steps further. I had to give the directory of my actual firefox profile (.mozilla/firefox/xyz.profile). I assume, that because I use a non default profile, Okular was not able to find the nss database. Than I had to give the password of the nss database. I didn’t know, which password was needed there and put in the pin of the smart card, that was, why the dialog came again and again. I found out, that the password of the firefox password-manager is needed here. After typing it in, a window opened saying that there are no certificates available (despite seeing it in firefox certificate manager).
So two steps further, but still no success :-/

Strange – if I open Okular and choose “Settings” → “Configure Backends…” → “PDF” –
The default Certificate Database is my non-default Firefox profile – ‘~/.mozilla/firefox/???.default-release’ – with no available certificates …

I guess if, I followed the “Deep Dive” instructions provided by Karl, Okular would find the needed certificates.