Acrobat 7.X Security Feature Reference

Transcription

bc
PDF Creation Date:
June 13, 2006
Acrobat 7.X Security Feature Reference
Digital Signatures, Security Methods, and Document Security
Acrobat
7.X
© 2006 Adobe Systems Incorporated. All rights reserved.
As of April 12, 2002, Accelio Corporation (formerly JetForm Corporation) was purchased by Adobe Systems Incorporated. As of that date, any
reference to JetForm or Accelio shall be deemed to refer to Adobe Systems Incorporated.
Adobe® Acrobat 8.0 Security User Guide for Microsoft® Windows® and Macintosh® 2005.
If this guide is distributed with software that includes an end user agreement, this guide, as well as the software described in it, is furnished
under license and may be used or copied only in accordance with the terms of such license. Except as permitted by any such license, no part
of this guide may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, recording,
or otherwise, without the prior written permission of Adobe Systems Incorporated. Please note that the content in this guide is protected
under copyright law even if it is not distributed with software that includes an end user license agreement.
The content of this guide is furnished for informational use only, is subject to change without notice, and should not be construed as a
commitment by Adobe Systems Incorporated. Adobe Systems Incorporated assumes no responsibility or liability for any errors or
inaccuracies that may appear in the informational content contained in this guide.
Any references to company names in sample templates are for demonstration purposes only and are not intended to refer to any actual
organization.
"Adobe" and "the Adobe logo" are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or
other countries.
All other trademarks are the property of their respective owners.
Adobe Systems Incorporated, 345 Park Avenue, San Jose, California 95110, USA.
Notice to U.S. Government End Users. The Software and Documentation are “Commercial Items,” as that term is defined at 48 C.F.R. §2.101,
consisting of “Commercial Computer Software” and “Commercial Computer Software Documentation,” as such terms are used in 48 C.F.R.
§12.212 or 48 C.F.R. §227.7202, as applicable. Consistent with 48 C.F.R. §12.212 or 48 C.F.R. §§227.7202-1 through 227.7202-4, as applicable,
the Commercial Computer Software and Commercial Computer Software Documentation are being licensed to U.S. Government end users
(a) only as Commercial Items and (b) with only those rights as are granted to all other end users pursuant to the terms and conditions herein.
Unpublished-rights reserved under the copyright laws of the United States. Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA
95110-2704, USA. For U.S. Government End Users, Adobe agrees to comply with all applicable equal opportunity laws including, if
appropriate, the provisions of Executive Order 11246, as amended, Section 402 of the Vietnam Era Veterans Readjustment Assistance Act of
1974 (38 USC 4212), and Section 503 of the Rehabilitation Act of 1973, as amended, and the regulations at 41 CFR Parts 60-1 through 60-60,
60-250, and 60-741. The affirmative action clause and regulations contained in the preceding sentence shall be incorporated by reference.
Contents
1
What’s in this Guide? ................................................................................................................... 8
2
Getting and Using Your Digital ID.............................................................................................. 9
Digital ID Basics.............................................................................................................................................................................10
What is a Digital ID?...............................................................................................................................................................10
How are Digital IDs managed?..........................................................................................................................................10
Digital ID storage formats...................................................................................................................................................11
Digital ID User Interface.......................................................................................................................................................11
Getting Your Own Digital ID.....................................................................................................................................................13
Adding IDs During a Workflow .........................................................................................................................................13
Adding IDs in Advance.........................................................................................................................................................14
Responding to an Emailed Request for a Digital ID...................................................................................................14
Creating a Self-Signed Digital ID ......................................................................................................................................16
Finding an Existing Digital ID ............................................................................................................................................18
Getting a Third-Party Digital ID.........................................................................................................................................19
Upgrading a Legacy .apf Digital ID..................................................................................................................................19
Backing up the Private Key .................................................................................................................................................19
Using Your Digital ID...................................................................................................................................................................20
Specifying a Default Digital ID ..........................................................................................................................................20
Changing or Clearing the Default Digital ID ................................................................................................................21
Deleting a Digital ID ..............................................................................................................................................................21
Emailing Your Digital ID Certificate .................................................................................................................................21
Saving Your Digital ID Certificate to a File ....................................................................................................................23
Viewing Your Digital ID Certificate Details ...................................................................................................................24
Changing a Digital ID’s Password and Timeout..........................................................................................................24
Login, Logout, and Batch Processing .............................................................................................................................26
3
Managing Trusted Identities .................................................................................................... 27 Creating a Community of Document Authors and Recipients ....................................................................................28
Setting up the Trusted Identity Environment....................................................................................................................30
Creating Default User Information ..................................................................................................................................30
Adding Certificate Servers as Searchable Directories...............................................................................................31
Using the Windows Certificate Store for Signing and Certificate Security .......................................................31
Adding Someone to Your Trusted Identity List.................................................................................................................34
Adding a Digital ID from a Signature..............................................................................................................................34
Requesting a Digital ID via Email......................................................................................................................................34
Browsing for a Trusted Identity.........................................................................................................................................36
Searching for a Digital ID to Trust ....................................................................................................................................36
Importing a Single Certificate From an FDF File.........................................................................................................38
Working with Digital IDs and Certificates............................................................................................................................39
Displaying a Certificate in the Certificate Viewer .......................................................................................................39
Verifying Self-Signed Certificates.....................................................................................................................................40
Checking Certificate Revocation Status.........................................................................................................................41
Trusting Timestamp Authority Certificates ..................................................................................................................42
Certificate Trust Settings ...........................................................................................................................................................43
Trusting a Certificate for Signing and Certifying ........................................................................................................43
3
Acrobat
Security User Guide
4
Trusting Dynamic Content in Certified Documents..................................................................................................44
Trusting JavaScript in Certified Documents.................................................................................................................45
Selecting a Certificate to use for Encryption................................................................................................................45
Managing Contacts .....................................................................................................................................................................47
Viewing and Editing Contact Details ..............................................................................................................................47
Emailing Certificate or Contact Data...............................................................................................................................48
Saving Certificate or Contact Details to a File..............................................................................................................48
Associating a Certificate with a Contact ........................................................................................................................48
Changing a Trusted Identity’s Certificate Association..............................................................................................49
Deleting Contacts and Certificates ..................................................................................................................................49
Working with Groups of Contacts ..........................................................................................................................................51
Creating a Group....................................................................................................................................................................51
Adding or Removing Group Contacts ............................................................................................................................51
Deleting a Group....................................................................................................................................................................52
Using Groups with Security Policies................................................................................................................................52
Using Directory Servers to Add Trusted Identities ...........................................................................................................53
Manually Configuring a Directory Server ......................................................................................................................53
Editing Directory Servers Details......................................................................................................................................54
Deleting a Directory Server ................................................................................................................................................55
Specifying a Default Directory Server.............................................................................................................................55
Importing and Exporting Directory Server Settings..................................................................................................56
4
Digital Signatures for Document Authors ............................................................................... 57
Signing Basics ................................................................................................................................................................................58
What is a Digital Signature? ...............................................................................................................................................58
Signature Types: Approval and Certifying ....................................................................................................................59
Common Signature Workflows.........................................................................................................................................59
Signatures User Interface ....................................................................................................................................................60
Setting up the Signing Environment ....................................................................................................................................63
Creating Default User Information ..................................................................................................................................63
Changing the Default Signing Method..........................................................................................................................63
Including Certificate Revocation Status in a Signature............................................................................................64
Using the Windows Certificate Store for Signing.......................................................................................................64
Certifying a Document (Certifying Signatures) .................................................................................................................65
Recommended Certification Workflow .........................................................................................................................66
Setting up a Document for Certification .......................................................................................................................67
Certifying a Document.........................................................................................................................................................67
Why Can’t I Certify? ...............................................................................................................................................................70
Signing a Document Without Certifying (Ordinary Signatures) .................................................................................71
Signing Documents in Acrobat.........................................................................................................................................71
Signing in a Browser .............................................................................................................................................................73
Clearing One or More Signatures.....................................................................................................................................73
Signature Field Design and Editing .......................................................................................................................................74
Creating a Blank Signature Field ......................................................................................................................................74
Specifying General Field Properties ................................................................................................................................75
Specifying Signature Field Appearances.......................................................................................................................76
Changing Blank Signature Field Defaults......................................................................................................................77
Editing Signature Fields.......................................................................................................................................................77
Arranging Signature Fields.................................................................................................................................................78
Creating Multiple Copies of a Signature Field.............................................................................................................78
Setting Signature Field Tab Order ...................................................................................................................................79
Acrobat
Security User Guide
5
Authoring Signable Forms........................................................................................................................................................81
Authoring a Document with Multiple Fields ...............................................................................................................81
Locking Fields Automatically After Signing .................................................................................................................82
Unlocking Signature and Form Fields ............................................................................................................................83
Making a Field a Required Part of a Workflow.............................................................................................................83
Specifying a Post-Signing Action .....................................................................................................................................84
Personalizing Signature Appearances..................................................................................................................................87
Creating and Storing Signature Appearances.............................................................................................................87
Editing a Signature Appearance.......................................................................................................................................89
Deleting a Signature Appearance....................................................................................................................................89
Setting up Palm OS appearance files..............................................................................................................................90
Timestamp Basics for Authors .................................................................................................................................................91
Adding Timestamps to Signatures ..................................................................................................................................92
Configuring Acrobat to use Timestamps ......................................................................................................................92
Importing and Exporting Timestamp Server Settings..............................................................................................93
Advanced Document Customizations..................................................................................................................................94
Enabling JavaScript to Set Seed Values .........................................................................................................................95
Forcing a Certification Signature and Document Locking .....................................................................................96
Adding Custom Legal Attestations .................................................................................................................................98
Adding Custom Signing Reasons.....................................................................................................................................98
Specifying Timestamps for Signing.............................................................................................................................. 100
Specifying Alternate Signature Handlers and Formats......................................................................................... 101
Specifying Certificate Properties for Signing............................................................................................................ 102
Specifying Signing Certificates by Issuer and Subject .................................................................................... 103
Specifying Signing Certificate Policies.................................................................................................................. 104
Specifying a URL When a Valid Certificate is not Found................................................................................. 105
Custom Workflows and Beyond .................................................................................................................................... 106
5
Digital Signatures for Document Recipients .........................................................................109
Working with Signed Documents ....................................................................................................................................... 110
Signature Components: What Makes them Valid? ................................................................................................. 110
Signature Status and Validity Icons.............................................................................................................................. 111
Setting up Your Environment for Receiving Documents ........................................................................................... 113
Setting Up Automatic Signature Validation.............................................................................................................. 113
Setting Digital Signature Validation Preferences .................................................................................................... 113
Configuring Document Status Preferences............................................................................................................... 115
Setting Dynamic Content (Multimedia) Security Options ................................................................................... 117
Setting High Privilege JavaScript Security Options ................................................................................................ 119
High Privilege JavaScript Defined................................................................................................................................. 119
Validating Signatures Manually ........................................................................................................................................... 120
Validating a Single Signature.......................................................................................................................................... 120
Validating All Signatures Simultaneously .................................................................................................................. 121
Validating an Unknown (Untrusted) Signature........................................................................................................ 121
Validating a Signature for an Earlier Document Version ...................................................................................... 124
When the Status Icon is Not a Green Check. . . ............................................................................................................... 125
Green Check and Caution Triangle............................................................................................................................... 125
Question Mark and Caution Triangle........................................................................................................................... 126
Question Mark and Person .............................................................................................................................................. 126
Question Mark and Pen .................................................................................................................................................... 127
Red X and Pen ...................................................................................................................................................................... 127
Running JavaScript and Dynamic Content................................................................................................................ 127
Acrobat
Security User Guide
6
Timestamp Basics for Document Recipients ................................................................................................................... 128
Trusting a Timestamp Certificate in a Signature ..................................................................................................... 128
When Timestamps Can’t be Verified. . ........................................................................................................................ 129
Viewing and Comparing Document Changes and Versions ..................................................................................... 130
Viewing a Signed Version of a Document.................................................................................................................. 130
Viewing a List of Post-Signing Modifications............................................................................................................ 130
Comparing Documents .................................................................................................................................................... 131
Comparing a Signed Version with the Current Version.................................................................................. 131
Comparing Documents by Page............................................................................................................................. 133
Comparing Documents by Word............................................................................................................................ 134
6
Document Security Methods ..................................................................................................136
Security Method Basics ........................................................................................................................................................... 137
Choosing a Security Method Type................................................................................................................................ 137
Security Policies ................................................................................................................................................................... 138
Security Methods and Encryption................................................................................................................................. 139
Security Methods and Permissions............................................................................................................................... 141
Viewing Encryption and Permission Settings........................................................................................................... 143
Security Method User Interface ..................................................................................................................................... 144
Associating Batch Processing with a Security Method ......................................................................................... 146
Password Security ..................................................................................................................................................................... 147
Applying Password Security ........................................................................................................................................... 148
Setting Permissions............................................................................................................................................................ 150
Opening a Password-Protected Document .............................................................................................................. 151
Removing a Password ....................................................................................................................................................... 152
Changing Document Collection Passwords.............................................................................................................. 152
Password Recovery............................................................................................................................................................. 152
Certificate Security.................................................................................................................................................................... 153
Using Windows Certificate Store Certificates ........................................................................................................... 154
Applying Certificate Security .......................................................................................................................................... 154
Applying a Certificate Security Policy.......................................................................................................................... 157
Opening a Certificate-Protected Document ............................................................................................................. 158
Adobe Policy Server Security ................................................................................................................................................ 159
Applying APS Security....................................................................................................................................................... 159
Connecting to an Adobe Policy Server ....................................................................................................................... 161
Using the Server (APS) Web Console ........................................................................................................................... 162
Viewing Server Policies in the APS Console .............................................................................................................. 162
Creating an APS Policy in the APS Console ............................................................................................................... 162
Importing and Exporting APS Settings ....................................................................................................................... 163
Changing Security Methods and Settings........................................................................................................................ 164
Viewing Security Settings in Acrobat .......................................................................................................................... 164
Viewing Security Settings in a Browser....................................................................................................................... 164
Changing the Security Method...................................................................................................................................... 165
Changing Security Method Settings............................................................................................................................ 165
Removing Document Security ....................................................................................................................................... 166
7
Security Policies .......................................................................................................................167
Security Policy Basics ............................................................................................................................................................... 168
Security Policy Types ......................................................................................................................................................... 168
User vs. Organizational Policies ..................................................................................................................................... 168
Security Policy User Interface ......................................................................................................................................... 168
Managing Security Policies.................................................................................................................................................... 172
Acrobat
Security User Guide
7
Creating Security Policies................................................................................................................................................. 172
Applying a Security Policy to a Group ......................................................................................................................... 173
Viewing a Security Policy ................................................................................................................................................. 175
Copying a Security Policy................................................................................................................................................. 175
Editing a Security Policy ................................................................................................................................................... 176
Making a Security Policy Favorite ................................................................................................................................. 176
Refreshing the Security Policy List................................................................................................................................ 177
Adding a Security Policy to a Document.................................................................................................................... 177
Removing Security Policy from a Document ............................................................................................................ 178
Deleting a Security Policy from the Policy List ......................................................................................................... 178
8
Sharing Acrobat Settings and Data with FDF Files ...............................................................179
Importing Acrobat Data.......................................................................................................................................................... 181
Responding to an Emailed Request for a Digital ID................................................................................................ 181
Importing a Single Certificate via FDF......................................................................................................................... 181
Importing Multiple Certificates via FDF ...................................................................................................................... 182
Importing Timestamp Server Settings via FDF......................................................................................................... 184
Importing Directory Server Settings via FDF ............................................................................................................ 185
Importing APS Server Settings via FDF ....................................................................................................................... 186
Exporting Acrobat Data .......................................................................................................................................................... 189
Distributing a Trust Anchor or Trust Root .................................................................................................................. 189
Setting Certificate Trust Level .................................................................................................................................. 190
Export the Certificate .................................................................................................................................................. 191
Provide Instructions to the Trusted Root Recipients ....................................................................................... 193
Emailing Your Digital ID Certificate .............................................................................................................................. 193
Saving Your Digital ID Certificate to a File ................................................................................................................. 195
Requesting a Digital ID via Email................................................................................................................................... 195
Emailing Server Details via FDF...................................................................................................................................... 197
Exporting Server Details via FDF ................................................................................................................................... 198
9
External Content and Document Security .............................................................................200
Setting Attachment Options ................................................................................................................................................. 200
Default Attachment Behavior......................................................................................................................................... 200
Modifying Attachment Behavior Via the User Interface ....................................................................................... 204
Adding Custom Attachment Extensions .................................................................................................................... 205
Propagating New Attachment Settings...................................................................................................................... 205
Allowing Attachments to Open Files or Launch Applications............................................................................ 205
External Stream Access ........................................................................................................................................................... 206
Internet URL Access.................................................................................................................................................................. 206
10 Index .........................................................................................................................................209
What’s in this Guide?
This guide describes some of the Acrobat 7.X family of product’s security features. Most features are
available in all 7.x series of releases. If a user interface item does not appear, then that feature is not
available. The features include the following:
• • • • • Working with digital IDs that are used for signing and certificate security workflows:
• “Getting and Using Your Digital ID” on page 9
• “Managing Trusted Identities” on page 27
Digital signatures:
• “Digital Signatures for Document Authors” on page 57
• “Digital Signatures for Document Recipients” on page 109
Security method and policies:
• “Password Security” on page 147
• “Certificate Security” on page 153
• “Adobe Policy Server Security” on page 159
• “Security Policies” on page 167
Sharing digital ID, server settings, and other data with data exchange files:
• “Exporting Acrobat Data” on page 189
• “Importing Acrobat Data” on page 181
Securing the application environment:
• “Setting Attachment Options” on page 200
• “External Stream Access” on page 206 (only available in 7.0.5 and later)
• “Internet URL Access” on page 206
8
2
Getting and Using Your Digital ID
A digital ID is a digital version of a driver license, passport, and other “certified by some entity” paper
identification. They are used to electronically prove an identity, thereby granting access and privileges to
secure documents. You will need a digital ID to sign with digital signatures and apply certificate security.
For participants in signing and certificate security workflows, exchanging the public part the digital ID (the
public key and certificate) is a central aspect of sharing signed and secure documents. For more
information, refer to the following:
• “Digital ID Basics” on page 10
• “Getting Your Own Digital ID” on page 13
• “Using Your Digital ID” on page 20
9
Acrobat
Security User Guide
Digital ID Basics
10
Digital ID Basics
What is a Digital ID?
A digital ID is a digital version of a driver license, passport, and other “certified by some entity” paper
identification. They are used to electronically prove an identity, thereby granting access and privileges to
secure documents. Digital IDs are required for using digital signatures and certificate security.
A digital ID consists of two parts: a certificate and a private key. A certificate consists of an identity and a
public key that are bound together and signed by a trusted or untrusted certificate authority. The
certificate sometimes includes a reference to the certificate issuer’s certificate, thereby creating what is
known as a “certificate chain.” Acrobat users share their certificates and public keys so that documents that
are signed or are associated with security methods, policies, and permissions can be securely traverse
workflows across the enterprise. Shared certificates can be physically sent in a file, or more commonly,
made available over a network. The private key is never shared and is used to decrypt documents.
While most certificates are signed by a third-party, trusted certificate authority, it is also possible to create
a self-signed digital ID within Acrobat. In this case, the certificate authority is also the owner of the digital
ID. Digital IDs are usually password protected and stored on a user’s computer, flash card, server, smart
card, or some other accessible location. Private keys are often backed up or escrowed by IS administrators
since the loss of the key means that documents encrypted with that key will no longer be accessible.
Figure 1 Digital ID: Components
How are Digital IDs managed?
Just as your certificate and public key is shared with other Acrobat users so that they can validate your
signature and use other security features, so do other users (contacts) share their certificates with you.
Sharing a certificate means that it is available to other users, and the physical certificate may or may not be
stored on local machines. There are several ways to share certificates:
•
Physical sharing: Certificates can be physically shared in a file sent via email or located in a shared
directory. They can be imported, exported, and otherwise managed with the Trusted Identity Manager.
For details, see Chapter 3, "Managing Trusted Identities".
•
Network sharing: Certificates are stored on a central server. The Trusted Identity Manager can be used
to search for certificates on LDAP directory servers. Acrobat provides tools for configuring and
managing as many directory servers as needed. For details, see “Using Directory Servers to Add Trusted
Identities” on page 53.
Acrobat
Security User Guide
Digital ID storage formats
11
Figure 2 Digital ID: From others
Digital ID storage formats
There are several digital ID storage formats. Common file extensions include .pfx (PKCS#12 on Windows), .
p12: (PKCS#12 on Macintosh), .apf (Digital ID files from Acrobat 4 and 5), and .cer (Windows certificates).
The most common ID types are as follows:
•
PKCS#12: A standard password protected and encrypted format that uses a .pfx extension on
Windows and .p12 on a Macintosh. These files can be stored anywhere, and Acrobat remembers the file
location when the ID is registered.
•
PKCS#11: An encryption format used on smart cards and other PKCS#11-compatible devices. There is
no file associated with these IDs.
•
Windows Personal Certificates: Windows Certificate digital IDs are stored in the Windows Certificate
Store (sometimes called a “credential store”). These IDs can be used by other Windows programs as well
as Acrobat. For information about using Windows certificates, see “Using the Windows Certificate Store
for Signing and Certificate Security” on page 31.
Digital ID User Interface
The Security Settings dialog enables users to manage their own digital IDs and find the digital IDs for
others that will participate in signing and certificate security workflows. Choosing Advanced > Security
Settings opens a dialog for managing the following:
•
•
Digital IDs: The digital ID tree lists your personal digital IDs.
•
P12 digital IDs: Users can add, remove, and manage their P12 digital IDs as well as change the
password for the .pfx file that may contain one or more IDs.
•
Windows digital IDs: Users can add, remove, export, and manage IDs in the Windows Certificate
Store.
•
PKCS#11 modules and tokens: Users who have smart cards or other PKCS#11 devices can add,
remove, and manage their own digital IDs.
Servers: The servers list includes a list of those servers that contain certificates (usually for other people)
that are used for signing and certificate security workflows.
•
Directory servers: Directory servers are LDAP servers that are capable of returning x.509 public key
certificates. These servers are certificate repositories that users search to expand their list of trusted
identities. Server administrators often set up a company-specific directory server.
•
Timestamp servers: Timestamp servers enable users to timestamp signatures with a timestamp
that originates from a trusted timestamp authority. Server administrators sometimes set up a
company-specific timestamp server or use a third-party service.
Acrobat
Security User Guide
Digital ID User Interface
•
Adobe Policy Servers: The Adobe Policy Server is only available to users in companies that have
purchase the APS software.
Figure 3 Security settings menu and manager
12
Acrobat
Security User Guide
Getting Your Own Digital ID
13
Getting Your Own Digital ID
Digital IDs help you sign, certify, and decrypt documents. There are several ways to get a digital ID:
• Adding IDs During a Workflow
• Adding IDs in Advance
• Responding to an Emailed Request for a Digital ID
• Creating a Self-Signed Digital ID
• Finding an Existing Digital ID
• Getting a Third-Party Digital ID
• Upgrading a Legacy .apf Digital ID
Adding IDs During a Workflow
The workflow for adding a digital ID begins with the Add Digital ID dialog (Figure 4). This dialog may be
accessed in two ways:
• In workflows where a user attempts to sign, certify, or encrypt a document.
• By setting up the ID ahead of time for later use.
Figure 4 Add Digital ID dialog
To set up an ID during the course of signing, certifying, or encrypting a document:
1. Start the process that requires a digital ID (Choose Sign, Save as Certified, or some other menu item.)
2. When the Apply Digital Signature - Digital ID Selection dialog appears, choose Add Digital ID.
3. Set up the ID as described by one of the following:
Acrobat
Security User Guide
Adding IDs in Advance
14
Adding IDs in Advance
The workflow for adding a digital ID begins with the Add Digital ID dialog (Figure 4). This dialog may be
accessed in two ways:
• In workflows where a user attempts to sign, certify, or encrypt a document.
• By setting up the ID ahead of time for later use.
To set up an ID in advance:
1. Choose Advanced > Security Settings.
2. Select Digital IDs in the left-hand tree.
3. Choose Add ID.
4. Set up the ID as described by one of the following:
Figure 5 Digital ID: Adding a digital ID
Responding to an Emailed Request for a Digital ID
There may be times when someone else needs your digital ID to verify your signature or encrypt a file for
you to decrypt (apply certificate security). To do either, they need access to the public part of your digital
ID so that it can be added to their trusted identities list. One way someone can get your ID is to request it in
an email.
To request your certificate, a user will simply choose Advanced > Trusted Identities and then choose
Request Contact. Acrobat automatically attaches an FDF file with their public digital ID information to an
email that requests your digital ID details. The workflow is essentially a digital ID “trade” that allows two
users to exchange digital IDs. You must have a digital ID before responding to the request. Before
continuing, get a digital ID as described in “Creating a Self-Signed Digital ID” on page 16 or “Getting a
Third-Party Digital ID” on page 19.
To respond to an emailed digital ID request:
1. Double click the attached FDF file.
Acrobat
Security User Guide
15
2. Choose Email your Certificate.
Figure 6 Emailing your certificate
3. Choose a digital ID from the list of existing digital IDs.
Tip: If you do not have a digital ID, an alert appears that says “A certificate was not selected for export.” Exit
the workflow and get a digital ID as described in “Creating a Self-Signed Digital ID” on page 16 or
“Getting a Third-Party Digital ID” on page 19.
Figure 7 Selecting a digital ID
4. Choose Select.
5. Review the email details. You can edit the To, Subject, and Body fields.
6. Choose Email.
7. Send the email through your mail application.
Acrobat
Security User Guide
Creating a Self-Signed Digital ID
16
Users can use third-party or self-signed digital IDs. Both types store an encrypted private key and a
certificate that contains a public key and information such as contact details. Self-signed IDs are usually
considered less secure because they are not issued by a third-party certificate authority.
To create a self-signed digital ID:
1. Navigate to the Add Digital ID dialog as described in Adding IDs During a Workflow or Adding IDs in
Advance.
2. Choose Create a Self-Signed Digital ID.
Figure 8 Digital ID: Creating a self-signed ID
3. Choose Next.
Figure 9 Self-signed ID alert
4. Choose Next.
5. Select a digital ID format and store:
•
New PKCS#12 Digital ID File: Stores the information in a .pfx file. On Windows, the default location
is C:\Documents and Settings\<username>\Application Data\Adobe\Acrobat\7.0\Security\.
•
Windows Certificate Store: (Windows only) Stores the private key on disk file where other Windows applications can find it and stores the certificate in the registry.
Tip: Which ID type should you choose? PKCS#12 digital IDs are flexible because they are files that can be
copied, moved, and emailed. They are cross-platform, portable, and always password protected.
These files should always be backed up.
Windows Certificate Store digital IDs are easy to use, do not have to be password protected, and can
be used by any Windows application. These are not portable and are less secure because a password
is not required. Digital IDs in the Windows Certificate Store can be used by other applications.
6. Choose Next.
7. Configure the Digital ID:
•
Name: The name appears in the Signatures tab and in the signature field.
Acrobat
Security User Guide
17
•
Organizational Unit: Optional. The company business unit to display in the signature and
certificate.
•
Organizational Name: Optional. The company business unit name to display in the signature and
certificate.
•
Email Address: Optional. The email address to display in the signature and certificate.
•
Country/Region: Optional. The country or region to display in the signature and certificate.
•
Enable Unicode Support Optional: Check the option to use unicode in the form fields.
•
Key Algorithm: 2048-bit RSA offers more security than 1024-bit RSA, but 1024-bit RSA is more
universally compatible.
•
Use Digital ID for: Select whether to use the digital ID for digital signatures, data encryption, or
both.
Figure 10 Digital ID: Configuration
8. If a Windows digital ID was selected, choose Finish; otherwise, for a PKCS#12 ID do the following:
1. Choose Next.
2. Specify a file name and location for the digital ID file.
3. Enter a password and confirm it.
Note: Passwords are case-sensitive and must contain at least six characters.
4. Choose Finish.
Acrobat
Security User Guide
Finding an Existing Digital ID
18
Figure 11 Digital ID: PKCS#12 location and password
Finding an Existing Digital ID
If a required digital ID file does not appear in the digital ID list, search for it and add it. These files may have
the following extensions listed in “Digital ID storage formats” on page 11.
To find a digital ID file:
Advance.
2. Choose Find an Existing Digital ID.
Figure 12 Digital ID: Finding an existing ID
3. Choose Next.
4. Choose Browse and browse to the digital ID file. PKCS#12 files can be stored anywhere, but the default
location for Windows is C:\Documents and Settings\<username>\Application Data\Adobe\Acrobat\7.
0\Security\.
5. Choose Open.
6. Enter the ID password.
7. Choose Next.
8. Choose Finish.
Acrobat
Security User Guide
Getting a Third-Party Digital ID
19
Getting a Third-Party Digital ID
In general, third-party digital IDs are used where a high level of trust is required. Vendors such as Entrust
provide advanced security features. Third-party providers verify your identity, maintain system integrity,
and provide multiple digital IDs for users who sign documents in different roles or certification methods.
To get information on third-party digital IDs:
Advance.
2. Choose Find an Existing Digital ID.
Figure 13 Digital ID: Getting a third-party ID
3. Choose Next.
4. When a Web page appears with a list of signature partners, follow the instructions provided.
Upgrading a Legacy .apf Digital ID
Acrobat 4 and 5 use a deprecated digital ID format with an .apf extension. If an .apf digital ID file is
selected, users will be prompted to convert the file to a supported file type.
Backing up the Private Key
Users should always back up their private key. Without the key, encrypted document cannot be decrypted
and opened. To protect and back up private keys across a business, administrators sometimes escrow
private keys for users throughout an organization.
Acrobat
Security User Guide
Using Your Digital ID
20
Using Your Digital ID
Once you have one or more digital IDs, you can edit, remove, and otherwise manage them from the
Security Settings dialog. To simplify subsequent workflows, it may be expedient to do the following before
using your ID :
•
Specifying a Default Digital ID: Set an ID to automatically use each time one is required for signing or
certificate encryption.
•
Emailing Your Digital ID Certificate: Since a digital ID’s certificate contains a public key required for
validating digital signatures and encrypting documents, you can send it to eventual document
recipients ahead of time. Doing so simplifies their validation process.
Figure 14 Digital ID management
Specifying a Default Digital ID
If a default digital ID is not specified, a prompt asks for a digital ID file. To avoid repeated prompts, specify a
default digital ID for signing, encrypting, or both. Different IDs may be used for signing and encryption.
To select a default digital ID file:
2. Select Digital IDs in the left-hand tree (Figure 5).
3. Highlight an ID in the list on the right.
4. Choose Set Default. A drop down list appears.
Figure 15 Digital ID: Default ID specification
5. Choose whether to use the digital ID for signing, encrypting, or both. A lock or pen icon (or both) will
appear to the left of the digital ID based on this selection.
Tip: Invalid and expired IDs are association with a yellow caution triangle. These may not be used.
Acrobat
Security User Guide
Changing or Clearing the Default Digital ID
21
Changing or Clearing the Default Digital ID
Only one default digital ID may be specified at a time.
To change or clear the default digital ID do one the following:
• Specify a new default ID as described in “Specifying a Default Digital ID” on page 20.
• Clear the default specification:
4. Choose Set Default. A drop down list appears.
5. Choose Clear.
Deleting a Digital ID
Caution: Deleting a digital ID has significant consequences that should be understood before
proceeding. Because deleting an ID deletes its private key, operations that require that key will
no longer be possible. Moreover, deleting a PKCS#12 ID actually deletes the ID rather than
Acrobat’s knowledge of the ID. If the file is used by other programs, do not delete it.
To delete a ID from the list of trusted certificates:
4. Choose Remove ID.
5. Choose OK when asked to proceed.
Figure 16 Digital ID: Deleting
Emailing Your Digital ID Certificate
A digital ID’s certificate contains a public key required for validating digital signatures and encrypting
documents. Therefore:
Acrobat
Security User Guide
22
•
Before users receiving a document can validate its signature, they must receive the sender’s certificate.
•
Before users can encrypt a document using certificates, they must have access to the certificates of the
document recipients.
Certificates can be emailed or saved to a file for later use. There are two ways to access the export
certificate user interface:
•
To export from the certificate list in the Security Settings dialog, display it by choosing Advanced >
Security Settings. For details, see below.
• To export any certificate displayed in the Certificate Viewer, choose Export on the General tab.
To email a digital ID certificate:
4. Choose Export Certificate.
5. Choose Email the data to someone (Figure 17).
Figure 17 Digital ID: ID export options
6. Choose Next.
7. Enter the recipient’s email address and any other optional information.
Figure 18 Emailing a digital ID
Acrobat
Security User Guide
Saving Your Digital ID Certificate to a File
23
8. Choose Next.
9. Choose Sign if you want to sign the FDF file; otherwise, choose Next.
10. Enter an email address.
11. Choose Next.
12. Review the data and choose Finish.
13. When the email program opens, send the email.
•
•
•
Exporting from the certificate list in the Security Settings dialog. Display it by choosing Advanced >
• Exporting any certificate displayed in the Certificate Viewer. Simply choose Export on the General tab.
To save a digital ID certificate to a file:
5. Choose Save the exported data to a file (Figure 17).
6. Choose a file type:
•
Acrobat FDF Data Exchange: FDF files can only be emailed in 7.0.7
•
Certificate Message Syntax - PKCS#7: Save the file as a PKCS7 file.
•
Certificate File: Saves the file in CER format.
7. Choose Next.
8. Browse to a file location and choose Save.
9. Choose Next.
10. Review the data to export and choose Finish.
Acrobat
Security User Guide
Viewing Your Digital ID Certificate Details
24
Viewing Your Digital ID Certificate Details
A user’s personal digital IDs are listed in the Security Settings dialog. The Certificate Viewer displays
certificate information, including the time for which the certificate is valid, usage, a unique serial number,
public key method, and so on (Figure 19).
To check certificate details:
4. Choose Certificate Details. The Certificate Viewer displays the certificate (Figure 19).
Figure 19 Digital ID: Certificate viewer
Changing a Digital ID’s Password and Timeout
Passwords and password time-outs can be set for PKCS#12 IDs and Windows Personal Certificates but not
for PKCS#11 IDs. In the case of PKCS#12 IDs where a file can contain multiple IDs, passwords and time-outs
are configured at the file level rather than for individual IDs.
Note: If a PKCS#12 .pfx file is read only, then change password and timeout options will not be
available.
To change the password:
2. Highlight Digital ID Files in the left-hand tree (Figure 20).
Acrobat
Security User Guide
Changing a Digital ID’s Password and Timeout
25
3. Select a file.
4. Choose Change Password.
5. Enter the old password.
6. Enter a new password and confirm it.
7. Choose OK.
Figure 20 Digital ID files: Password configuration
To change the password timeout:
2. Highlight Digital ID Files in the left-hand tree (Figure 5).
3. Select a file.
4. Choose Password Timeout.
5. Configure the Password Timeout Policy dialog by specifying when a prompt should appear asking for a
password:
•
Always: A password is always required each time the digital ID is used.
•
After: Choose a value from the drop down list.
•
Once per session: A password is asked for only one time while Acrobat is open.
•
Never: The password is never asked for.
6. Enter the password.
7. Choose OK.
Acrobat
Security User Guide
Login, Logout, and Batch Processing
26
Figure 21 Digital ID files: Timeout settings
Login, Logout, and Batch Processing
The digital ID Login and Logout feature is used primarily for batch processing. In normal operation, batch
sequences that require access to a digital ID invoke the user-interface's authentication dialog. Because the
dialog prompts the user for a password, the batch sequence is effectively stopped until a user intervenes.
The login and logout options are only useful for logging into the default digital ID or when some batch
process is set up to only use the digital ID the user is logged into.
To enable sequences to run automatically and bypass normal user interface actions, do the following:
3. Do one of the following:
•
Logout: Highlight an ID in the list on the right and choose Logout.
•
Login: Highlight an ID in the list on the right and choose Login. Enter a password when prompted
and choose OK.
Figure 22 Digital ID files: Login and Logout
3
Managing Trusted Identities
A digital ID is a digital version of a driver license or other “certified by some entity” paper identification that
electronically proves an identity, thereby granting access and privileges to secure documents. For signing
and certificate security workflows, obtaining the public part the digital ID (the public key and certificate)
from participants other than yourself is a central aspect of sharing signed and secure documents. Once
you obtain their information, they become a “trusted identity” within your application environment.
Understanding what a trusted identity is and how specific trust levels are specified can make secure
workflows more efficient. For example, you can add trusted identities ahead of time or as needed. Trusted
identity information can be stored locally or on a central server. Moreover, each identity’s certificate trust
settings may be individually specified. For more information, refer to the following:
• “Creating a Community of Document Authors and Recipients” on page 28
• “Setting up the Trusted Identity Environment” on page 30
• “Adding Someone to Your Trusted Identity List” on page 34
• “Working with Digital IDs and Certificates” on page 39
• “Certificate Trust Settings” on page 43
• “Managing Contacts” on page 47
• “Working with Groups of Contacts” on page 51
• “Using Directory Servers to Add Trusted Identities” on page 53
27
Acrobat
Security User Guide
Creating a Community of Document Authors and Recipients
28
Documents by their very nature are created to be shared and distributed, but in enterprise environments,
they are also designed to be used. When a document contains a security method, a digital signature, or
even a blank signature field, it is often the case that the author intends its distribution to be limited to
specific users or document recipients. A document recipient who has a public key certificate and is
specifically trusted by you to participate in secure or signature workflows is called a trusted identity.
Acrobat lets you to create a list of trusted identities, store their contact and certificate information, and set
different trust levels for each identity.
In signature and some secure workflows, a document recipient should be a trusted identity. Groups of
people that share documents with certificate security or digital signatures are in essence a community of
trusted identities that share their certificates to make those features work. You will add people to your
trusted identity list and others will add you to theirs.
Both certificate security and digital signatures rely on public key certificates to identify who can
participate in document lifecycles involving encrypting/decrypting and signing. Trusted identities are
therefore used in several workflows:
•
When you sign and send a document, the document recipient can validate your signature by validating
the certificate embedded in the document. The recipient can also choose to set the trust level
associated with that certificate if it will be reused in the future. Conversely, you need access to a
document sender’s certificate to validate their signature.
•
When you encrypt a document, you use the public key of the document recipients so that they can
decrypt it with their corresponding private key. Conversely, others need your certificate to encrypt
documents for you.
Acrobat provides tools for selecting and interacting with the certificates of document recipients you trust.
For example, Acrobat’s user interface prompts authors to select one or more recipients when applying
certificate security. Because it is often the case that a document will be sent or received from numerous
other individuals, it is often desirable to create a list trusted identities ahead of time. In large organizations,
an administrator may do this for you; otherwise, you will use Acrobat’s Trusted identity manager to build a
list of trusted identities containing your trusted identity’s contact information and certificates.
Acrobat
Security User Guide
29
Getting someone’s contact information and certificate involves searching for (or having sent to you) the
digital ID data in the requisite format. The three most common ways of getting the data include the
following:
•
Extracting the data from an FDF file. Double-clicking on an emailed file or a file on some accessible
directory causes Acrobat to automatically import the information.
•
Searching a server directory. Users can add directory servers containing contact information and
certificates. Sometimes administrator preconfigure these directories or send server details in an FDF
file.
•
Using the data embedded in a signed document. The Certificate Viewer provides options for adding
the information to the trusted identities list and setting the trust level.
Figure 23 Digital ID: Managing trusted identities
From within the Manage Trusted Identities dialog, users import and manage the digital ID information
(again, it contains certificate and certificate owner data) for any document recipient that should be
trusted. A contact will occasionally be associated with multiple certificates. Therefore, contacts and
certificates are in some respects managed independently of each other. It is also possible to create a group
from any number of contacts so that security can be applied to all group members with a single action.
Users manage contacts, groups, and certificates by choosing Advanced > Trusted Identities and opening
the Trusted Identities Manager.
Acrobat
Security User Guide
Setting up the Trusted Identity Environment
30
Setting up the Trusted Identity Environment
In signing and security workflows that use certificates, other users become “trusted” when their digital ID
certificates are verified and a specific trust level is set. You can simply validate and trust certificates
“on-the-fly” as you receive individual documents, or you can pre-trust certificates and set up product
behavior ahead of time to simplify workflows later.
For users making extensive use of certificates in document workflows, it is a good idea to consider doing
the following:
•
Creating Default User Information: Configure your personal information that will be used in
subsequent workflows.
•
Adding Certificate Servers as Searchable Directories: Configure the product to find certificates that are
not on your machine.
•
Using the Windows Certificate Store for Signing and Certificate Security: Configure the product to use
certificates in the Windows Certificate store for signing, signature validation, and certificate security.
Creating Default User Information
Users can enter default identity (user) information. Acrobat and Adobe Reader store this information and
use it automatically as the defaults for certain workflows such as creating new identities and self-signed
certificates, exporting directory server settings, and annotations.
To create default user information:
1. Choose Edit > Preferences (Windows) or Acrobat > Preferences (Macintosh).
2. Select Identity in the left-hand tree.
3. Configure the identity details as needed.
4. Choose OK.
Figure 24 Identity preferences
Acrobat
Security User Guide
Adding Certificate Servers as Searchable Directories
31
Adding Certificate Servers as Searchable Directories
Some security settings enable you to search for digital IDs (public key certificates) that needed to be
added to your list of trusted identities because the ID owners will be participating in signing and certificate
security workflows. In large organizations, these certificates are often stored on a server. Configuring
Acrobat or Adobe Reader with specific server information allows those products to search the servers for
the needed certificates.
As described in “Using Directory Servers to Add Trusted Identities” on page 53, choosing Advanced >
Security Settings opens a dialog for add the following servers:
•
Directory servers: Directory servers are LDAP servers that are capable of returning x.509 public key
certificates. These servers are certificate repositories that users search in order to expand their list of
trusted identities. Server administrators often set up a company-specific directory server.
•
Timestamp servers: Timestamp servers enable users to timestamp signatures with a timestamp that
originates from a trusted timestamp authority. Server administrators sometimes set up a
company-specific timestamp server or use a third-party service.
Note: Adobe Policy Servers: The Adobe Policy Server is only available to users in companies that have
purchase the APS software. It does not contain certificates.
Using the Windows Certificate Store for Signing and Certificate Security
The Windows Certificate Store is an area in the registry where certificates are stored for use by Windows
applications. A certificate store may contain numerous certificates issued by different certification
authorities. Moving those certificates is not an option because the Windows Certificate Store is used by
programs other Adobe products. For example, when signing outgoing emails in Outlook, the digital ID
comes from the “Personal” certificate store in Windows. When validating signed emails from other people
in Outlook, the trusted certificates are stored in the Windows “Trusted People” certificate store.
The Windows Certificate Store contains a store called “Trusted Root Certificate Authorities” that contains
root certificates. Certificates are “root” certificates simply by virtue of being at the top of the certificate
chain hierarchy. These certificates are X.509-compliant certificates that are digitally signed by a certificate
authority that Microsoft or a system administrator has determined is trustworthy.
Users often want to use the Windows Certificate Store as well as Adobe’s store. Both Acrobat and Reader
provide options for adding the Windows Certificate Store to their directory search path in the Trusted
Identity Manager so that those certificates can be imported, trusted, and used for validating signatures
and encrypting documents.
To use these certificates within Acrobat or Reader, enable import from the Windows Certificate Store.
Doing so allows seamless integration between Acrobat and other applications, including encrypting files
within Acrobat that are emailed via Outlook. You also might wish to import certificates from here if there
are some people you exchange email with via Outlook that you wish to trust for certifying documents,
signing JavaScripts, and so on, but you do not wish to trust all of them.
Using Windows Certificate Store Certificates for Validation
The are two common ways a certificate ends up in the Windows Certificate Store root directory:
•
The manufacturer of the computer or Microsoft has put them there.
•
A company administrator has put them there as part of a larger, company-wide program called a
public-key infrastructure (PKI).
Acrobat
Security User Guide
32
For this reason, most home users do not need to trust Windows root certificates by default. Trusting all
root certificates for any operation may compromise security because content from companies that have
certificates installed in Windows may be automatically trusted. That is, by trusting root certificates, you
may be trusting all the content provided by the company that owns that certificate.
Enterprise users, on the other hand, should consult company policy to determine whether or not trust all
Windows root certificates for either validating signature, and/or certifying documents. This information
should come from the IS administrator, and Acrobat may already be configured with the correct settings. A
common reason to trust Windows roots is so the system administrator can manage from a central location
the certificates deployed across a network.
Tip: Many root certificates ship with Windows, and they do not always meet the same standards. The
decision should be made by an experienced system administrator who knows the implications.
To use these certificates for validation:
1. Choose Edit > Preferences.
2. Choose Security in the left-hand list.
3. Choose Advanced Preferences.
4. Display the Windows Integration tab.
Figure 25 Trusting Windows root certificates
5. Specify the trust level for all root certificates in the Windows Certificates Store:
•
Validating signatures: All root certificates in the Windows Certificates Store will be trusted when
validating signatures.
•
Validating certified documents: All root certificates in the Windows Certificates Store will be
trusted when validating certified documents.
6. Choose OK.
7. Choose OK.
Adding Windows Certificate Store Certificates to the Search Path
Acrobat’s user interface enables users to search directories from the Search for Recipients dialog (Figure
26). Adding the Windows store to the search path automatically makes its certificates available for import.
This dialog can be invoked from two locations:
Acrobat
Security User Guide
•
From a certificate security workflow: Set the encryption settings, choose Next, and then choose
Search.
•
From the Trusted Identity Manager: Choose Add Contacts, and then choose Search.
33
By default, the Windows Certificate Store is not added to Acrobat’s search path. Once the option is
manually turned on, the Windows store will appear in the Search for recipients dialog Directories drop
down list.
To make Windows Certificate Store directories part of the search path:
1. Choose Edit > Preferences.
4. Display the Windows Integration tab (Figure 25).
5. Specify whether to enable import of identities from the Windows Certificate Store into the list of
trusted identities. Check or uncheck Enable import and use of identities in the Windows Certificate
Store.
The Windows Certificate Store appears in the Directory list.
Figure 26 Digital IDs: Searching the Windows Certificate Store
6. Choose OK.
7. Choose OK.
Acrobat
Security User Guide
Adding Someone to Your Trusted Identity List
34
Adding Someone to Your Trusted Identity List
As shown in Figure 23, you build a list of trusted identities by getting contact and certificate information
from others who will be participating in workflows that use public key certificates. You get this information
from a server, a file, or from a signed document. For signing workflows, you can get this information during
the signature validation process. For certificate security workflows involving encryption, you must request
the information ahead of time so you can encrypt the document with the document recipient’s public key.
Adding a Digital ID from a Signature
When you receive a signed document from someone whose digital ID is not in your trusted identity list,
the certificate validity will be unknown and a question mark will appear in the signature status icon. To
validate the signature then, add the signer’s digital ID to your application’s trusted identity list.
To add signer’s ID from their signature:
1. Right click on the signature and choose Properties.
2. Choose the Signer tab.
3. Choose Show Certificate.
4. When the Certificate Viewer appears, choose the Trust tab.
5. Choose Add to Trusted Identities.
6. Choose the certificate trust settings as described in “Trusting a Certificate for Signing and Certifying”
on page 43.
Requesting a Digital ID via Email
When you request digital ID information from someone, Acrobat automatically includes in that email an
FDF file containing your contact and certificate information.
To request a certificate from another user:
1. Choose Advanced > Trusted Identities.
2. Choose Request Contact.
Acrobat
Security User Guide
35
Figure 27 Emailing a certificate request
3. Confirm or enter your identity.
Tip: The identity panel is prepopulated if the information has been previously configured in Edit >
Preferences > Identity. To view or edit identity information, see “Creating Default User Information”
on page 30.
4. Choose Include My Certificates to allow other users to add your certificate to their list of trusted
identities.
5. Choose whether to email the request or save it as a file.
6. Choose Next.
7. Select the digital ID file to export.
Figure 28 Certificates: Selecting a digital ID for export
8. Choose Select.
•
Email: Enter the person’s email address in the Compose Email dialog and choose Email. Send the
email message when it appears in the default email application with the certificate request
attached.
Acrobat
Security User Guide
Browsing for a Trusted Identity
•
36
Save as file: Choose a location for the certificate file Export Data As dialog. Choose Save, and then
choose OK. Tell the intended recipient(s) where to find the file.
Browsing for a Trusted Identity
Adding a contact may or may not add a certificate since certificates aren’t necessarily attached to the
contact information. However, in most cases you get both. Check the Contacts and Certificates panel to
see what was imported.
To browse to the contact file location:
2. Choose Add Contacts.
3. Choose Browse.
4. Browse to the contact file location.
Tip: If the information was exported from Acrobat, it will be in an FDF file. Other file types include .cer, .
p7b, and so on.
5. Select the file.
6. Choose Open.
Figure 29 Importing digital ID data
7. Choose Import.
8. Choose OK when the confirmation dialog appears.
Searching for a Digital ID to Trust
The search feature allows you to search a list of preconfigured directories for certificates that you can add
to your trusted identity list. When you have access to someone else’s certificate, you can validate their
Acrobat
Security User Guide
Searching for a Digital ID to Trust
37
signature and send them secure documents. If no directories have been previously specified, the Search
button will NOT appear. The list of search servers in the Directories drop down list is populated through
three mechanisms:
•
The default list of servers that ship with Adobe Acrobat and Adobe Reader.
•
Whether or not the user has configured the application to use the Windows Certificate Store. For
details, see “Using the Windows Certificate Store for Signing and Certificate Security” on page 31.
•
Whether or not the directory server list is in the Security Settings Manager. For details, see “Using
Directory Servers to Add Trusted Identities” on page 53.
Home users do not usually need to change the directory server list. Users in enterprise environments
typically have the list preconfigured for them by their system administrator.
Adding a contact may or may not add a certificate because certificates aren’t necessarily attached to the
contact information. However, since importing only contact information doesn’t let you do anything, in
most cases you get both. After finding and importing the data, check the Contacts and Certificates panel
to see what was imported.
To search for a certificate so that you can add one or more people to your trusted identities list:
2. Choose Add Contacts.
3. Choose Search.
4. Configure the search options:
•
Choose Search all directories or select a directory and optional group.
Searching all directories may take some time. In a business environment, it is often expedient to just
select the company’s LDAP directory.
•
Enter a name and/or email address to search. This is an AND search. Using both fields only returns
results that match both criteria.
Acrobat
Security User Guide
Importing a Single Certificate From an FDF File
Figure 30 Searching for a document recipients
5. Choose Search.
6. Select a name from the search results.
7. Choose OK.
8. Choose Import.
9. Choose OK when the confirmation dialog appears.
Importing a Single Certificate From an FDF File
For details, refer to the following:
• “Importing a Single Certificate via FDF” on page 181
• “Importing Multiple Certificates via FDF” on page 182
38
Acrobat
Security User Guide
Working with Digital IDs and Certificates
39
Working with Digital IDs and Certificates
In Acrobat, other users become “trusted” when their digital IDs are verified and a specific trust level is set.
You can set trust levels ahead of time if you have access to the certificates of those users that will
participate in your signing and encryption workflows. If you do not have access to those certificates,
simply validate and trust certificates “on-the-fly” as you receive individual documents. As shown in Table 1,
the Certificate Viewer provides six tabs with functionality for working with and verifying digital IDs.
Table 1 Certificate Viewer information
Tab
What is shows
What you can do
General
Signer and Issuer information, validity dates, and intended
usage.
Export the certificate to a file
Details
View certificate data
The data can be used in a variety of ways, one of which is
using the digests to verify the certificate’s origin.
Revocation
Show certificate validity status as determined by the
Signer Details: Open the certificate viewer for the
revocation check and provides an explanation of that status. selected certificate. The button is only active the
certificate is not a trusted root.
Problems encountered: View a description of the
problems with the revocation checking. The button is
only active if revocation checking occurred but failed.
Check revocation: Enables manual revocation checking.
The button is only active if no checking occurred.
Trust
Lists the user-specified certificate trust settings
The certificate can be added to the Trusted Identity list.
Policies
List policy OIDs associated with this certificate, if any.
Describes the policy
View policy details.
Legal Notice Displays a generic legal disclaimer, the certificate issuer’s
policy statement, issuer notice, and link to the policy, if any.
If an issuer policy is used, the policy can be displayed.
Displaying a Certificate in the Certificate Viewer
When a certificate is displayed in the certificate viewer, you can check certificate validity, trust settings,
associated policies, and other details that help you establish the owner’s identity. The Certificate Viewer
provides six tabs that displays certificate data and allows you to manage that certificate on your system
(Table 1).
2. Choose Certificates in the Display drop down list.
Note: In addition this method, you can also display the certificate from any signature or certificate security
method workflow where a Show Certificate or Certificate Details button appears, such as the
Signature Properties dialog.
3. Select the certificate.
Acrobat
Security User Guide
Verifying Self-Signed Certificates
40
Figure 31 Trusted Identities: Viewing
4. Choose Show Certificate. The Certificate Viewer displays the certificate.
Figure 32 Certificate Viewer
Verifying Self-Signed Certificates
Certificates are usually issued by a trusted, third-party certificate authority such as Verisign. However,
anyone can set up a certificate authority or create a self-signed certificate purporting to be anyone else. It
is even possible to create a certificate authority that claims to be Verisign. It is therefore recommended
that users verify a certificate’s origin. After the origin is verified, use the Trusted Identity Manager to specify
Acrobat
Security User Guide
Checking Certificate Revocation Status
41
certificate trust settings so that it can be used as a trusted root, to certify documents, and so on. For details,
see “Certificate Trust Settings” on page 43.
Tip: For self-signed certificates or those issued by unknown or untrusted certificate authorities, it is
prudent to verify the certificate owner’s identity before being added to them trusted identity list.
To verify the origin of the certificate:
1. Display the certificate in the Certificate Viewer:
•
If the certificate is embedded in a signature, right click on the signature, choose Properties, display
the Summary tab, and choose Show Certificate.
•
If the certificate is in an FDF file attached to an email sent from Acrobat, double-click the attached
file, and choose Certificate Details in the Import contact settings dialog.
Tip: Double clicking a file other than an FDF will likely install the certificate in the Windows Certificate
Store. If the file is .cer, .p7b, or some other format, save the file locally and import it into the Trusted
Identity Manager as described in “Browsing for a Trusted Identity” on page 36
2. Display the Details tab.
3. In the Certificate data panel, scroll to MD5-digest and SHA-1 digest and note the numbers.
4. Contact the certificate's originator and verify the MD5-digest and SHA-1 numbers are correct.
5. After the certificate is verified, display the Trust tab and add the certificate to the trusted identities list.
Figure 33 Certificates: Verifying originator
Checking Certificate Revocation Status
Only the certificate issuer (a certificate authority) has the right to revoke a certificate, and Acrobat’s check
of the revocation status is part of its public key authentication. There are a number reasons why a
certificate might be revoked: its security might be compromised, it could be invalid for some reason, or the
owner of the ID might have left the company.
To check a certificate’s revocation status:
1. Choose the Revocation tab.
2. Choose Check Revocation. The certificate details appear in the Details panel.
Acrobat
Security User Guide
Trusting Timestamp Authority Certificates
42
3. Choose OK.
Figure 34 Trusted Identities: Viewing revocation status
Trusting Timestamp Authority Certificates
Certificates can be used with a timestamp server and timestamps to associate a particular time and date
with a signature. These certificates are typically issued by a third-party timestamp authority. The workflow
for importing, validating, and setting trust levels for timestamp certificates is generally the same as those
for using certificates with signatures.
For details, see the following:
• “Importing a Single Certificate From an FDF File” on page 38
• “Verifying Self-Signed Certificates” on page 40
• “Timestamp Basics for Authors” on page 91
Acrobat
Security User Guide
Certificate Trust Settings
43
Certificate Trust Settings
Each contact in the trusted identity list should be associated with one or more certificates. Certificate trust
settings may be individually configured as needed. Users can specify whether a certificate received from
someone else should be trusted for certain actions. Choosing to not trust a certificate does not prevent a
document from displaying, but it can limit what that document can do and whether a signature is valid.
Signatures and timestamps associated with valid but untrusted certificate appear with a question mark
(Figure 35). One of a contact’s certificates can also be selected as the default for encryption.
Figure 35 Untrusted signature
Certificate trust settings have the following features:
•
Trust settings are configured in the Trusted Identity Manager or at the time of import.
•
Trust setting can be viewed in Trusted Identity Manager by choosing Edit Trust (Figure 37) or by
choosing the Trust tab in the Certificate Viewer (Figure 36).
•
Certificates can be separately trusted for approval signatures and certification signatures.
•
Dynamic content and JavaScript can be configured to run on a per-certificate basis, but these settings
interact with the applications’s environment settings.
Figure 36 Certificate trust settings
Trusting a Certificate for Signing and Certifying
To sign or certify a document the signer must have a digital ID with a certificate. In order for ordinary and
certification signatures to be valid, the certificate must be valid and it must be explicitly trusted for these
operations or chain up to a trusted root which is.
To trust a certificate for signing and certifying:
3. Select the certificate.
Acrobat
Security User Guide
Trusting Dynamic Content in Certified Documents
44
4. Choose Edit Trust.
5. Display the Trust Settings tab.
6. Set the certificate’s trust settings:
•
Signatures and as a Trusted Root: Trusts the certificate as a trusted root for approval signatures.
The net result is that any other certificates which have this one as a root in the chain will also be
trusted for signing. At least one certificate in the chain (and preferably only the root in the chain)
must be a trusted root to validate signatures and timestamps certificates.
Tip: There is no need to make end entity or intermediate certificates trusted roots if they chain up to
trusted root. It is best practice to only trust the topmost certificate as the root because revocation
checking occurs on every certificate in a chain until the root is reached. For example, if you have a
certificate which chains up to your company’s intermediate certificate which in turn chains up to
Verisign, you would only make Verisign a trusted root and NOT your company’s, your own, or any of
your coworker’s certificate’s.
•
Certified Documents: Trusts the certificate for certification signatures.
•
Dynamic Content: Not recommended for certified documents. Trusts movies and other dynamic
content. This option requires that the application environment be configured correctly. For more
information, see “Trusting Dynamic Content in Certified Documents” on page 44.
•
Embedded High Privilege JavaScript: Not recommended for certified documents. Trusts
embedded scripts. This option requires that the application environment be configured correctly.
For more information, see “Trusting JavaScript in Certified Documents” on page 45.
7. Choose OK.
8. Choose OK.
Trusting Dynamic Content in Certified Documents
Whether dynamic content runs in certified documents depends on whether the document recipient has
explicitly trusted the sender’s digital ID for such actions. Recipients can set the application to run
JavaScript generally, but they can also control for certified documents JavaScript execution on a
per-certificate basis.
It is also possible to trust a root certificate for these actions. Any certificate that chains up to that root will
share its trust settings. For example, some enterprises may issue a MyCompany certificate that trusts
Acrobat
Security User Guide
Trusting JavaScript in Certified Documents
45
dynamic content. If all employee certificates use MyCompany as a root, then they can send and receive
certified documents within the company that contain working dynamic content.
Tip: Because dynamic content represents a security risk and could potentially change the document’s
appearance, it is recommended that participants in certified workflows do not allow multimedia.
To allow dynamic content to execute in certified documents:
1. Configure the application environment to run multimedia as described in “Setting Dynamic Content
(Multimedia) Security Options” on page 117.
2. Trust the certificate associated with the certification signature for multimedia as described in “Trusting
a Certificate for Signing and Certifying” on page 43.
Trusting JavaScript in Certified Documents
Whether JavaScript is executed in certified documents depends on whether the document recipient has
explicitly trusted the sender’s digital ID for such actions. Recipients can set the application to run
JavaScript generally, but they can also control for certified documents JavaScript execution on a
per-certificate basis.
It is also possible to trust a root certificate for these actions. Any certificate that chains up to that root will
share its trust settings. For example, some enterprises may issue a MyCompany certificate that allows
JavaScript. If all employee certificates use MyCompany as a root, then they can send and receive certified
documents within the company that contain working JavaScript.
Tip: Because scripts represent a security risk and could potentially change the document’s appearance, it
is recommended that participants in certified workflows do not allow JavaScript to run.
To allow JavaScript to execute in certified documents:
1. Configure the application environment to run JavaScript as described in “Setting High Privilege
JavaScript Security Options” on page 119.
2. Trust the certificate associated with the certification signature for JavaScript as described in “Trusting a
Certificate for Signing and Certifying” on page 43.
Selecting a Certificate to use for Encryption
In order to encrypt a document that can be decrypted by a document recipient, it is necessary to explicitly
trust their certificate for encryption. Note that each contact in your Trusted Identity list should be
associated with at least one certificate. If there is only one certificate, Acrobat automatically selects it as the
one to use for encryption. If more than one certificate is associated with the contact, you can select which
one to use as the default encryption certificate.
Note: You can only use certificates for encryption that have encryption usage rights and are valid (not
expired). Acrobat displays a warning dialog during the encryption process if the selected certificate
cannot be used.
To set a default certificate for encryption:
2. Choose a contact in the left-hand list (Figure 39).
Acrobat
Security User Guide
Selecting a Certificate to use for Encryption
3. Choose Details.
4. Highlight a certificate in the certificate list. Use the certificate that person tells you to use.
5. Choose Use for encryption (Figure 38). The lock icon moves to the selected certificate.
6. Choose OK.
Figure 38 Trusting a certificate for encryption
46
Acrobat
Security User Guide
Managing Contacts
47
Managing Contacts
Contacts are typically those people that will send you documents or receive documents from you. Each
contact may be associated with one or more certificates. Like certificates, contacts can be added, removed,
edited, and so on from the trusted identity list.
Viewing and Editing Contact Details
When a contact’s details change, it is possible to update them in the Trusted Identity Manager.
To change a contact’s details:
2. Choose a contact in the left-hand list.
Figure 39 Contacts: Viewing details
3. Choose Details.
Figure 40 Edit Contact dialog
4. Edit the details as required.
Acrobat
Security User Guide
Emailing Certificate or Contact Data
48
5. Choose OK.
Emailing Certificate or Contact Data
You can export certificate and contact data via email directly from the Trusted Identity Manager. Doing so
allows other users to add that data their trusted identity list, thereby expanding the number of users that
can participate in secure document workflows. For details, see “Emailing Your Digital ID Certificate” on
page 193.
Saving Certificate or Contact Details to a File
You can export certificate and contact data and save it to a file from the Trusted Identity Manager. Doing
so allows you to email it later or locate it on a shared network directory. Other users can then add that data
to their trusted identity list, thereby expanding the number of users that can participate in secure
document workflows. For details, see “Saving Your Digital ID Certificate to a File” on page 195.
Associating a Certificate with a Contact
A certificate is usually already associated with a contact and contact details. However, in certain cases the
two may need to be reassociated:
• Someone has provided you with new contact information.
• An old contact has sent you a certificate to be associated with old contact information.
To associate a certificate with a contact:
3. Choose Details.
4. Choose Associate Certificate (Figure 40).
Figure 41 Contacts: Selecting certificates
5. Select a certificate from the list.
6. Choose OK.
7. Choose OK.
Acrobat
Security User Guide
Changing a Trusted Identity’s Certificate Association
49
Changing a Trusted Identity’s Certificate Association
In Acrobat, contacts in the Trusted Identity Manager only have value when they are associated with
certificates that are used in encryption and signing workflows. Therefore, removing a certificate
association only makes sense when it is being replaced by another certificate. For example, someone in
your trusted identities list may have replaced a compromised or expired certificate with a new one. In this
case, simply replace the old certificate association with a new one.
3. Choose Details.
4. Choose a certificate from the list.
5. Choose Remove Association (Figure 42).
6. Choose a certificate from the list.
Note: The certificate list is populated with the currently associated certificate and any unassociated
certificates for the current contact. In other words, the list does not display all of a contact’s
certificates, it displays only those that have no contact association.
7. Choose Associate Certificate.
8. Choose OK.
Figure 42 Edit Contact dialog
Deleting Contacts and Certificates
It is possible to delete contact information independently from its certificate. The two most common
scenarios for deleting trusted identity information includes the following:
•
You now longer share documents with a trusted identity. and so delete both the contact and
certificate.
•
The trusted identity’s contact information or certificate has changed and new data will be imported.
•
The contact information has changed so only it is deleted. The certificate is associated with a new
contact.
Acrobat
Security User Guide
Deleting Contacts and Certificates
To delete a contact (and optionally a certificate):
2. Choose Contacts from the Display drop down list.
4. Choose Delete.
5. Choose whether or not to delete the certificate along with contact.
6. Choose OK.
Figure 43 Contacts: Deleting
Deleting a Certificate
To delete a certificate:
2. Choose Certificates from the Display drop down list.
3. Choose a certificate in the left-hand list (Figure 40).
4. Choose Delete.
5. Choose OK.
50
Acrobat
Security User Guide
Working with Groups of Contacts
51
Working with Groups of Contacts
Contacts can be added to a group so that all group members can easily share a predefined set of
permissions and restrictions. For example, it is possible to create a certificate-based security policy that
applies to an entire group. Administrators or users can create a group and export the group’s details to an
FDF file that is then sent to individual users. This feature makes it easy to manage permissions for a large
number of people.
Note: Importing a group imports the contacts (all group members), but not the group. If desired,
create a new group from those newly imported contacts.
Creating a Group
Individual users and administrators create a group using the same method. To create a group:
2. Choose New Group.
3. Enter a group name (Figure 44).
4. Add contacts as needed.
5. Choose OK.
Adding or Removing Group Contacts
To add or remove group members:
2. Double-click on a group or highlight the group and choose Details.
3. Add or remove a contact:
• Adding a contact: Choose Add, select a contact from the contact list, and choose OK twice.
• Removing a contact: Select a contact, choose Remove, and choose OK.
Figure 44 Contacts: Editing a group
Acrobat
Security User Guide
Deleting a Group
52
Deleting a Group
To delete a group:
2. Choose a group in the left-hand list (Figure 39).
3. Choose Delete.
4. Choose OK.
Figure 45 Contacts: Deleting a group
Using Groups with Security Policies
Certificate and APS security policies can be applied to an entire group. Public key certificate policies
applied to groups are typically stored in the author’s local Trusted Identity Manager. Adobe Policy Server
policies that are applied to groups are stored on the Adobe Policy Server. For details, see “Applying a
Security Policy to a Group” on page 173.
Acrobat
Security User Guide
Using Directory Servers to Add Trusted Identities
53
Using Directory Servers to Add Trusted Identities
Businesses that use certificates to identify participants in signing and secure workflows often need a single
repository for those certificates. Locating in one place that part of a user’s digital ID that is shared across
the organization (the public certificate), simplifies management for the administrator and certificate
sharing for employees.
Directory servers are LDAP servers that are capable of returning x.509 public key certificates. These servers
are certificate repositories that users search to expand their list of trusted identities. Both Adobe Acrobat
and Adobe Reader ship with three default servers:
• VeriSign Internet Directory Service
• GeoTrust Directory Service
• IDtree Directory Service
Home users may never need to search or add directory servers. In most cases, needed certificates will be
sent directly to you or will be embedded in a signature. However, users in enterprise environments will
likely use directory servers when their company administrator has set up an LDAP server as part of their
public key infrastructure. This allows the administrator to make the certificates available to teams and
workgroups while managing them from a central location. The administrator usually preconfigures user
machines, sends the server configuration details in an FDF file so that Acrobat can automatically import
them, or tells the user how to configure the server manually.
Figure 46 Digital ID Directory servers: Server list
Manually Configuring a Directory Server
Some companies store employee digital ID certificates on a networked LDAP server. To access those
certificates, add the server to the list of directories used to locate those IDs.
To configure an identity directory:
2. Select Directory Servers in the left-hand list (Figure 46).
3. Choose New.
Acrobat
Security User Guide
Editing Directory Servers Details
54
4. Configure the LDAP server settings in the Edit Directory Server dialog:
Tip: Contact the system administrator for the server details.
•
Directory Name: The directory to search.
•
Access Type: LDAP is the only type supported.
•
Server Name: The server name.
•
Port: The server port. 389 is the default port.
•
Search Base: A comma-separated list of name-value pair container objects used in the search. For
example, c=us,cn=John West,ou=Engineering,dc=example,dc=com, representing country, common
name, organizational unit, and domain component respectively.
•
This server requires me to log on: Check if the server requires a username and password.
•
User name: The login username.
•
Password: The login password.
•
Timeout: The number of seconds to keep trying to connect.
•
Maximum Number of Records to Receive: The number of records to return. Records may include
users, users with multiple certificates, and so on.
5. Choose OK.
Figure 47 Digital ID Directory servers: Setting server details
Editing Directory Servers Details
Directory server details can be changed at any time.
To edit directory server information:
3. Select a directory server from the right-hand panel.
4. Choose Edit.
Acrobat
Security User Guide
Deleting a Directory Server
55
5. Change the information as required. For details, see “Manually Configuring a Directory Server” on page
53.
6. Choose OK.
Deleting a Directory Server
Previously configured directory servers containing digital IDs can be removed at any time.
To delete a directory server:
4. Choose Remove.
5. When a confirmation dialog appears, choose OK.
Specifying a Default Directory Server
A default server may be specified so that it is always used when searching for digital IDs.
To set default directory server:
4. Choose Set Default.
5. Choose OK if a confirmation dialog appears.
A star appears next to the name of the selected server.
Figure 48 Digital ID Directory servers: Setting defaults
Acrobat
Security User Guide
Importing and Exporting Directory Server Settings
Importing and Exporting Directory Server Settings
For details, refer to the following:
• “Importing Directory Server Settings via FDF” on page 194
• “Emailing Server Details via FDF” on page 206
• “Exporting Server Details via FDF” on page 207
56
4
Digital Signatures for Document Authors
This document describes Acrobat’s digital signature capabilities that document authors can use to create
certified documents, signable forms, custom workflows, and personalized signature appearances. While it
is possible to use Acrobat’s signing capabilities out of the box and without prior knowledge of its signature
technology, most users find it expedient to learn what a signature is and how to use them.
For example, understanding what a signature is and how it works is critical to understanding how
signatures are validated. That understanding might in turn lead an author to set up their authoring
environment in a particular way and craft documents in a specific manner in order to control document
behavior once they are sent to document recipients. For more information, refer to the following:
•
“Signing Basics” on page 58
•
“Setting up the Signing Environment” on page 63
•
“Certifying a Document (Certifying Signatures)” on page 65
•
“Signing a Document Without Certifying (Ordinary Signatures)” on page 71
•
“Signature Field Design and Editing” on page 74
•
“Authoring Signable Forms” on page 81
•
“Personalizing Signature Appearances” on page 87
•
“Timestamp Basics for Authors” on page 91
Advanced users and developers should also refer to the following documentation:
•
Acrobat JavaScript Scripting Guide: Describes how to programmatically change security and
signature behaviors.
•
Digital Signature Appearances: Describes how to programmatically customize signature appearances.
•
Acrobat SDK: Describes how to use security APIs to interact with Acrobat’s security features and
provides examples.
•
PDF Reference 1.6: Describes the PDF language, including the signature and encryption dictionaries.
Common Signature Workflows
There are four basic signature workflows:
•
Document notarization: A document is opened in Acrobat, reviewed, and then signed. After the
signature, no further work is expected to be done on the document.
•
Multi-user document notarization: Same as the above, but after the first signature, the document is
sent to the next user to review and sign. This process is repeated as necessary.
•
PDF forms for a single user: A PDF form is routed to the user. The recipient fills out the form and signs
it. No further work is expected to be done on the document.
•
PDF forms for multiple users: This workflow starts the same way as the single user case. After the first
user is finished, the form is routed to the next user who will fill out the appropriate fields and then sign
it. This process is repeated as necessary.
57
Acrobat
Security User Guide
Signing Basics
58
Signing Basics
What is a Digital Signature?
A digital signature, like a conventional handwritten signature, identifies the signer. Unlike traditional,
paper signatures, each digital signature stores information about the person signing a document.
Signatures help users create and engage in workflows where there is some requirement for security. For
example, signatures can be used to verify signed content has not been altered, confirm the sender’s
identity, and to prevent the signer from denying their own signature. Moreover, document versioning and
comparison features allow document recipients to verify what was actually signed and compare the
content of different document versions.
Document authors can design documents with any number of signature fields, each with their own
characteristics. Authors can control field appearance, field behavior, and even how the document behaves
after a field is signed. Acrobat’s signature capabilities provide many options so that authors can create
customized workflows that meet special needs, such as locking other fields after the document is signed
or making a signature field a required part of a workflow.
While it is not necessary to understand all of the technical details about what constitutes a digital
signature, it is helpful to know its basic components and how the state of those components affects
signature validity. A signed document consists of three main components: the original document, the
signature, and the signer’s certificate (Figure 49). In order to participate effectively in signing workflows,
users should understand the origin of each component and how that component’s state can affect a
signature’s validity:
•
The original, unsigned PDF. The document author creates the PDF. Each signature is only valid for a
specific version of the document.
How does a document current state affect signature validity? If the document changes after signing, its
integrity is compromised and the signature may become invalid.
•
The signature. Acrobat creates a hash (number representation) of the original document. The number
is encrypted with a private key and turned into a “signed message digest.” Both the digest and the
signature appearance are embedded in the document.
How is signature validity determined? When a document recipient validates a signature, a new
message digest is created and compared to the old message digest that was embedded in the
document at the time of signing. If the two digests are not identical, the signature may become invalid.
Signature validity is also dependant on the validity of the signer’s certificate.
•
The signer’s certificate. A signer must have a digital ID that includes an X.509 compliant certificate
and a private key. The certificate contains a public key that is shared. The private key is used to encrypt
the message digest.
How does certificate status affect signature validity? It must chain up to a trusted certificate authority
and at the time of signing must not have been revoked.
Acrobat
Security User Guide
Signature Types: Approval and Certifying
59
Figure 49 Signature components
Note that signature validity depends on all three of these components. The embedded certificate provides
the information needed to verify the signer’s identity. The original document and the embedded message
digest are used to verify that the document has not changed since it was signed. Optional components
such as embedded revocation information or a timestamp may also be included in a signature. When a
signature is invalid, the signer’s identity cannot be verified, or there is some other problem, the signature
validator is warned. For details, see Chapter 5, "Digital Signatures for Document Recipients".
Signature Types: Approval and Certifying
A document can have one or more kinds of signatures. Which signature type is used may depend on the
intent of both the author and the signer. Signature types include the following:
•
Approval Signature: An approval signature is any signature that was applied to a document without
certifying it. Any signature other the first one must be an approval signature.
•
Certified Signature: A certification signature (sometimes called an author signature) must be the first
signature in a document. If there are no other signatures in the document, add a certification signature
by choosing File > Save as Certified Document or choose the certify document option during a
normal signing workflow. Certification buttons and menu options are disabled if another signature is
already present. Certification enables the author to attest to the document contents and restrict the
actions of future document recipients. Certified documents that have not been invalidated by illegal
changes display a blue ribbon icon next to the digital signature (Figure 65).
Common Signature Workflows
There are four basic signature workflows:
•
Document notarization: A document is opened in Acrobat, reviewed, and then signed. After the
signature, no further work is expected to be done on the document.
•
Multi-user document notarization: Same as the above, but after the first signature, the document is
sent to the next user to review and sign. This process is repeated as necessary.
Acrobat
Security User Guide
Signatures User Interface
60
•
PDF forms for a single user: A PDF form is routed to the user. The recipient fills out the form and signs
it. No further work is expected to be done on the document.
•
PDF forms for multiple users: This workflow starts the same way as the single user case. After the first
user is finished, the form is routed to the next user who will fill out the appropriate fields and then sign
it. This process is repeated as necessary.
Main Signature Menu
Choose Document > Digital Signatures to display the main menu for signing documents, validating
signatures, and other digital signature features.
Figure 50 Signature menu: Main menu items
To display the Task toolbar’s shortcut to these menu items, choose View > Toolbars > Tasks (Figure 51).
Figure 51 Tasks toolbar
From the Signing tool on the Tasks toolbar, basic tasks are available in the menu (Figure 52).
Figure 52 Signature menu: Pen tool
Signature Tab Menus
Signed documents display all of the signature details on the Signatures tab. Users can right click on any
signature to access its signature-specific menu (Figure 53), or they can choose the Signature’s tab Options
menu to work with signatures at the document level (Figure 54).
Acrobat
Security User Guide
Figure 53 Signature menu: In Signature tab
Figure 54 Signature menu: Options menu items
Advanced Editing Tools
Once certain object properties are set within a document, editing requires using the correct tool. For
example, existing signature field properties can only be changed with the Select Object Tool or the
Digital Signature Tool. When these tools active, the fields can be edited but not signed.
To get one of these tools:
1. Choose View > Toolbars > Advanced Editing
2. Choose the Select Object Tool or the Digital Signature Tool.
Figure 55 Editing tools
Signature Field Context Menu
A signature field is simply a form field, and right clicking on any form field displays a context menu. For
more information about working with fields, refer to the forms documentation.
61
Acrobat
Security User Guide
Figure 56 Signature field context menu
Status Icons
When a document is signed or associated with a security method, status icons appear in the lower
left-hand corner of Acrobat (Figure 57).
Figure 57 Security and signature status icons
62
Acrobat
Security User Guide
Setting up the Signing Environment
63
Setting up the Signing Environment
Before signing, you must obtain a digital ID from a third-party provider or create a self-signed digital ID. To
learn more, see Chapter 2, "Getting and Using Your Digital ID".
Digital Signature Preferences
Digital signature preferences control how Adobe applications behave in signing workflows. Before
working with digital signatures, users should review the default settings and change them as needed.
These preferences set the default signing method, tell Acrobat where to look for Windows certificates, and
control signature appearance.
Signing preferences include the following:
•
“Creating Default User Information” on page 63
•
“Changing the Default Signing Method” on page 63
•
“Including Certificate Revocation Status in a Signature” on page 64
•
“Changing Blank Signature Field Defaults” on page 77
•
“Personalizing Signature Appearances” on page 87
•
“Using the Windows Certificate Store for Signing and Certificate Security” on page 31
Creating Default User Information
You can enter default identity (user) information. Acrobat and Adobe Reader store this information and
use it automatically as the defaults for certain workflows such as creating new identities and self-signed
certificates, exporting directory server settings, and annotations. For details, see “Creating Default User
Information” on page 30.
Changing the Default Signing Method
In most cases, Acrobat users simply use the signing method provided by the default Acrobat signing
plugin. Adobe’s plugin helps users access their digital IDs (whether they use MCSAPI, a P11 device, P12
files), validate signatures, encrypt documents with certificates they have access to, and decrypt
documents using their personal digital ID.
However, in some enterprise situations administrators may require a method other than Adobe Default
Security. Non-Adobe plugins may be used in business environments that require support of biometrics,
signature escrow, alternative methods of private key access, and so on. In those cases, administrators may
preconfigure Acrobat to use an alternate plugin or provide user training on how to choose the right one.
Third party plugins include:
•
Entrust plug-in for Acrobat 4 and 6: This plugin interfaces to the Entrust Entelligence desktop
application and provides the same functionality that is provided by Adobe’s plugin. Businesses that use
Entrust for PKI deployment may require the Entrust plug-in.
•
SignCube plug-in for Acrobat 7: The SignCube plugin is used to create signatures recognized as valid
under the German Digital Signature Law.
•
CIC: The Communication Intelligence Corporation Plugin (CIC) is used by some banks and insurance
companies to provide an electronic version of handwritten signatures. This plugin limits users’ ability to
use encryption.
Acrobat
Security User Guide
Including Certificate Revocation Status in a Signature
64
To change the default signing method:
1. Install the third party plugin. For details, use the plugin’s documentation or contact your administrator.
3. Choose Security in the left-hand category list.
5. Choose the Creation tab (Figure 58).
6. Select a signing method from the Default Method to Use When Signing and Encrypting Documents
drop down list.
Figure 58 Digital Signatures Advanced Preferences: Default signing method
Including Certificate Revocation Status in a Signature
Revocation checking helps you determine if the certificate the signer used to sign the document was valid
(revoked or not) at the time of signing and whether it is still valid. A certificate’s revocation status can be
included with a signature. Embedding the certificate status in a document recipients to validate
certificates (signatures) while offline and speeds up the revocation checking process.
To embed a signer’s certificate revocation status with the signature:
2. Choose Security in the left-hand category list.
4. Choose the Creation tab (Figure 58).
5. Check Include signature’s revocation status when signing.
Note: Revocation checking occurs immediately after signing as well as during signature validation. If
the revocation status is not embedded in a signature, the application looks in the certificate
revocation list folder. If it is not there, the application goes online to complete the check. If the
status is not embedded and there is no online access, the signature will not be validated.
Using the Windows Certificate Store for Signing
For details, see “Using the Windows Certificate Store for Signing and Certificate Security” on page 31.
Acrobat
Security User Guide
Certifying a Document (Certifying Signatures)
65
Certifying a Document (Certifying Signatures)
Certifying a document lets the author (or first signer) attest to its contents and specify the types of legal
changes permitted for the document to remain certified. Certification helps document authors and
recipients determine that documents are legitimate and tamper-proof, thereby enabling trustworthy
online transactions and more secure communications.
For example, suppose that a government agency creates a form with signature fields. When the form is
complete, the agency certifies the document, thereby allowing users to change only form fields and sign
the document. Users can fill in the form and sign the document, but if they remove pages or add
comments, the document does not retain its certified status. Certifying a document helps ensure that it is
not altered without the author's approval.
Note: Before signing, you must obtain a digital ID from a third-party provider or create a self-signed
digital ID. To learn more, see Chapter 2, "Getting and Using Your Digital ID".
Certified documents display the following (Figure 59):
•
Blue ribbon icon: An icon appears next to the digital signature, the lower-left hand corner of the
application’s status bar, and in the Signature tab. The signature icon can be turned off in the Document
Status dialog.
•
Document restrictions: The Signature tab displays the certifier-specified restrictions.
•
Explicitly trusted but potentially dangerous content: A list appears in Signature tab, if any.
•
Certification attestation: An optional reason for signing appears in the Signature tab and may appear
in the signature itself if its appearance includes it.
Before certifying, be aware of the following:
•
Certification locks certain document action and limits what a document recipient can do with it.
•
Certification is designed to carry more legal weight than an uncertified document and greater
attention to the content and process is typically warranted.
•
Certification signatures are automatically validated even if this feature preference is turned off in the
product.
Document Locking
Certifying a document limits what an eventual recipient can do with it. Some actions are locked
automatically, and some are locked by the certifier. For example, during certification, the signer can
choose from the following options:
•
Disallow any changes
•
Only allow form fill-in actions
•
Only allow commenting and form fill-in actions
General editing, adding or removing pages, and so on are automatically prevented. Any illegal changes
that are explicitly locked by the certifier or automatically prohibited by Acrobat invalidate the certifier’s
signature and revokes the document’s certification.
Document Legal Defensibility
Acrobat has an implicit notion of a documents’ legal defensibility, defined by the features that appear in
the legal attestation dictionary, described in Section 8.7.4 of the PDF Reference manual. In general, the PDF
features that are marked as legally indefensible are also used widely in forms-based workflows (JavaScript
Acrobat
Security User Guide
Recommended Certification Workflow
66
for example). Note that aside from when a signer is certifying, Acrobat does not actively inform the user
about the document’s legal defensibility. In any case, a document’s legal defensibility improves if it does
not contain dangerous content, and it is the certifier’s responsibility to either remove that content or attest
to the fact that such content should be retained.
In the certified document world, “dangerous” content does not necessarily mean malicious in the virus-like
sense. In this context, dangerous content is content that threatens the signer’s ability to see what they are
signing as well as their ability to certify that what the document recipient sees is the same as that which
was certified. Such content includes JavaScript, multimedia, and any other dynamic items that could
change document appearance, launch external applications, or reference external content.
Hazardous content is revealed to users in two ways:
•
Document authors: Acrobat helps the signer identify such content by scanning the document during
the process of applying the certified signature. The signer is then given the option to embed an
attestation in the document about that content or feature that explains why it is present. Note that
when an approval signature is applied to a document, the signer is not warned about such content.
•
Document recipients: Document recipients use the View Document Integrity Properties button to
launch the same content scanning process that was automatically launched when the certifier signed.
If the document is certified, the process generates a report that includes the certifier’s attestation, if
any. Content that has been explicitly trusted by the certifier also appears on the signature tab under
Trusted Content (Figure 59).
Figure 59 Certified document indicators
Recommended Certification Workflow
Certification allows document authors to define what changes are legal (possible), and it allows the
recipient to identify whether a document’s problematic features (content that could change the
document appearance) originated with the certifier or not. More importantly, this gives the recipient the
assurance that if these features in the document are indeed malicious, the certifier can be proven to be at
fault. The recommended workflow for legally defensible signatures can then be described as follows:
1. Document originator certifies the document. If there are problematic features in the document, a
user-specified legal attestation is inserted into the document along with a list of the problematic
Acrobat
Security User Guide
Setting up a Document for Certification
67
features. The certification signature also forbids further changes to the document or restricts further
changes to either form fill-in only or form fill-in and comments.
2. The document’s recipient validates that the certification signature is valid, and then modifies the
document (for example, filling in a form) if necessary.
3. If the recipient is required to sign the document, the signer chooses Document > Digital Signature >
Document Integrity Properties. A new list of problematic features is created and compared to the list
associated with the legal attestation that is embedded in the document.
4. If both lists are the same and non-empty, the application displays one list and the certifier’s attestation.
If the lists differ, both lists are presented to the user so that they can identify what problematic features
have been added to the document after it was certified.
5. The recipient then decides whether or not to sign the document.
6. The document is forwarded to the next recipient (if any) and steps 2 through 4 are repeated.
Setting up a Document for Certification
Removing Dangerous Content
A certifier should review the content and deal with any potential problems as appropriate for the intended
workflow. Is there embedded JavaScript and is it necessary? Does the document contain multimedia?
During certification, Acrobat helps you identify such content and provides the certifier with a number of
options for dealing with it. Before certification you can stop the certification process and remove the
content. During certification you will have the following options:
•
Choose Disallow any changes to the document to prevent users, JavaScript, and other hazardous
content from changing the document. That content will not appear in the Signature pane’s Trusted
Content list because it is prevented from interacting with the document and does not need to be
explicitly trusted (Figure 62).
•
When the Save as Certified Document - Warnings dialog appears, review the document items that
could compromise document integrity. If the content is acceptable, choose a warning comment or
enter a new one (Figure 63).
Setting up Form Fields
When a certified document contains more than one form field, field properties such as locking, placement,
and even appearance should be specified in ways which help the recipients understand the form and
easily determine whether or not data changes have invalidated the signature and certification. For details,
see “Authoring Signable Forms” on page 81.
Configure Document Behavior
Advanced users can also customize the way a certified document behaves for the recipient. For example,
custom signing reasons can be preconfigured or the way revocation checking is handled can be set. For
details, see “Advanced Document Customizations” on page 94.
Certifying a Document
Most document authors will want to certify their document. For more information, see “Signature Types:
Approval and Certifying” on page 59.
Acrobat
Security User Guide
68
Tip: Whenever the first signature is applied, users are automatically given the opportunity to certify the
document. However, all Certify Document options will not be available if the document is already
signed.
To certify a document that already contains a signature field:
1. Prepare the document for certification as described in “Setting up a Document for Certification” on
page 67.
2. Initiate a certification workflow:
•
Click on a signature field within an unsigned document. The Document is Not Certified warning
appears (Figure 60). Choose Certify Document.
•
Choose any Sign this Document menu item within an unsigned document. The Document is Not
Certified warning appears (Figure 60). Choose Certify Document.
•
Choose File > Save as Certified Document (Figure 61). When the Save as Certified Document
dialog appears, choose OK.
Figure 60 Certifying a document: Document is not certified warning
Figure 61 Certifying a document: Save as certified document dialog
3. Specify Allowable Actions: Only these actions will be allowed after the document is certified:
•
Disallow any changes to the document: Prevents users, JavaScript, and other hazardous content
from changing the document. Since potentially hazardous content is prevented from interacting
with the document, that content will not appear in the Signature pane’s Trusted Content list.
•
Only allow form fill-in actions on this document: Limits user interaction to adding data to form
fields, including signatures.
•
Only allow commenting and form fill-in actions on this document: Limits user interaction to
adding data to form fields, signing, and commenting.
Acrobat
Security User Guide
69
Tip: If the document contains form fields, specify the settings that make the most sense for the intended
workflow. Keep in mind a signature field is a form field. For details, see “Making a Field a Required Part
of a Workflow” on page 83.
Figure 62 Certifying a document: Choose allowable actions
4. If some changes are allowed (the second or third option above is selected), check or uncheck Lock the
certifying signature so that it can’t be cleared or deleted by anyone.
Note: Certified signatures can only be cleared by the certifier.
5. Choose Next.
Depending on the document content, the Save as Certified Document - Warnings dialog may appear.
Figure 63 Certifying a document: Document integrity warnings
6. If the warnings dialog appears, do the following:
1. Review the document items that could compromise document integrity.
2. Choose a warning comment or enter a new one.
3. Choose Next.
Note: If an item could compromise document security or change the document appearance, it may be
advisable to cancel the certification and fix the problem before certifying the document. For
example, you may want to remove attachments or JavaScript actions.
Acrobat
Security User Guide
Why Can’t I Certify?
70
4. Any certification workflow that doesn’t start by clicking on an existing and visible signature field results
in the display of a dialog that asks you to choose whether or not to display certification (Figure 64).
Make a selection or if the dialog does not appear, bypass this step.
Figure 64 Certifying a document: Certification visibility selection
5. If a default certificate is selected as a default for signing, the Apply Digital Signature dialog box
appears. Select an ID and choose OK.
6. Choose a signing reason, or enter a new one.
7. Choose Sign and Save As or Sign And Save
Tip: Sign and Save As is recommended so that it will remain possible to edit the original document.
Figure 65 Certifying a document: Signature
Why Can’t I Certify?
In order to certify a document, the certification signature must be the first one in the document and there
must be no restrictions on the document that prevents certifying. Either of these two situations may arise
if you are not the author of the document. When a document is ineligible for certification, the certification
user interface items are disabled.
In order to certify the document, clear existing signatures, remove the restrictions if you have permission
to do so, or save the document under a new name so that you are the document author.
Acrobat
Security User Guide
Signing a Document Without Certifying (Ordinary Signatures)
71
Signing a Document Without Certifying (Ordinary Signatures)
While most authors choose to certify their documents in order to limit potential editing and attest to the
content’s authenticity, documents do not have to be certified. When a document is part of a workflow
where there are likely to be multiple editors, certified signatures may not be needed. In this case,
documents can be signed with approval signatures one or more times. PDFs can be signed in Acrobat, in
Reader (in special cases), or in a browser.
Sign a document only after making final changes. While changes may not invalidate a signature, a caution
triangle appears in the signature field and in the Signatures tab indicating that changes were made.
Note: Before signing, you must obtain a digital ID from a third-party provider or create a self-signed
digital ID. To learn more, see Chapter 2, "Getting and Using Your Digital ID".
Signing Documents in Acrobat
To sign a blank signature field, simply click on the field and follow the instructions.
To sign a document in Acrobat:
1. Choose the unsigned signature field or choose Document > Digital Signatures > Sign this
Document.
•
If the Document is Not Certified warning appears: Documents with signature fields should be
certified by the document author. If they are not, recipients will be given the option to certify the
document before signing it. To ignore the certification option, choose Continue Signing. For
details, see “Certifying a Document (Certifying Signatures)” on page 65.
•
If the document contains no signature fields: Choose whether to create a new field or to create
an invisible signature, and then choose Next.
Figure 66 Signing a document: Creating a new field or invisible signature
• If the Digital ID Selection dialog appears: Select an ID one and Choose OK.
Acrobat
Security User Guide
Signing Documents in Acrobat
72
Figure 67 Signing a document: Choosing a digital ID
2. Review the signature details. The digital ID selected as the default for signing is automatically selected.
For details about changing the default, see “Specifying a Default Digital ID” on page 20.
3. In the Reason for Signing Document text field, choose an item from the list or enter a new reason.
4. Optional: Choose Show Options to change the following:
•
Signature Appearance: Choose the default appearance or a customized one. For details, see
“Personalizing Signature Appearances” on page 87.
•
Location: Enter a location.
•
Contact Information: The field is pre populated with the your digital ID information.
5. Choose Sign and Save or Sign and Save As.
Acrobat
Security User Guide
Signing in a Browser
Figure 68 Signing a document: Signature details
Signing in a Browser
To sign a document in a browser, the document must contain an empty signature field:
1. Click on any signature field or choose Sign > Sign This Document on the Tasks toolbar, and then
follow the steps described in Signing Documents in Acrobat.
2. To retain a copy of the signed document, choose the File > Save A Copy.
Clearing One or More Signatures
Clearing a signature field deletes the signature but leaves the empty field. Not all signatures can be
cleared. You may be prevented from deleting the signature in the following cases:
•
Only the certifier (usually the document author) can delete their certification signature. You cannot
delete someone else’s certification signature.
•
If the author of a signature field has marked it to become read-only after it is signed, it can only be
cleared by the author. For more information, see “Clearing One or More Signatures” on page 73.
To clear all signature fields in a document, do one of the following:
•
Choose Document > Digital Signatures > Clear All Signature Fields.
• In the Signatures tab, choose Options > Clear All Signature Fields. To clear a single signature field:
1. Right click on a signature.
2. Choose Clear Signature Field.
73
Acrobat
Security User Guide
Signature Field Design and Editing
74
Signature Field Design and Editing
Signature fields are simple form fields, and Acrobat and Adobe Reader do not care whether they are
authored with Forms Designer or Acrobat. Irrespective of the authoring mechanism, digital signatures
behave uniformly.
Blank fields can be placed into a document for later signing. If the document is not certified, document
recipients with Acrobat may customize field properties. If certified documents, field appearances and
behaviors cannot be changed.
Creating a Blank Signature Field
Signatures and related information are stored in a signature field embedded on the page. A signature field
is an Acrobat form field. Signature fields are automatically created at the time of signing, but it is also
possible to create empty signature fields for later signing.
To create a signature field:
1. Choose Document > Digital Signatures > Create a Blank Signature Field.
2. If a confirmation dialog appears, choose OK.
3. Click and drag where the field should appear. The Digital Signature Properties dialog appears.
Figure 69 Signature field: General properties
4. For simple signature fields, choose Close.
By default, field names are numbered sequentially starting with Signature1 and contain the default
tooltip “Unsigned signature field (click to sign).”
Figure 70 Signature field: Default appearance
Acrobat
Security User Guide
Specifying General Field Properties
75
To use Acrobat’s advanced signature field features to customize the field, see the following:
•
•
Specifying Signature Field Appearances
•
Locking Fields Automatically After Signing
•
Specifying a Post-Signing Action
•
Unlocking Signature and Form Fields
•
Changing Blank Signature Field Defaults
A signature field’s general properties include name, tooltip, display behavior, and so on. For example, fields
are numbered sequentially and are associated with a generic tooltip. However, the field can be given a
unique name, provided with tooltip instructions for an eventual signer, and configured to display only in
the Signatures tab and not in the document.
Note: The opportunity to edit these properties is not available during signing workflows. An author
must create a blank signature field and edit the properties before initiating the signing process.
Moreover, invisible field properties cannot be edited.
To change a field’s general properties.
1. Create a new field or place an existing field in edit mode by selecting the advanced editing Select
Object Tool or the Digital Signature Tool.
To display the advanced editing toolbar, choose View > Toolbars > Advanced Editing.
2. Display the General tab.
3. Configure the options as needed:
•
Name: Any arbitrary name.
•
Tooltip: Any arbitrary tip that helps the user.
•
Form Field: Set the field display properties.
•
Visible: The field appears in the document, the Signatures tab, and prints.
•
Hidden: The field only appears on the Signatures tab and doesn’t print.
•
Visible but doesn’t print: The field appears in the document and Signatures tab but doesn’t
print.
•
Hidden but printable: The field only appears on the Signatures tab and does print.
•
Orientation: The field orientation AFTER it is signed.
•
Read Only: Not used for signature fields.
•
Required: Sets a flag that can be checked by other actions and processes that are dependent on the
signature. For details, see “Making a Field a Required Part of a Workflow” on page 83.
4. Choose Close.
Acrobat
Security User Guide
76
Signature field border properties and text sizes and colors can be individually specified. Fonts can also be
selected. These properties are NOT editable during signing workflows. An author must create a blank
signature field and edit the properties before initiating the signing process. Invisible field properties
cannot be edited.
To change a signature field’s appearance:
2. Display the Appearance tab.
3. Configure the appearance options as needed.
4. Choose Close.
Figure 72 Signature field: Appearance properties
Acrobat
Security User Guide
77
The default appearance of blank signature fields is an invisible box with no borders that performs no
action on signing. These defaults can be changed globally for Acrobat so that all future signature fields will
have a custom appearance and action.
To change signature field defaults:
1. Double click on an existing field or create a new one as described in “Creating a Blank Signature Field”
on page 74.
Tip: Once a field has been created, its properties can only be changed with the Select Object Tool or the
Digital Signature Tool. These tools the field back into “edit” mode rather than “signing” mode. Choose
View > Toolbars > Advanced Editing and select the tool.
2. Only the attributes on the Appearance and Actions tab can be set as defaults for future fields. Change
these fields as needed. For details, see:
•
•
3. Choose Close.
4. Right click on the field.
5. Choose Use Current Properties as New Defaults.
Figure 73 Signature field: Setting new defaults
Editing Signature Fields
The forms field context menu provides a number of editing items, including options for cutting, copying,
pasting, and deleting. Fields may also be arranged as needed.
To perform an edit action on a field:
1. Place the field in edit mode by selecting the advanced editing Select Object Tool.
To display the toolbar, choose View > Toolbars > Advanced Editing and choose the arrow.
3. Choose Edit > <Cut, Copy, Paste, or Delete>.
Acrobat
Security User Guide
Arranging Signature Fields
Figure 74 Signature field: Edit options
Arranging Signature Fields
The signature field context menu provides a number of options for arranging multiple fields, including
options for aligning, centering, and distributing fields as needed.
To arrange multiple fields:
1. Place the fields in edit mode by selecting the advanced editing Select Object Tool.
To display the toolbar, choose View > Toolbars > Advanced Editing, and choose the arrow.
2. Drag a rectangle around the fields to arrange.
3. Right click.
4. Choose Align, Center, or Distribute and use the submenus to arrange the fields.
Figure 75 Signature field: Aligning, centering, and distributing
Creating Multiple Copies of a Signature Field
Once a field is configured as needed, multiple copies of the field can be placed on the same page.
To create multiple copies of a field:
78
Acrobat
Security User Guide
Setting Signature Field Tab Order
3. Choose Create Multiple Copies.
Figure 76 Signature field: Copying multiple times
4. Configure the copy options, including:
• The number of fields down and across.
• The overall field size.
• The overall position.
5. Choose OK.
Tip: Acrobat automatically names the fields by simply numbering them. Providing unique and intuitive
names helps signers and other document recipients navigate and interact with the document.
Figure 77 Signature field: Multiple copy options
When a document contains multiple fields, setting the field tab order can help a user navigate a
document to find specific fields. Tab order improves accessibility.
79
Acrobat
Security User Guide
To set field order:
2. Right click on any field.
3. Choose Set Tab Order.
4. When the tab order boxes appear in the upper right of each field, click on each field in the order that
reflects the tab order.
5. Click outside of a field to set the tab order.
Figure 78 Signature field: Setting field tab order
80
Acrobat
Security User Guide
Authoring Signable Forms
81
Authoring Signable Forms
Many documents that require signatures are forms. Some forms may have multiple signatures fields, with
different signers providing data in certain other form fields. In such cases, document design, field layout,
and even field appearance may contribute to the ease with which the form can be integrated into an
efficient business process.
For example, it is often useful to lock the form fields associated with a particular signature field once it is
signed. This eliminates the need to examine the signed document version to see if the value of a field was
changed between that signed version and the current version. For more information, see the following:
•
“Authoring a Document with Multiple Fields” on page 81
•
“Locking Fields Automatically After Signing” on page 82
•
“Unlocking Signature and Form Fields” on page 83
•
“Making a Field a Required Part of a Workflow” on page 83
•
“Specifying a Post-Signing Action” on page 84
Authoring a Document with Multiple Fields
Documents commonly have multiple form fields, and one or more signature fields are often used to verify
or approve the data in preceding fields. In these cases, proper document and field design and layout may
be a critical aspect of usability. When designing a complex form for signing, consider using the following
field properties:
•
Layout: Design the form so that form data precedes a signature. If there is more than one signature
field, make sure end users can understand which signature fields are associated with specific data.
•
Appearance: Signature fields can look similar to other form fields, but it may be desirable to customize
their appearance so they can be more readily distinguished. For details, see “Specifying Signature Field
Appearances” on page 76
•
Names and tooltips: Naming fields and providing tooltips (Figure 79) eases authoring and signing.
Unique and intuitive names help the author choose which fields should be read only in the Signed tab
of the Digital Signature Properties dialog as well as what field to call when JavaScript is used to
customize a document. Names and tooltips also help signers find fields and understand how to use the
form. For details, see “Specifying General Field Properties” on page 75.
•
Tab order: Setting field tab order improves document navigation. For details, see “Setting Signature
Field Tab Order” on page 79.
•
Locking behavior: Consider which fields should become read-only after signing. Locking certain fields
helps prevent document changes that could cause a signature to become invalid. For details, see
“Locking Fields Automatically After Signing” on page 82.
Acrobat
Security User Guide
82
Form authors can designate which form fields should be locked after any other field is signed. Both signed
and unsigned signature fields can be configured to become read-only after they are signed. By setting
post-signing, field locking properties, authors can prevent data changes to any combination of form or
signature fields. Two common use cases for automatic locking include:
•
Preventing users other than the document author from clearing or re-signing a field.
•
Preventing users from changing form data after the document has been signed.
To automatically lock one or more fields after signing:
1. Create a new signature field or place an existing field in edit mode by selecting the advanced editing
Select Object Tool or the Digital Signature Tool.
2. Display the Signed tab.
Figure 80 Signature field: Signing properties
Acrobat
Security User Guide
83
3. Choose Mark as read only.
When a field with field locking specified is signed, both a normal document signature and an object
hash of the locked fields are produced and included in the document. When the signature is validated,
the viewing application not only validates the bytes of the PDF file, but it also compares the object
hash in the signature to the object hash from the objects in memory. This allows the application to
detect attempted, but prohibited, changes.
4. Use the drop down list to select from the following:
•
All fields: All signature fields will be read only after signing.
•
All fields except these: All signature fields except those specified will be read only after signing.
Choose Pick and select the field to exclude.
•
Just these fields: Only the specified signature fields will be read only after signing. Choose Pick and
select the field to include.
5. Choose Close.
Only document authors can unlock a signature field once it has been locked. When a signature field’s
properties specify that signing will automatically lock other fields, those fields cannot be edited until they
are unlocked. Since it was a signature that locked the fields in the first place, unlocking the fields simply
involves clearing the signature.
To unlock fields:
1. Choose the Hand tool to get Acrobat out of edit mode.
2. Right click on the signature field.
3. Choose Clear Signature Field. Other fields can now be edited as usual.
Making a Field a Required Part of a Workflow
Certain workflows may require a signature. For example, after a signature field is signed, form fields may be
prepopulated or additional fields may appear. It is also common for forms designers to require signing
before the document can be emailed or submitted to a server for processing.
To require a signature:
1. Display a fields General tab as described in “Specifying General Field Properties” on page 75.
2. Check Required.
3. Choose Close.
Users can still open, close, save, and send the document without any indication that the field is required
until the document author sets up a check for the required flag. For example, the check could be as simple
as emailing the document. In this case, the author would add an action to the button to submit the
document and configure a URL. If the document recipient clicks on the field and then cancels the signing
process, an alert will appear. Server-side and other JavaScript checks are also possible.
Acrobat
Security User Guide
84
Figure 81 Required field not signed alert
JavaScript actions can be associated with a signature field so that an action occurs whenever the user
interacts with the field in some predefined way. However, documents are usually signed to protect,
guarantee, and or attest to the signed content. Signers usually want to know that the document they are
seeing is the document they are signing, and document recipients usually need to know that the
document they are viewing is the same as the document that was signed. For this reason, adding actions
to a signature field is inadvisable. Field actions change the underlying bytes of a PDF and could adversely
affect document security as well as content integrity.
Caution: Using this feature is NOT recommended since such actions are contrary to the secure and
trusted nature of most signing workflows. Adding actions will result in a legal warning about the
legal integrity of the document.
To associate an action with a field.
2. Display the Action tab.
Figure 82 Signature field: Action properties
Acrobat
Security User Guide
85
3. Configure the options as needed:
• • Select Trigger: Choose a type of action.
• Mouse Up: The user clicks on the field and releases.
• Mouse Down: The user clicks on the field.
• Mouse Enter: The cursor enters the field.
• Mouse Exit: The cursor exits the field.
• On Focus: The user hovers over or tabs to the field.
• On Blur: The user stops hovering over or tabs away from the field.
Select Action: See Table 2.
4. Choose Add.
5. Follow the action instructions that appear in the action dialog.
6. Optional: Move actions Up, Down, Edit, or Delete actions as necessary.
7. Choose Close.
Table 2 Actions that can be associated with a signature field
Action
Description
Execute a Menu Item
Executes a specified menu command as the action.
Go to a Page View
Jumps to the specified destination in the current document or in another document.
Import Form Data
Brings in form data from another file, and places it in the active form.
Open a File
Launches and opens a file. If you are distributing a PDF file with a link to a non-PDF file, the reader needs the
native application of the non-PDF file to open it successfully. (You may need to add opening preferences for
the target file.)
Open a Web Link
Jumps to the specified destination on the Internet. You can use http, ftp, and mailto protocols to define your
link.
Play a Sound
Plays the specified sound file. The sound is embedded into the PDF document in a cross-platform format
that plays in Windows and Macintosh.
Play Media (Acrobat 5
Compatible)
Plays the specified QuickTime or AVI movie that was created as Acrobat 5-compatible. There must already be
a link to the movie in the PDF document for you to be able to select it. (See Adding movie clips.)
Play Media (Acrobat 6
Compatible)
Plays a specified movie that was created as Acrobat 6-compatible. There must already be a link to the movie
in the PDF document for you to be able to select it. (See Adding movie clips.)
Read an Article
Follows an article thread in the active document or in another PDF document.
Reset a Form
Clears previously entered data in a form. You can control the fields that are reset with the Select Fields dialog
box.7
Run a JavaScript
Runs the specified JavaScript.
Set Layer Visibility
Determines which layer settings are active. Before you add this action, specify the appropriate layer settings.
Show/Hide a Field
Toggles between showing and hiding a field. This option is especially useful in form fields. For example, if
you want an object to pop up whenever the pointer is over a button, you can set an action that shows a field
on the Mouse Enter trigger and hides a field on Mouse Exit.
Acrobat
Security User Guide
Table 2 Actions that can be associated with a signature field
Action
Description
Submit a Form
Sends the form data to the specified URL.
86
Acrobat
Security User Guide
Personalizing Signature Appearances
87
Personalizing Signature Appearances
During the signing process, simply select one of Acrobat’s default signature appearances or one of your
previously configured custom appearances. You can create any number of alternate appearances and
store them for later use.
The following features are available:
•
Signatures can be as simple as a name or can include a name, contact information, and an image such
as a portrait or company logo.
•
Multiple signature appearances can be created and stored for later use.
•
Appearances can be created ahead of time or at the time of signing.
Figure 83 Signature appearances
Creating and Storing Signature Appearances
Users generally customize one or more signature appearances and store them for later use. Available
signatures are listed in the Appearance panel (Figure 84).
Figure 84 Signature appearance: New button
To create a new signature appearance:
3. In the Appearance panel, choose New.
Acrobat
Security User Guide
Creating and Storing Signature Appearances
88
Figure 85 Signature appearance: Configuration
4. Configure the signature appearance options:
• Title: Any arbitrary title used to identify the appearance.
• Set the graphic options in the Graphic panel
• No graphic: No graphic is used.
• Imported graphic: Choose File > Browse, select a file and choose OK.
Note: By default, the signature background (watermark) is the Acrobat logo but it can be customized.
To avoid obscuring a background, use line art with a transparent background.
• Name: Uses the signer’s name as the graphic.
Note: Palm organizer is unavailable unless Palm OS® appearance files are detected. For details, see
“Setting up Palm OS appearance files” on page 90.
• Set the text options in the Configure Text panel
• Name: The name associated with the certificate.
• Date: The date signed.
Acrobat
Security User Guide
Editing a Signature Appearance
89
Note: If a signature appearance displays the time, that time will always be the local (computer) time.
Therefore, if a timestamp server is configured, the time shown in the appearance is likely to be
different from the time shown in the Date/Time tab on the Signature Properties dialog.
•
•
Location: The location associated with the identity configured in Acrobat.
•
Reason: The reason for signing.
•
Distinguished name: A name with details such as country, organization, organizational unit,
and so on.
•
Labels: A label for each of the items above. For example, Reason:
•
Logo: The Acrobat logo used as a background watermark.
Set the text options in the Text Properties panel
•
Text Direction: Choose a direction appropriate for the signer’s language.
•
Digits: If languages are installed that use digits other than 1234567890, the drop-down list will
be populated with alternate choices. Choose a digit set appropriate for the signer’s language.
5. Choose OK.
Editing a Signature Appearance
Existing signature appearances can be edited at any time.
To edit a signature appearance:
3. Highlight an appearance in the Appearance panel.
4. Choose Edit.
5. Edit the appearance as needed. For details, see “Creating and Storing Signature Appearances” on page
87.
6. Choose OK.
Deleting a Signature Appearance
To delete a signature appearance:
3. Highlight an appearance in the Appearance panel.
4. Choose Delete.
5. Choose OK.
Acrobat
Security User Guide
Setting up Palm OS appearance files
90
Setting up Palm OS appearance files
Palm OS appearance files can be used for digital signatures.
To use a Palm OS appearance file:
1. Add the Palm OS application file (AcroSign.prc) to the Palm Desktop application:
• Windows: Program
Files\Adobe\Acrobat 7.0\Acrobat\PalmPilot folder.
• Macintosh: The file is in Acrobat. To find it:
1. Control-choose the Acrobat 7.0 icon.
2. Choose Show Package Contents.
3. Browse to the Palm Pilot folder in the Macintosh folder.
4. Create a signature appearance as described in “Creating and Storing Signature Appearances” on page
87.
Acrobat
Security User Guide
Timestamp Basics for Authors
91
Timestamp Basics for Authors
All signatures are associated with the local time of a signer’s machine, but they may also be associated
with a timestamp provided by a timestamp server. Timestamps tell users that a document and signature
existed prior to the indicated timestamp time. Since the timestamp is applied immediately after signing, it
is likely that the document existed in its present state at the timestamped time and has not changed since
then if the signature is valid.
If a timestamp server is not configured, the time is simply taken from the local time on the computer.
Because a user can set that time forward or back, this time is usually untrusted. Local times are labelled as
such on the Date/Time and Summary tabs of the Signature Property dialog (Figure 86).
Figure 86 Timestamps: Local, machine time
Like signatures, timestamps become “trusted” when they are associated with a timestamp authority’s
trusted certificate. Therefore, while a timestamp authority certificate could be provided by the user or a
company timestamp server administrator, most timestamps are provided by third-party timestamp
authorities such as GeoTrust. Acrobat users interact with timestamp servers differently based on their role:
•
Document signers: Authors and signers simply configure a default timestamp server based on
information sent by their administrator or third-party provider. The administrator often preconfigures
Acrobat.
•
Document recipients: In order to validate a signature associated with a timestamp, the user should
add the timestamp authority’s certificate to their list of trusted identities. When a timestamp server’s
certificate is not trusted, the timestamp is labelled as such in the Signature Properties dialog and the
signature verification is carried out at the current time.
Figure 87 Timestamps: Untrusted stamp
Figure 88 Timestamps: Trusted stamp
Because timestamp authorities may charge for their services, Acrobat does not automatically set a default
timestamp server if multiple servers are listed. Users must manually specify that a timestamp server be
used as the default server. Once the default server is specified, timestamps appear as shown in Figure 89.
Acrobat
Security User Guide
Adding Timestamps to Signatures
92
Adding Timestamps to Signatures
In order for a signature to use a timestamp from a timestamp authority, Acrobat must be configured to use
a default timestamp server. The timestamp server is always used during signing if a default server is
specified.
To associate trusted timestamps with signatures:
1. Configure the timestamp server. For details, see “Configuring Acrobat to use Timestamps” on page 92.
2. Trust the timestamp authority’s certificate. For details, see “Trusting a Timestamp Certificate in a
Signature” on page 128.
Note: End users typically specify a timestamp server through the user interface. However, some
documents may be preconfigured with “seed values” to use alternate servers. Moreover, server
information may be set by developers with JavaScript, preconfigured by administrators, or
simply embedded in a third-party certificate.
Configuring Acrobat to use Timestamps
In most cases, timestamp server administrators preconfigure end user machines or provide the server
information in an FDF file as described in “Importing and Exporting Timestamp Server Settings” on page
93. However, it is also possible to manually configure a timestamp server.
Before a timestamp server provided by a trusted authority can be used to timestamp to a signature, that
server must be selected as the default server. After the server is configured, two steps are required:
•
The timestamp authority’s certificate must be added to the trusted identity list.
• The certificate’s trust level must be configured.
To set up a timestamp server:
2. Choose Timestamp Servers.
3. Choose New.
4. Enter the server settings:
•
Name: The server name.
•
Server URL: The server URL.
•
Username: The login username if required.
•
Password: The login password if required.
5. Choose OK.
Acrobat
Security User Guide
Importing and Exporting Timestamp Server Settings
6. Make this server or some other server the default by choosing Set Default. Timestamping cannot
occur unless a default server selected.
Figure 90 Timestamps: Entering server details
Importing and Exporting Timestamp Server Settings
Timestamp server setting may be exported and imported. For details, see the following:
•
“Importing Timestamp Server Settings via FDF” on page 184
•
“Exporting Server Details via FDF” on page 198
93
Acrobat
Security User Guide
Advanced Document Customizations
94
Advanced Document Customizations
Sometimes the form authors need to limit the choices a user can make when signing a particular signature
field. In enterprise settings, document authors can craft documents with behaviors and features that meet
specific business needs, thereby enabling administrative control of signature properties such as
appearance, signing reasons, and so on.
Such customizations are possible by using signature field seed values. A seed value specifies an attribute
and attribute value. The author can make the seed value a preference or a requirement. Signature field
seed values can be used for the following:
•
Forcing a Certification Signature and Document Locking
•
Adding Custom Legal Attestations
•
Specifying Certificate Properties for Signing
•
Specifying Signing Certificates by Issuer and Subject
•
Specifying Signing Certificate Policies
•
Specifying a URL When a Valid Certificate is not Found
•
Adding Custom Signing Reasons
•
Specifying Timestamps for Signing
•
Specifying Alternate Signature Handlers and Formats
•
Custom Workflows and Beyond
The following examples demonstrate the simplest case. For more information, refer to the Acrobat
JavaScript Scripting Guide and Acrobat JavaScript Scripting Reference.
Tip: signatureSetSeedValue sets properties that are used when signing signature fields. The
properties are stored in the signature field and are not altered when the field is signed, the signature
is cleared, or when resetForm is called. This method (and JavaScript generally) can be executed with a
batch process, by dropping the script in Acrobat’s JavaScript subdirectory, menu events, Acrobat’s
JavaScript debugger, and various other methods.
When setting seed values, keep in mind the following:
•
Seed values should not be set on signed documents and cannot be set on certified documents. They
are primarily used to configure fields on documents that are not yet signed.
•
Setting a seed value often causes Acrobat to not display or use its default settings. For example, preset
reasons are stored in the registry and specifying a signing reason causes the application to ignore the
registry list so that only the custom reasons are displayed.
•
Seed value properties are those listed in Table 3. Note that certspec and timeStampspec are objects with
their own, additional properties.
Table 3 SeedValue object properties
Property
Type
Description
certspec
object
A seed value CertificateSpecifier Object. For details, see “Specifying Certificate
Properties for Signing” on page 102.
filter
string
The language-independent name of the security handler to be used
when signing.
Acrobat
Security User Guide
Enabling JavaScript to Set Seed Values
95
Table 3 SeedValue object properties
Property
Type
Description
flags
number
A set of bit flags controlling which of the following properties are required. The value
is the logical OR of the following values, which are set if the corresponding property is
required:
1: filter
2: subFilter
4: version
8: reasons
Usage: 1 specifies filter, 3 specifies filter and sub-filter, and 11 specifies filter, sub-filter,
and reasons. If this field is not present, all properties are optional.
legalAttestations
array of
strings
(Acrobat 7.0) A list of legal attestations that the user can use when creating an MDP
(certified) signature.
mdp
string
(Acrobat 7.0) The Modification Detection and Prevention (MDP) setting to use when
signing the field. Values include:
allowNone
default
defaultAndComments
While allowAll is a legal value, it cancels out the effect of mdp and no certification
signature can be used for this field.
reasons
array of
strings
A list of reasons that the user is allowed to use when signing.
subFilter
array of
strings
An array of acceptable formats to use for the signature. Refer to the Signature Info
object’s subFilter property for a list of known formats.
timeStampspec
object
(Acrobat 7.0) A Seed Value timeStamp Specifier Object. It uses the url and flags
properties to specify a timestamp server. For details, see “Specifying Timestamps
for Signing” on page 100
version
number
The minimum required version number of the signature handler to use for signing.
Enabling JavaScript to Set Seed Values
Authors sometimes use JavaScript to set seed values for signature fields (See “Advanced Document
Customizations” on page 94). When Acrobat’s JavaScript console is used for JavaScript execution, the
JavaScript debugger must be enabled.
Tip: If you do not intend to set seed values with JavaScript through Acrobat’s JavaScript debugger, skip
these settings.
To enable the JavaScript debugger:
2. Choose JavaScript in the left-hand category list.
3. Check Enable JavaScript.
4. Check Enable JavaScript debugger after Acrobat is restarted.
5. Restart Acrobat.
Acrobat
Security User Guide
96
To set seed values with the console (JavaScript debugger) in Acrobat, do the following:
1. Choose Advanced > JavaScript > Debugger.
2. Use the View drop down list to display the console window.
3. Enter the requisite JavaScript.
4. Highlight the JavaScript. If you do not highlight the JavaScript, only the last line of code is executed.
5. Press Control + Enter simultaneously or select the Enter key on the numeric keypad.
6. Run the JavaScript, save the document, and test the field.
Figure 91 Seed values: JavaScript debugger
By default, signature fields can be signed with an approval or certification signature type at the time of
signing. However it is possible to constrain a signature field such that only a certification signature can be
applied to the field.
Certified signatures are always associated with modification detection and prevention (MDP) settings that
control which changes are allowed to be made to a document before the signature becomes invalid.
Changed are stored in the document as incremental saves beyond the original version of the document
that was covered by the certification signature. MDP has one of the following four values:
•
allowAll: Do not use allowAll unless you want to force an approval signature since this value results
in MDP not being used for the signature. Allow all changes to a document without any of these
changes invalidating the signature. This was the behavior for Acrobat 4.0 through 5.1.
•
allowNone: Document changes invalidates the signature and locks the author’s signature. Do not
use with legalAttestations.
•
default: Allow form field fill-in if fields are present in the document. Otherwise, do not allow any
changes to the document without invalidating the signature.
Acrobat
Security User Guide
•
97
defaultAndComments: Allow form field fill-in if form fields are present in the document and allow
annotations (comments) to be added, deleted or modified. Otherwise, do not allow any changes to
the document without invalidating the signature. Note that annotations can be used to obscure
portions of a document and thereby affect the visual presentation of the document.
There are some caveats to keep in mind:
•
If a document is already signed, fields with the mdp property specified will NOT invoke the certifying
workflow. No error is given. Do not use mdp unless you are sure the requisite field will be the first one
signed.
•
While allowAll is a legal value for mdp, using it results in the application of an approval signature. In
effect, allowAll cancels the effect of mdp so there is no point in using them together.
•
allowNone bypasses any custom legalAttestations because no document changes can occur and the
user does not therefore need to be warned about malicious content.
To force a certification signature for a particular field:
1. Create a signature field with an intuitive name and tooltip.
2. Create the JavaScript that gets the field name and uses the seed value method (Example 4.1).
3. Set the mdp value:
•
allowNone: Do not use with legalAttestations.
•
default: Allow form field fill-in, including signing.
•
defaultAndComments: Allow form field fill-in and comments.
4. Add legalAttestations if you would like to customize user choices. For more information, see “Adding
Custom Legal Attestations” on page 98.
5. Highlight the JavaScript and choose Control + Enter or choose the Enter key on the numeric keypad.
When someone signs the field, the certifying workflow is invoked and only the specified mdp settings
will be available (Figure 92).
Example 4.1
Seed value:
// Obtain the signature field object:
var f = this.getField("mySigFieldName");
f.signatureSetSeedValue(
{
mdp: "defaultAndComments",
legalAttestations: ["Aardvark", "You can surely trust Ben"]
} )
Acrobat
Security User Guide
98
Figure 92 Seed value: Forcing a certification workflow
Documents that contain potentially malicious content (content that could change the appearance of a
signed document), warn users of such content during certification. When a signer tries to certify a
document with such content, the Save as Certified Document Warnings dialog appears. The dialog lists
the content and gives the signer a chance to select text from the Warnings Comment drop down list
indicating why the hazardous content is OK.
When specifying custom legal attestations, keep the following in mind:
•
Since certified document warnings only appear in certifying workflows, only use legalAttestations if
you also use mdp. For details, see “Forcing a Certification Signature and Document Locking” on page 96.
•
Customizing legal attestations overrides and removes default choices for the signer.
Figure 93 Seed values: Custom legal attestations
Acrobat predefines several common signing reasons such as “I am approving this document.” However,
the author can specify custom reasons and make those reasons required or optional. When custom
reasons are marked as required, users cannot enter any new reasons as the field becomes read-only. When
those reasons are flagged as optional, signers can choose one of the provided reasons or create a new one
by typing in the Reason field. Specifying a signing reason will remove all of the default reasons from the
reason drop down list.
Acrobat
Security User Guide
99
Note that end users have a user interface preferences that allows them control whether or not the reason’s
field appears. The preference interacts with the reasons flag as shown in Table 4, and the logic is as follows:
•
The document author has control over whether the UI appears and the required flag overrides
user-specified settings.
•
When a flag makes the field optional, end users can enter their own custom reasons.
To specify custom signing reasons:
3. Add the reasons. The reason list is an array in the format of [“one”, “two”, “three”].
4. Enter a flag value to indicate whether the value is required or not.
•
If a reason is not required, signers can add their own custom reason while signing.
•
If the predefined reasons are required, signers are prevented from saving a document with their
own reason (Figure 94).
Table 4 Reason field behavior
# of Reasons
UI Pref
Flag
Reason Behavior
0 (empty array)
off
Required
Reason field does not appear in UI.
0 (empty array)
on
Required
0 (empty array)
off
Optional
Reason field does not appear in UI
0 (empty array)
on
Optional
Display the default list.
1 or more
off or on
Required
Display the custom reasons in a read-only field.
1
off
Optional
2 or more
on
Optional
Display the custom drop down list and let the user enter a custom reason.
2 or more
off
Optional
Example 4.2
Seed value: Custom signing reason
{ reasons: ["This is a reason", "This is a better reason"],
flags: 8
} )
Acrobat
Security User Guide
100
Figure 94 Seed value: Reason not allowed error
Timestamps originating from a timestamp authority’s timestamp server are often associated with
signatures. Signers may or may not have their application configured to automatically timestamp a
signature. However, it is possible to set a field seed value so that automatically associates a signature with
a timestamp AND overrides the document recipient’s application settings. Use the timeStampspec
specifier object’s url and flags properties to specify a timestamp server.
Table 5 Seed values: timeStampspec properties
Property Type
Description
url
string
URL of the timeStamp server providing a RFC 3161-compliant timeStamp.
flags
number
A flag controlling whether the time stamp is required (1) or not required (0). The default is 0.
To specify a timestamp server:
3. Provide an URL for the timeStampspec object.
Tip: Timestamp seed value settings override the end users’ application settings, if any.
4. Enter a flag value to indicate whether the value is required or not.
•
If it is required, the field will be automatically timestamped on signing. If the application cannot find
the server, an error appears (Figure 95).
•
If it is not required, the field will is automatically timestamped on signing if the application can find
the server. If it cannot find the server, the signature is not timestamped and no error appears.
Example 4.3
Seed value: Specifying a timestamp server
{
timeStampspec: {
url: “http://153.32.69.130/tsa”,
flags: 1
}
Acrobat
Security User Guide
101
} )
Figure 95 Time stamp server error
Organizations may choose to use alternate signature technologies or implementations (signature
handlers), provided by third party software developers. For example, a corporation may have deployed
Entrust Entelligence® to all their desktops and may choose to use the Entrust signature plug-in with
Acrobat. Two seed values allow authors to specify which signature handler and format to use. By using a
standard format, interoperability across multiple signature handlers is possible.
Filter also allows authors to control what handler version is required. For example, for Acrobat 6.x, the
PPKLite version is 0. For Acrobat 7.x, the PPKLite version is 1. Therefore, specifying a version of 1 prevents
signers from signing when their application is older than Acrobat 7.0. Custom handlers can use any version
as required.
Seed values for specifying handlers and signature types are the following:
•
filter: filter is the internal name of a signature handler. Signature handlers perform a number of
functions including signature validation. While Acrobat ships with a default handler (Adobe.PPKLite),
custom or third-party handlers may be used as needed. Examples of other handlers include Entrust.
PPKEF, CICI.Signit, and VeriSign.PPKVS, and the Acrobat SDK describes how to write a custom handler
(Adbe.DocSign).
Tip:
•
filter is often used in conjunction with version when a minimum filter version is required.
subfilter: subfilter is the internal name of the signature format, such as adbe.pkcs7.detached
intended to be verifiable by signature handlers other than the one that created it. Signature handlers
need to be able to understand the signature type (or format).
Tip: Since it is possible that different handlers might be used for signing and validating, filter and
subfilter are used together to assure that signing workflows with different components are
interoperable. These properties are identical to those in the signature dictionary. For more
information, refer to the PDF Reference 1.6.
To specify a signature handlers and format type:
3. Specify a filter.
4. If filter is specified, you may use the optional version as follows:
Acrobat
Security User Guide
•
PPKLite for Acrobat 6.X: 0
•
PPKLite for Acrobat 7.x: 1
•
Custom handlers: Any as needed.
102
5. Enter the handler name and subfilter type. Third parties may define their own subfilters but should
follow the naming convention recommended in the PDF Reference 1.6. The PDF Reference 1.6 defines
the following standard subfilter values:
•
adbe.x509.rsa_sha1
•
adbe.pkcs7.detached
•
adbe.pkcs7.sha1
Example 4.4
Seed value: Specifying signature components
var f = this.getField("mySigFieldName"); f.signatureSetSeedValue(
{
filter: "Entrust.PPKEF",
subfilter: “adbe.x509.rsa_sha1
} )
Certificate seed values are commonly used to restrict signing to particular certificates such as those issued
by particular certificate authorities or containing numbers that identify specific policies called “object
identifiers” or “OIDs”. Authors specify which certificate signers must use by setting the certSpec object’s
subject, issuer, and policy oid properties. These can be preferences or requirements. If a certificate
cannot be found that matches a required certificate seed value, a URL can be provided by the form author
to allow the signer to get more information, such as how to obtain an appropriate certificate.
Certificate specification can also be used to streamline workflows. When one certificate is allowed, the
digital ID dialog is bypassed and the signer is directed to sign and save immediately. Signing fails if the
selected certificate is not an exact match. It is also often expedient to provide an url value so that users
are directed to a help page or some location where a digital ID can be obtained.
Figure 96 Seed value: Specifying certificates for signing
Acrobat
Security User Guide
103
Table 6 Seed values: certSpec properties
Property
Type
Description
subject
array of
certificate
objects
One or more subjects that are acceptable for signing. The subject property identifies
specific individuals (as certificate owners) that can sign. Access to the physical,
DER-encoded certificate is required. It is identified by a path to a discrete file in the
format of ["/c/test/root.cer"].
issuer
array of
certificate
objects
One or more issuers that are acceptable for signing. The issuer can be a root or
intermediate root certificate. Access to the physical, DER-encoded certificate is
required. It is identified by a path to a discrete file in the format of ["/c/test/root.
cer"].
oid
array of
strings
One or more policy OIDs that must be present in the signing certificate’s policy. The
OID is part of the value of the certificate’s certificate policy field. This property is only
applicable if the issuer property is present. oid and issuer can be used together to
specify a certificate that has the selected policy.
url
string
A URL that can be used to enroll for a new certificate if a matching one is not found,
such as "https://aardvark.corp.example.com/"
flags
number
A set of bit flags controlling which of the following properties of this object are
required. The value is the logical OR of the following values, which are set if the
corresponding property is required:
1: subject
2: issuer
4: oid
If this field is not present, all properties are optional.
Usage: 1 specifies subject, 3 specifies subject and issuer, and 6 specifies issuer
and oid. If this field is not present, all properties are optional.
Specifying Signing Certificates by Issuer and Subject
Authors can limit potential signers to individuals or groups as follows:
•
Specifying subject limits potential signers to only those specified individuals. Signers could be limited
to one or more people.
•
Specifying issuer limits signers to those with certificates that chain up to a common, shared issuer. For
example, all of a company’s employees may have that company’s certificate as an intermediate
certificate authority (ICA), and that ICA certificate could be used as the “issuer.”
To specify a certificate issue and/or subject:
2. Get the required certificates and install them in some accessible location. Tip: They must be in a .cer files in a DER format.
3. Create the JavaScript that gets the field name and uses the seed value method. Use security.
importFromFile to get the DER- encoded certificates from their installed location (Example 4.5).
4. Add the subject and issuer properties to the certspec object as needed.
Acrobat
Security User Guide
104
5. Enter a flag value to indicate whether the value is required or not. Either or both the subject and issuer
may be required.
Example 4.5
Seed value: Specifying a certificate issuer and subject
var f = this.getField("mySigFieldName"); var mySubjectCert = security.importFromFile("Certificate", "/C/Temp/
nebwhifflesnit_DER.cer");
var myIssuerCert = security.importFromFile("Certificate", "/C/Temp/
nebsCompany_DER.cer");
{ certspec: {
subject: [mySubjectCert],
issuer: [myIssuerCert],
flags: 3
}
} )
Specifying Signing Certificate Policies
For legal reasons, policies are often associated with certificates. One way policies are identified is through
an object identifier (OID), a unique series of numbers that resides within the policy. Since oid is always
used with the issuer, authors can use this seed value pair when a company (issuer) issues different
certificates with different policies and it is necessary to restrict signing to certificates associated with a
certain policy.
To specify a certificate with a specific policy:
3. Specify the issuer.
4. Specify the oid. A policy OID is part of the value of the certificate’s certificate policy field (Figure 97).
5. Enter a flag value to indicate whether the value is required or not. A value of 6 is recommended since
issuer and oid must be specified together.
Acrobat
Security User Guide
105
Figure 97 Policy OID
Example 4.6
Seed value: Specifying a certificate policy
var myIssuerCert = security.importFromFile("Certificate", "/C/Temp/
nebsCompany_DER.cer");
var f = this.getField("mySigFieldName"); f.signatureSetSeedValue(
{ certspec: {
issuer: [myIssuerCert],
oid: ["2.16.840.1.1.113733.1.7.23.2"],
flags: 6
}
} )
Specifying a URL When a Valid Certificate is not Found
When a valid certificate is not found, users can be redirected to an URL during the signing workflow. The
URL may be to a server with a certificate repository; or, more likely, the URL may be a link to a Web page
describing how to obtain a new or valid certificate.
To specify a certificate with a specific policy:
3. Specify a certificate as described in one of the previous sections. Use issuer and/or subject.
4. Specify the URL. The URL can point to a certificate server or to instructions for getting a certificate.
Acrobat
Security User Guide
Example 4.7
106
Seed value: Specifying an alternate certificate URL
var mySubjectCert = security.importFromFile("Certificate", "/C/Temp/
nebwhifflesnit_DER.cer");
{
certspec: {
subject: [mySubjectCert],
url: "https://aardvark.corp.example.com/",
}
} )
Advanced programmatic customizations of documents and document workflows is beyond the scope of
this document. However, keep in mind that Acrobat’s security APIs allow users almost unlimited
opportunities for creating documents and workflows that meet specific needs. Document developers can
easily create custom signing menu items, automated tasks, and many other operations beyond those
described in the preceding seed value sections.
For example, Example 4.8 performs a number of operations that would simplify signing operations in an
enterprise setting. The script adds a Request Employee Signature to the toolbar and set up a number of
automatic actions. When a user selects the menu item, a signature field with predefined properties is
automatically created in the needed document location, and the field’s seed values are set.
Tip: For more information, refer to the online Acrobat JavaScript Scripting Guide, Acrobat JavaScript
Scripting Reference, PDF Reference 1.6, and the Acrobat SDK.
Example 4.8
Seed value: Automating signing tasks
//**************************************************************************
//File: seedValue.js
//Purpose: Demo how to set certificate constrictions into a signature field
//Steps: 1. Add a menu item under Tools,called Request Employee Signature
//
2. Add a signature and text field(for display)to the current open file
//
3. Set seed value
//
3.1 Wrap certificate object
//
3.2 Set seed value to the added signature field
//
reason: "I am approving this document"
//
certSpec:
//
issuer: Example/VeriSign EnterpriseCA (our company root)
//
oid: 2.5.29.16 the oid of Example/VeriSign EnterpriseCA
//
url: https://seneca.corp.example.com/
//
flag: 2 set limits on issuer
//
4. Display seed value added to the sig field to the added text field.
//**************************************************************************
// 1. Add a Tools menu item called Request Employee Signature
app.addMenuItem
({
cName: "Request Employee Signature",
cParent: "Tools",
Acrobat
Security User Guide
107
cExec: "setSeedValues()",
cEnable: "event.rc = (event.target != null);",
nPos: 0
});
//Run function when menu item "Request Employee Signature" is clicked
function setSeedValues(){
//modify the following according needs
var sigfieldName = "aSigField";
var myReasons = ["I am approving this document"];
var myIssuer;
var oids = ["2.5.29.16"];
var url = "https://seneca.corp.example.com/";
var certSpecFlag = 2;//constricts on issuer, 6: issuer + OID, 1: users to
sign, 7: issuer + oid + user
var svFlag = 0;
//no restrictions
try{
//2. add a sig field called "aSigField" and a text field
var field = this.
addField(sigfieldName,"signature",0,[180,640,352,680]);//1st page
field.borderStyle = border.s;
field.fillColor = color.ltGray;
//a text field to display what seed values set to the sig field
var textField = this.addField("aText", "text",0, [110,360,500,550]);
textField.borderStyle = border.s;
textField.fillColor = color.yellow;
textField.multiline = true;
textField.display = display.hidden; //hiden form screen and print
textField.setAction("MouseUp", "event.target.display = display.
hidden;");//click field, field disappears
//3. set seed value
//3.1 set up issuer's certificate object
var myissuerDN = {CN:"Enterprise Services CA", OU:"VeriSign Trust
Network", O:"Example Systems Incorporated"};
var mykeyUsage = ["kDigitalSignature","kCRLSign"];
var myMD5Hash = "BF70 913F F8D6 D60A 47FE 8253, 3081 5DB4";
var mySHA1Hash = "6b e8 46 06 39 f5 65 18 48 b2 f8 3a b1 46 3f 56 02 be 06
c3";
var myserialNumber = "3e 1c bd 28";
var mysubjectCN = "Example Root CA";
var mysubjectDN = {CN:"Example Root CA",OU: "Example Trust
Services",O:"Example Systems Incorporated",C:"US"};
var myusage = {endUserSigning:true};
var ExampleRootCertBinary =
"308204A130820389A00302010202043E1CBD28300D06092A864886F70D01010505003069310
//-----------<snip>---------
440512D9E9B47DB42A57C1FC2A648B0D7BE92694DA4F62957C5781118DC8751CA13B2629D4F2
B32BD31A5C1FA52AB0588C8";
//var myIssuer =
{binary:ExampleRootCertBinary,issuerDN:myissuerDN,keyUsage:mykeyUsage,MD5Has
h:myMD5Hash,
Acrobat
Security User Guide
108
//
SHA1Hash:mySHA1Hash,serialNumber:myserialNumber,subjectCN:mysubjectCN,subjec
tDN:mysubjectDN,usage:myusage};
var myIssuer = security.importFromFile("Certificate", "/c/test/root.
cer");//if import from an external reference
// 3.2 set up seed value
field.signatureSetSeedValue({reasons:myReasons,certspec:{
issuer:[myIssuer],/*oid:oids,*/url:url,flags:certSpecFlag}, flags:svFlag});
//4. Display seed value added to the signature field to the new text field
var result = "";
var w = field.signatureGetSeedValue();
for(i in w)
result += ( i + " = " + eval("w." +i) + "\n");
var z = w.certspec;
for(i in z) result += ( i + " = " + eval("z." +i) + "\n");
textField.value = result + "** Click on me to make me disappear **";
textField.display = display.show; //display what seed values were set
}catch (e){
app.alert("setSeedValues(): " + e );
}
}
5
Digital Signatures for Document Recipients
End users that receive signed documents typically need to validate the document signature. Since a
signature may not be valid for a number of reasons, it is useful to understand what signature components
are involved in determine a signature’s validity. Such knowledge aids troubleshooting and manual
validation tasks. Moreover, participants in signing workflows may want to configure their environment to
streamline the validation process and control what kinds of content can be run on their machine. For more
information, refer to the following:
• “Working with Signed Documents” on page 110
• “Setting up Your Environment for Receiving Documents” on page 113
• “Validating Signatures Manually” on page 120
• “When the Status Icon is Not a Green Check. . .” on page 125
• “Timestamp Basics for Document Recipients” on page 128
• “Viewing and Comparing Document Changes and Versions” on page 130
109
Acrobat
Security User Guide
Working with Signed Documents
110
Working with Signed Documents
Signature Components: What Makes them Valid?
A signed document consists of three main components: the original document, the signature, and the
signer’s certificate (Figure 99). In order to participate effectively in signing workflows (or even comprehend
the meaning of validated signature icons), users should understand the origin of each component and
how that component’s state can affect a signature’s validity:
•
The original, unsigned PDF. The document author creates the PDF. Signing creates a message digest
of the current document. Every time a document is signed, a new digest is created. Thus, each
signature is only valid for a specific version of the document.
How does a document current state affect signature validity? If the document changes after signing, its
integrity is compromised and the signature may become invalid.
•
The signature. Acrobat creates a hash (number representation) of the original document. The number
is encrypted with a private key and turned into a “signed message digest.” Both the digest and the
signature appearance are embedded in the document.
How determines signature validity? When a document recipient validates a signature, a new message
digest is created and compared to the old message digest that was embedded in the document at the
time of signing. If the two digests are not identical, the signature may become invalid. Signature
validity is also dependant on the validity of the signer’s certificate.
•
The signer’s certificate. A signer must have a digital ID that includes an X.509 compliant certificate
and a private key and a public key that is shared. The private key is used to encrypt the message digest.
How does certificate status affect signature validity? It must chain up to a trusted certificate authority
and at the time of signing must not have been revoked.
Figure 98 Digital signature
Note that signature validity depends on all three of these components. The embedded certificate provides
the information needed to verify the signer’s identity. The original document and the embedded message
digest are used to verify that the document has not changed since it was signed. Optional components
such as embedded revocation information or a timestamp may also reside in a signature. When a
signature is invalid, the signer’s identity cannot be verified, or there is some other problem, the signature
validator is warned.
Acrobat
Security User Guide
Signature Status and Validity Icons
111
Figure 99 Signature components
By default, signatures are validated automatically when a document opens. For details, see “Setting Up
Automatic Signature Validation” on page 113. A Signature’s status is represented by status icons and text
both on the document page and the Signatures tab. The state is determined (or verified) by checking the
signature’s digital ID certificate status (is it valid) and document integrity (has it changed since being
signed). A signature’s state can be either valid, unknown, or invalid (Table 7):
•
Valid signatures are associated with a valid certificate and the document has only changed in ways
specifically permitted by the author.
•
Unknown signatures are associated with certificates that cannot be validated or with a document that
contains unknown changes or is in an unverified state.
•
Invalid signatures either have an invalid certificate or the document has changed in ways specifically
disallowed by the its author.
Table 7 Digital signature icons
Icon
Status
Valid
Certificate and document status
Certificate status: Valid. The signature was the first signature in the document. For details, see “Certifying a
Document (Certifying Signatures)” on page 65.
and
Document integrity status: The document has not changed since it was signed or has only changed in ways
specifically permitted by the person who certified the document.
Acrobat
Security User Guide
112
Table 7 Digital signature icons
Icon
Status
Certificate and document status
Valid
Certificate status: Valid.
and
Document integrity status: The document has not changed since it was signed or only contains changes
allowed by a previous signer, if any.
Change
view
Certificate status: Valid. This icon may appear in a certified document, but it is never used for a certification
signature. Therefore, it only appears for ordinary (and not the first) document signature.
and
Document integrity status: The document has changed since it was signed. The current view of the document
is not the same as that which was signed. View the signed version to see what was signed. For details, see
“Viewing and Comparing Document Changes and Versions” on page 130
Unknown
Certificate status: Unknown: The certificate has not been trusted (and is not untrusted), the revocation check
could not complete, a chain could not be built to trust anchor, and so on.
and
Document integrity status: The document has changed since it was signed. The document the user is viewing
is not the signed version.
Unknown
Certificate status: Unknown: The certificate has not been trusted, the revocation check could not complete, a
chain could not be built to trust anchor, and so on.
and
Document integrity status: The document has not changed since it was signed.
Unknown
Certificate status: Unverified. The certificate validation check has not executed or could not complete.
and
Document integrity status: Unverified. The document integrity check has not executed or could not
complete.
Invalid
Certificate status: The signer’s certificate was invalid.
or
Document integrity status: Illegal changes have been made to the document.
Acrobat
Security User Guide
Setting up Your Environment for Receiving Documents
113
Setting up Your Environment for Receiving Documents
Document recipients should configure their environment to handle incoming documents in a way that
enhances secure and efficient workflows. While Adobe Acrobat and Adobe Reader provide default
options, customizing the environment often provides a better user experience. In large, enterprise
environments, your environment may be preconfigured by your system administrator. Options include the
following:
•
Setting Up Automatic Signature Validation: If signatures should be validated automatically when a
document opens, turn this option on.
•
Setting Digital Signature Validation Preferences: Configure validation methods such as plugin usage,
time display, automatic revocation checking, and so on as needed.
•
Configuring Document Status Preferences: Participants in secure workflows should turn on (or leave
on) the Status dialog in order to view document status information about certificate validity, document
integrity, and so on.
•
Setting Dynamic Content (Multimedia) Security Options: When certified documents may contain
multimedia, specify whether or not it is allowed to run in untrusted and untrusted documents.
•
Setting High Privilege JavaScript Security Options: Certain Adobe JavaScripts are defined as “high
privilege.” If certified documents may contain high privilege JavaScript, set your preferences as needed.
Setting Up Automatic Signature Validation
Advanced digital signature preferences apply to all digital signatures in all documents.
The only reason a user might NOT want to verify a signature is to gain a small increase in application speed
when Acrobat document is opened. However, because the difference is negligible, it is advisable to always
verify signatures. Verification tells the user two things:
•
That the document signed by someone with a valid certificate. (The signer is really who we think it is.)
•
The document has not changed in a way that invalidates the signature.
To set advanced digital signature preferences:
3. Check Verify signatures when document is opened.
Tip: Verifying a signature is somewhat similar to credit card validation--it is simply the act of verifying that
the signature uses a valid certificate.
Setting Digital Signature Validation Preferences
Verification tab options let you specify how a signature is validated. You can select the validation plugin,
default validation methods, whether or not certificate revocation checking is automatic, what time is
associated with a validated signature, and whether or not a valid icon will appear if the signature is valid.
To set advanced digital signature preferences:
Acrobat
Security User Guide
Setting Digital Signature Validation Preferences
114
4. Display the Verification tab.
Figure 100 Digital Signatures Advanced Preferences: Signature verification
5. Select the signature validation method:
•
Use the document-specified method, prompt if it is not available.
•
Use the document-specified method, use the default method if it is not available.
•
Always use the default method (overrides the document-specified method).
Signatures are created and validated by plugins. These options specify which plugin is used to verify
a signature. Both Acrobat and Adobe Reader provide a default plugin for signing documents and
verifying signatures. While the signing and verification plugin are usually the same, this is not
always the case, though a signature usually “knows” what plugin is required to verify it. Businesses
sometimes create custom plugins that can understand a unique format or extra data. Contact your
system administrator for details.
6. Select a default method for verifying signatures.
7. Check or uncheck Require that Certificate revocation checking be done whenever possible when
verifying signatures
This option checks certificates against a list of revoked certificates during validation, either with the
Online Certificate Status Protocol (OCSP) or the Certificate Revocation List (CRL). If this option is not
selected, the revocation status for approval signatures is ignored. Certificates associated with
certification signatures will still be verified.
Note: Signature verification is similar to credit card validation. OCSP checking is like making a phone
call to verify the card number. CRL checking is like checking the card numbers against a list.
8. In the Verification Time panel, select a time verification method:
•
Current time: The digital signature validation time.
•
Secure time: The default timestamp server time specified in the Security Settings dialog.
Acrobat
Security User Guide
Configuring Document Status Preferences
•
115
Creation time: The signature creation time.
9. Check or uncheck Hide signature field validity icon when the signature is valid: The icons are useful
for rapidly determining signature status (Table 7).
Icons cannot be hidden for invalid signatures.
10. Choose OK.
11. Choose OK.
For certain types of documents, Acrobat displays a Document Status dialog when a document is opened.
For example, the dialog provide information about the document, certification status, whether or not
signatures are valid, and so on.
It is recommended that users turn on (or leave on) the document status dialog when participating in
workflows that use signatures and security methods. The dialogs provide details about document security
features, signer and certificates (if any), whether or not a signature is valid, and so on. Moreover, for
certified documents, the Status dialog links to the legal notice and signature properties dialog.
Figure 101 Document Status dialog: for Signed and encrypted document
Acrobat
Security User Guide
Figure 102 Document Status dialog: for certified document
To enable or disable the Document Status dialog on startup:
2. Choose Startup in the left-hand category list.
Figure 103 Document status preferences
116
Acrobat
Security User Guide
Setting Dynamic Content (Multimedia) Security Options
117
3. When the Opening Documents panel appears, check or uncheck Display the Document Status
dialog checkbox (Figure 103).
4. Check or uncheck Certified documents or Signed documents.
The dialog may also be permanently turned off in the application for documents signed with an author
signature by checking the Do not show this dialog next time when the dialog first appears.
5. If the status dialog is turned off for certified documents, an alert appears. Choose Yes.
Trust Manager preferences provide multimedia display permissions for both trusted documents and
untrusted documents. Permissions are independently set for each document type. As described in
“Trusting Dynamic Content in Certified Documents” on page 44, recipients of certified documents can
control on a per-certificate basis whether a document uses the trusted or untrusted settings. By definition,
a certified document is trusted for dynamic content if the certificate associated with the certification
signature is trusted for running dynamic content. The behavior is as follows:
•
If the certificate trust settings allow dynamic content, the Trust Manager’s Trusted Document settings
are used.
•
If the certificate trust settings do not allow dynamic content, the Trust Manager’s Untrusted
Document settings are used.
Tip: Because dynamic content represents a security risk and could potentially change the document’s
appearance or allow security holes in multimedia players to adversely impact your system, it is
recommended that participants in certified workflows do not allow multimedia. Consider the source
of the document and the security of the workflow before enabling this option.
Caution: A document will use the Trusted Document settings if it trusted to allow multimedia at anytime.
For example, if you open an unsigned document, are prompted to play the media, and you
choose yes, then the document is automatically added to a hidden trusted document list.
Documents in that list override certificate trust settings. Therefore, these documents many not
always exhibit the expected behavior.
To configure multimedia behavior:
2. Select Trust Manager in the left-hand tree.
Acrobat
Security User Guide
118
Figure 104 Trust Manager
3. From the Display Permissions for drop down list, choose Trusted documents or Non-trusted
documents.
4. The Trust Manager displays the select document type’s trust settings (Figure 104).
5. Configure the Multimedia Permission Settings panel:
1. Check or uncheck Allow multimedia operations.
2. Set multimedia player, permissions as follows: Select the player in the list and select an option from
the Change permission for selected multimedia player to drop down list:
•
Always: The player is used without prompting.
•
Never: Prevents the player from being used.
•
Prompt: Prompts the user to enable the player when a media clip tries to use that player.
3. Select one or more of the playback options:
•
Allow playback in floating window with no title bars: Opens the media in a separate window
without a title bar.
•
Allow document to set title text in a floating-playback window: Opens the media in a
separate window with a title bar.
•
Allow playback in full-screen window: Opens the media in full-screen mode.
4. Choose OK.
Acrobat
Security User Guide
Setting High Privilege JavaScript Security Options
119
Setting High Privilege JavaScript Security Options
This option controls whether high privilege JavaScript can be executed from custom menu items in the
Acrobat toolbar. As described in “Trusting JavaScript in Certified Documents” on page 45, document
recipients can set whether or not to execute JavaScript on a per-certificate basis. However, certificate
settings do not override application-level settings, so even if JavaScript is enabled for a particular
certificate, it may not execute unless the application’s preferences allow it.
Tip: Because scripts could potentially change the document’s appearance or allow attackers access to
your system, it is recommended that participants in certified workflows do not allow JavaScript to
run. Consider the source of the document and the security of the workflow before enabling this
option.
To choose to execute or block execution of all JavaScript from the toolbar:
2. Select JavaScript in the left-hand tree.
3. Check or uncheck Enable menu items JavaScript execution privileges.
4. Choose OK.
Figure 105 JavaScript Security option
High Privilege JavaScript Defined
High privilege JavaScript are Acrobat methods with security restrictions. These are marked by an S in the
third column of the quick bar in the Acrobat JavaScript Scripting Reference. These methods can be executed
only in a privileged context, which includes the console, batch, menu, and application initialization events.
All other events (for example, page open and mouse-up events) are considered non-privileged.
The description of each security-restricted method indicates the events during which the method can be
executed. Beginning with Acrobat 6.0, security-restricted methods can execute in a non-privileged context
if the document is certified by the document author for embedded JavaScript.
In Acrobat versions earlier than 7.0, menu events were considered privileged contexts. Beginning with
Acrobat 7.0, execution of JavaScript through a menu event is no longer privileged. You can execute
security-restricted methods through menu events in one of the following ways:
•
By checking the item named Enable menu items JavaScript execution privileges.
•
By executing a specific method through a trusted function (introduced in Acrobat 7.0). Trusted
functions allow privileged code—code that normally requires a privileged context to execute—to
execute in a non-privileged context. For details and examples, see app.trustedFunction in the Acrobat
JavaScript Scripting Reference.
Acrobat
Security User Guide
Validating Signatures Manually
120
Validating Signatures Manually
Unless the application is configured to do otherwise, signatures are validated automatically when a
document opens. If they are not validated or if a signature needs to be revalidated, you can validate one or
more signatures manually. Before validating a signature, it is a good idea to understand what a signature is
and how signature status is indicated. For details, see the following:
•
“Signature Components: What Makes them Valid?” on page 110
•
“Signature Status and Validity Icons” on page 111
Validating a signature allows you to verify the signer’s identity and determine whether the displayed
document is identical to what was signed (or only allowed changes were made):
•
Identity verification confirms the signer's certificate or one of its parent certificates exists in the list of
trusted identities and is not expired or revoked.
•
Document integrity verification confirms that the signed content hasn’t changed since signing or that
it has only changed in ways specifically permitted by the signer. Signatures can be validated one at a
time or all at once.
Ideally, validation results in a green check mark being associated with the signature either on the signature
itself or in the Signatures tab (Figure 106).
Figure 106 Valid digital signature
Validating a Single Signature
Signatures can be validated one at a time or all together as described in “Validate all signatures dialog” on
page 121. Signature validity can be determined by viewing its associated icon (Table 7). A green
checkmark indicates the signature is valid without reservations. Other icons indicate there may be a
problem.
There are several ways to verify a signature manually:
•
Right click on any signature in the Signatures tab or in the document, and choose Validate Signature.
•
Right click on any signature in the Signatures tab or in the document, and choose Properties. When
the Signature Properties dialog appears, choose Verify Signature.
•
Double click a signature and choose Signature Properties. When the Signature Properties dialog
appears, choose Verify Signature.
•
Highlight a signature in the Signatures tab, and choose Document > Digital Signatures > Validate
Signature.
Acrobat
Security User Guide
Validating All Signatures Simultaneously
121
Figure 107 Signatures tab: Validate signature
Validating All Signatures Simultaneously
Multiple signatures may be validated simultaneously. This feature is particularly useful if the auto-validate
option has been turned off.
To validate all signatures:
1. Choose Document > Digital Signatures > Validate All Signatures in Document. A dialog appears
asking if all signatures should be validated.
Figure 108 Validate all signatures dialog
2. Choose OK.
3. When a dialog appears confirming all signatures have been validated, choose OK.
Figure 109 Signature validation confirmation
Validating an Unknown (Untrusted) Signature
If a signer’s digital ID has not been explicitly trusted, the signer is untrusted and the signer’s signature
validity will be UNKNOWN. When a document contains a signature that is associated with an untrusted ID
certificate then, it appears with a question mark icon (Figure 110).
Acrobat
Security User Guide
122
When a signer has not been trusted ahead of time, you can set their trust level directly from their
signature. After their ID (contact information and certificate) is added to your list of trusted identities, the
signature can be validated. Acrobat displays the document’s content according to the associated
certificate’s trust settings. For details, see “Certificate Trust Settings” on page 43.
To add an unknown identity to a list of trusted identities:
1. Display the Signature Properties dialog (See “Displaying the Signature Properties Dialog” on page 125).
2. Choose the Summary tab (Figure 110)
Tip: If you are validating a timestamp certificate, choose Show Certificate from the Date/Time tab
INSTEAD of the Summary tab (Figure 118).
Figure 110 Signature Properties: Summary
3. Choose Show Certificate.
Adding an unverified digital ID certificate to the trusted identity list could pose a security threat. This is
particularly true for self-signed IDs that are not issued by a third-party certificate authority. For details,
see “Verifying Self-Signed Certificates” on page 40.
4. When the Certificate Viewer appears, choose the Trust tab (Figure 111).
5. Choose an item in the left-hand certificate path field. There may be one or more certificates which
make up a certificate chain.
Tip: If the bottom-most certificate on the chain is selected, then only that certificate will be trusted. If the
top-most certificate is selected, then any certificates having that certificate as a root will be trusted.
For example, if the root certificate is from Verisign and it is trusted, then any certificates having
Verisign’s certificate as the root will also be trusted. It is a best practice to trust the topmost certificate
as possible. Revocation checking starts at the bottom of a chain (begins with the end entity), and
once it reaches a trusted root revocation checking stops.
Acrobat
Security User Guide
123
Figure 111 Certificate viewer: Trust tab
6. Choose Add to Trusted Identities.
7. When asked if the certificate should be trusted from within the document, choose OK.
Figure 112 Revalidate signatures warning
8. When the Import Contact Settings dialog appears, configure the Trust Settings and Policy Restrictions.
For details, see “Certificate Trust Settings” on page 43.
The Policy Restrictions tab will not appear if there are no policies associated with this certificate.
9. Choose OK.
10. Choose OK.
11. Choose Close.
12. Right click on the signature and choose Validate.
Note: The question mark icon on the signature will not change until the signature is revalidated.
Acrobat
Security User Guide
Validating a Signature for an Earlier Document Version
124
Validating a Signature for an Earlier Document Version
Signed documents contain both a signature and any subsequent versions of that document. In other
words, Acrobat and Adobe Reader “remembers” that version A is signed, that changes were made to
version B, and so on. When you open a document, the latest version is always displayed. However, it is
often necessary to view the signed version in order to see what content was actually signed. When the
viewed version is not the signed version, the signature with either be valid with a warning or unknown.
To view the signed version of a document.
1. Display the Signature Properties dialog (See “Displaying the Signature Properties Dialog” on page 125).
2. Choose the Document tab.
3. Choose View Signed Version. Acrobat opens the signed version of the document.
4. Revalidate the signature if necessary.
Figure 113 Digital Signature Properties: Document Versioning panel
Acrobat
Security User Guide
When the Status Icon is Not a Green Check. . .
125
When the Status Icon is Not a Green Check. . .
Ideally, signature validation should result in the display of a green check and pen icon for
approval signatures or a blue ribbon icon for certification signatures. If it does not, the
signatures have not been successfully validated and you should troubleshoot the problem.
The type of problem is identified by the icon. For details, see the following:
•
“Green Check and Caution Triangle” on page 125
•
“Question Mark and Caution Triangle” on page 126
•
“Question Mark and Person” on page 126
•
“Question Mark and Pen” on page 127
•
“Red X and Pen” on page 127
A key tool for troubleshooting signatures is the Signature Properties dialog. The dialog provides five tabs
that display signature information and buttons for performing document validation tasks. It also provides
a Show Certificate button for invoking the Certificate Viewer. The viewer provides certificate-specific
information and buttons for performing certificate validation tasks. Together, the Signature Properties
dialog and Certificate Viewer should provide you with enough information to either successfully validate a
signature or reject the document as insecure.
Displaying the Signature Properties Dialog
There are several ways to invoke the Signature Properties dialog:
•
Double click an approval signature and choose Signature Properties.
Note: Certified signatures that were created in a locked, read-only field do not have access to dialogs
invoked by double clicking on a signature. Since certification signature fields are locked by default, use
the “right click” method described below.
•
Right click on any signature in the document or the Signatures tab and choose Properties.
•
Right click on any signature in the Signatures tab and choose Properties.
Green Check and Caution Triangle
A green check with a caution triangle means that the signature is valid but that the document has
changed since it was signed. The current view of the document is not the same as that which was
signed. This icon may appear in a certified document, but it is never used for a certification
signature.
To change the icon, simply view the document version that is associated with that particular signature:
1. Right click on a signature and choose View Signed Version. Acrobat opens the signed version of the
document.
Acrobat
Security User Guide
Question Mark and Caution Triangle
126
Figure 114 Document Versioning panel
Question Mark and Caution Triangle
A question mark with a caution triangle means that the certificate validity is unknown and that
the document has changed since it was signed. The question mark means you have not trusted
the certificate, the revocation check could not complete, a chain could not be built to trust anchor,
and so on. The caution triangle tells you that you are not viewing the signed version of the document.
To change the icon, add the signer to your trusted identity list and view the signed document version:
1. Specify the certificate’s trust settings as described in “Trusting a Certificate for Signing and Certifying”
on page 43.
2. Verify that a revocation check occurred. Open the Certificate Viewer’s Revocation tab (right click on a
Signature, choose Properties and then Show Certificate). Check the following:
•
If revocation checking occurred, Problems encountered is active and you can select the button to
view a description of the problems.
•
If revocation checking did not occur at all, Check revocation is active and you can select the button
to check revocation manually.
document.
Question Mark and Person
A question mark with a person means that the certificate validity is unknown and that the
document has not changed since it was signed. You have not trusted the certificate, the
revocation check could not complete, a chain could not be built to trust anchor, and so on. Add
the signer to your trusted identities list if needed; otherwise, contact the signer to troubleshoot possible
problems with their digital ID.
To change the icon, add the signer to your trusted identity list:
1. Specify the certificate’s trust settings as described in “Trusting a Certificate for Signing and Certifying”
on page 43.
2. It may be that there was a certificate revocation checking. Open the Certificate Viewer’s Revocation tab
(right click on a Signature, choose Properties and then Show Certificate). Check the following:
•
If revocation checking occurred, Problems encountered is active and you can select the button to
Acrobat
Security User Guide
Question Mark and Pen
•
127
If revocation checking did not occur at all, Check revocation is active and you can select the button
to check revocation manually.
Question Mark and Pen
A question mark and a pen means that certificate validity and document integrity status are
unverified because both the certificate validation check and the document integrity check did not
successfully execute. The certificate could be OK may not be validated for the following reasons:
•
If online revocation checking is required it may have failed as a result of no online access or an
application problem.
•
The Verify signatures when the document is opened preference might be turned off in Edit >
Security > Digital Signatures, and no attempt was made to check certificate validity.
Similarly, the document may be changed in some unknown way. Manually validate the signature, and
check document integrity to resolve or identify the problem.
To check certificate validity and document integrity:
1. Revalidate the signature as described in “Validating a Single Signature” on page 120.
2. Open the signed document version as described in “Viewing a Signed Version of a Document” on page
130.
3. Verify whether or not certificate revocation checking occurred. Open the Certificate Viewer’s
Revocation tab (right click on a Signature, choose Properties and then Show Certificate), and check
the following:
•
If revocation checking occurred, Problems encountered is active, and you can select the button to
If revocation checking did not occur at all, Check revocation is active, and you can select the button to
check revocation manually.
Red X and Pen
A red X means that either the signer’s certificate is invalid or that illegal changes have been made
to the document. There is no remedy that can occur for this document that would lead to a valid
signature status icon. Since the signer’s certificate is embedded in the signature, if it is invalid, the
signature will always be invalid. If illegal changes have been made to the document, there is no way to
undo those changes without further changing the document illegally.
In both these cases, contact the sender to resolve the problem. The signer may need to get a new digital ID
or make the signing workflow more secure so that the document cannot be changed after signing.
Running JavaScript and Dynamic Content
High privilege JavaScript and dynamic content in signed documents will only run if you have explicitly
trusted the sender’s digital ID certificate for such actions. Because scripts and dynamic content represent a
security risk, Acrobat prevents some of those operations by default. For details, see the following:
•
“Trusting Dynamic Content in Certified Documents” on page 44
•
“Trusting JavaScript in Certified Documents” on page 45.
Acrobat
Security User Guide
Timestamp Basics for Document Recipients
128
Timestamp Basics for Document Recipients
All signatures are associated with the signer machine’s local time, but they may also be associated with a
timestamp provided by a timestamp server. Timestamps tell users that a document and signature existed
prior to the indicated timestamp time. Since the timestamp is applied immediately after signing, if the
signature is valid, it is likely that the document existed in its present state at the timestamped time and has
not changed.
If a timestamp server is not configured, the time is simply taken from the local time on the computer.
Because a user can set that time forward or back, this time is usually untrusted. Local times are labelled as
such on the Date/Time and Summary tabs of the Signature Property dialog (Figure 115).
Figure 115 Timestamps: Local, machine time
Like signatures, timestamps become “trusted” when they are associated with a timestamp authority’s
trusted certificate. Therefore, while a timestamp authority certificate could be provided by the user or a
company timestamp server administrator, most timestamps are provided by third-party timestamp
authorities such as GeoTrust.
In order to validate a timestamped signature, the user should add the timestamp authority’s certificate to
the list of trusted identities. When a timestamp server certificate is not trusted, the timestamp is labelled as
untrusted in the Signature Properties dialog and the signature verification is stamped with the machine
time (Figure 116).
Figure 116 Timestamps: Untrusted stamp
Trusting a Timestamp Certificate in a Signature
Certificates used by a timestamp authority to timestamp a signature are validated and trusted like any
other certificate.
To trust a timestamp certificate:
1. Follow the steps described in “Validating an Unknown (Untrusted) Signature” on page 121.
Acrobat
Security User Guide
When Timestamps Can’t be Verified. . .
129
2. Choose Show Certificate from the Date/Time tab INSTEAD of the Summary tab (Figure 118).
After the timestamp is validated, the trusted timestamp will display a valid icon (Figure 117).
Figure 118 Timestamps: Date/Time tab
When Timestamps Can’t be Verified. . .
If a signature has a timestamp but it cannot be verified, make sure the following is true:
•
A certificate is associated with the timestamp server. Choose Advanced > Trusted Identities and
verify there is a certificate in the certificate list.
•
The trust level of the certificate is set. Choose Advanced > Trusted Identities, choose a certificate and
verify that the trust level is set. The certificate must either chain up to a trusted root (the recommended
choice) or it must be specified as a trusted root.
Acrobat
Security User Guide
Viewing and Comparing Document Changes and Versions
130
Viewing and Comparing Document Changes and Versions
Document authors and recipients often need to know if a document has changed since it was signed.
Acrobat keeps track of a document’s version number, stores previous document versions in their entirety,
and enables users to compare document versions by work and page. When you open a document, the
latest version is always displayed. However, this may not always be the signed version. Document
recipients should always remember the following:
•
Every time a document is signed, the entire document with all changes are stored in the PDF.
•
A signature is only valid for a specific document version. Signature X can be valid for version X,
signature Y can be valid for version Y, and so on.
For details, see the following:
•
Document versions: For details, see “Viewing a Signed Version of a Document” on page 130.
•
Post-signing modifications: For details, see “Viewing a List of Post-Signing Modifications” on page
130.
•
Visual document changes: For details, see “Comparing Documents” on page 131.
Viewing a Signed Version of a Document
Signed documents contain both a signature and any subsequent versions of that document. In other
words, Acrobat and Adobe Reader “remembers” that version A is signed, that changes were made to
version B, and so on. When you open a document, the latest version is always displayed. However, it is
often necessary to view the signed version in order to see what content was actually signed. When the
viewed version is not the signed version, the signature with either be valid with a warning or unknown.
To view the signed version of a document.
document.
Figure 119 Digital Signature Properties: Document Versioning panel
Viewing a List of Post-Signing Modifications
Because it is possible to change a document without changing its appearance, the list of post-signing
modifications is often a superset of what is visually displayed when comparing documents using
Document Compare. Therefore, for the most thorough analysis of a signed document’s integrity, create
and view the document modifications list.
To view a list of post-signing modifications:
Acrobat
Security User Guide
Comparing Documents
131
1. Right click on a signature and choose Properties.
2. Choose the Document tab.
3. Choose Compute Modifications List.
Figure 120 Digital Signature Properties: Modifications panel
Comparing Documents
As you revise a document and save it to a different name or location, you can verify that you have the latest
version by comparing it against an older version. If you're revising a document using comments you
received during a review, you may need to view a previous version to make sure that you included all the
revisions. As a reviewer, you may want to check the updated document against an older version to make
sure that the author has incorporated all of your requested changes.
Document Compare finds and displays the differences in two versions of a document. Users can specify
the type of differences to look for to verify that the appropriate changes have been made. Document
Compare does not compare comments or other annotations in the document.
Note: Compare is not available in the Adobe Reader and is only available in the full version of Acrobat.
Comparing a Signed Version with the Current Version
To compare two versions of a document:
1. Choose Document > Compare Documents.
2. Specify two documents to compare through one of two ways:
•
Select Choose, browse to the needed file, and Choose Open.
•
If the documents are open, select them from a drop down menu. The drop down lists all OPEN files,
NOT a list of recent files.
3. If a file has been signed one or more times, a Revision drop down list appears and each document
revision will be listed. Select the revision as needed. The timestamp offers the most reliable
chronological order of revision.
Acrobat
Security User Guide
Comparing Documents
132
Figure 121 Compare: Select file drop down menu
4. Set the options in the Type of Comparison panel:
•
Page by page visual differences (Compare pages): Find textual or graphic differences between
two documents by comparing each page’s bitmap (document A’s page one with document B’ page
one, document A’s page two with document B’s page two, and so on.) Select the required level of
detail. The higher the sensitivity, the slower Compare Pages runs. For details, see “Comparing
Documents by Page” on page 133.
•
Detailed analysis: High sensitivity compares at 72 dpi.
•
Normal analysis: Normal sensitivity compares at 36 dpi.
•
Coarse analysis: Low sensitivity compares at 18 dpi.
•
Textual differences (Compare words): to show which text has been inserted, deleted, or moved.
Select Include Font Information to compare any formatting differences. For details, see “Comparing
Documents by Word” on page 134.
•
Set the Markup color as desired.
Figure 122 Compare: Type of comparison
5. Set the options in the Choose Compare Report Type panel:
•
Side by Side Report: Creates a new document that displays the two documents in Continuous-Facing mode.
•
Consolidated Report: Adds markup where the differences occur in the current document. Placing
the pointer over a markup in a consolidated report using the Hand tool displays the differences.
•
To compare text-based documents, select Textual Differences to appear in Side By Side Report
format.
•
For technical drawings, select Page By Page Visual Differences to appear in a Consolidated
Report format.
Figure 123 Compare: Choose compare report type
Acrobat
Security User Guide
Comparing Documents
133
Comparing Documents by Page
Compare completes by opening a temporary document that summarizes the differences. The first two
pages summarize the changed, added, deleted, or moved pages, taking document A as the original and
document B as the modified version (Figure 124).
The differences are displayed as follows:
•
Even numbered pages (the pages on the left on the two page document view) are pages from
document A.
•
Odd numbered pages (the pages on the right on the two page document view) are pages from
document B.
•
Pages that were moved are not shown in the report.
•
Any added page, which only exists in document B, is paired with a blank page in the report. Naturally,
the added page will be on the right and the blank page will be on the left in the two-page view.
•
Any deleted page, which only exists in document B, is paired with a blank page in the report. Naturally,
the deleted page will be on the left and the blank page will be on the right in the two-page view.
•
Pages that were in both documents but were modified are paired with each other in the report. There
will be purple hexagons around regions in the two documents that were modified.
•
Pages that were not modified will not be in the report.
Figure 124 Compare: By page summary report
Acrobat
Security User Guide
Comparing Documents
134
Figure 125 Compare: By page
Comparing Documents by Word
Acrobat can compare the document text rather than its visual appearance, including words that are
deleted, added, and moved. For example, if a word in document A, say Acrobat, is changed to Acrobatic,
Acrobat interprets this change as if the word Acrobat was replaced by Acrobatic.
This reliance on a word level of granularity affects the way Acrobat detects moved blocks of text. Compare
Words can only reliably detect moved strings of contiguous words at least four words long since this
scheme breaks down when working with common words such as the or this. On the other hand, Compare
Words can detect text blocks that were moved and changed as long as 92% of the text block stays the
same.
Compare Words presents results using a temporary document with roughly the same layout as Compare
Pages; that is, a two-page summary, followed by actual pages from both documents that differ, and so on.
However, there are a few differences:
•
The summary page displays the number of added, deleted, or moved words instead of the number of
changed pages.
•
In the actual document pages that differ, words that were deleted from document A are struck out;
words that were added to document B are underlined.
•
When a word's position within the document has been moved, it will be highlighted in a user-specified
color. Click on any text block of highlighted text on one document to see the two page view that shows
the corresponding text block in the other document.
Acrobat
Security User Guide
Comparing Documents
Figure 126 Compare: Displaying changed text
135
6
Document Security Methods
Security methods provide a mechanism for Acrobat users to control the encryption and permission
settings on distributed documents. Because there are three security method types, document authors
should understand the pros and cons of each type before choosing what kind of security to apply. For
more information, refer to the following:
• “Security Method Basics” on page 137
• “Password Security” on page 147
• “Certificate Security” on page 153
• “Adobe Policy Server Security” on page 159
• “Changing Security Methods and Settings” on page 164
136
Acrobat
Security User Guide
Security Method Basics
137
Security Method Basics
Security is often added to documents to limit viewing, editing, printing, and other features to only those
users that have the required password, digital ID, or access to an Adobe Policy Server. Acrobat’s default
security methods not only protect document content from unauthorized access, but also allow users to
specify encryption levels and permission settings. At a high level, adding security to a document involves
selecting a security type, configuring encryption and permissions, and then saving the document (Figure
127).
Figure 127 Security method workflow
Security settings are document-specific and do not apply to other documents. Security can be added to a
document through three methods:
•
Create new settings that may or may not be saved as a policy: Choose Document > Security >
Show Security Settings for this Document, and then select and configure a method (Figure 128).
Both certificate and Adobe Policy Server (APS) security allows the user to save the settings as a policy.
•
Create a new security with the Policy Manager: Choose Document > Security > Secure this
Document. When the Policy Manager opens, choose New, select a policy type, and configure it (Figure
129).
•
Apply an existing policy: Choose Document > Security > Secure this Document, and select a policy
(Figure 129).
Figure 128 Security method selection
Choosing a Security Method Type
There are three default types of security methods that can be applied to a document: Password Security,
Certificate Security, Adobe Policy Server Security (for users with LiveCycle Policy Server access). While
custom, third-party security handlers may be installed, the default security methods provide a wide range
of robust options. There are a number of reasons to choose one security type over another, but all
methods let the user specify encryption algorithms, what document components to encrypt, and what
permissions should be granted to whom. While selecting a security type might involve an analysis of each
method’s pros and cons (Table 8), users commonly base their decision on the each security method’s basic
features:
•
Password security provides a simple way to share documents among users where sharing passwords is
possible or when high levels of backward compatibility is required.
Acrobat
Security User Guide
Security Policies
138
•
Certificate security provides a high level of security, eliminates the need for password sharing, and
allows assigning different permissions to different users whose identities can be verified and managed.
Supported by Acrobat 6.0 and later.
•
Adobe Policy Server security is typically used in business contexts where IT personnel have determined
that APS security and workflows provide a set of features not provided by other methods.
Table 8 Security method pros and cons
Method
Pros
Cons
Password
Backward-compatible to Acrobat 3.0 for certain encryption levels.
Protection of the document has a
dependency on password strength.
Simple and easily understood.
Share documents by sharing the password.
Supports passwords for document opening.
Certificate
Anyone who knows the password
has document access.
Supports password protecting document permission settings.
Does not allow specifying
permissions at the user level. All
users share the same permissions.
No password has to be remembered.
Users must have a digital ID.
Key to unlock document is better protected and resides only on the intended
recipients machine. Key is not susceptible to brute force discovery.
When an organization issues its own
certificates and digital IDs, this
security type requires an
administrator and some
infrastructure.
Can encrypt documents for specific people. When the recipient’s certificate is in
the trusted identities list, passwords are eliminated.
Can use certificates issued by a Certificate Authority.
Allows specifying different permission settings for users.
Compatible with Acrobat 5.0, but full support appears first in 6.0.
APS
(server
based)
Centralized administration of security policies.
Requires a network connection.
Enables document auditing by user.
Requires an administrator and some
Allows setting permissions for separate tasks such as opening, editing, and so on. infrastructure such as an LiveCycle
Server.
Allows specifying different permission settings for users.
Can leverage LDAP directories for recipients and group lists.
It is possible to control end-user offline access.
Can specify a time limit for document validity after which the document expires
and is locked.
Security Policies
Most workflows also allow users to save the settings as a policy, thereby creating a reusable library of
preconfigured security methods. When a policy author names a set of specific encryption levels and
recipient permissions and saves them locally, the policy can later be applied to any document. The user
simply opens Policy Manager by choosing Document > Security > Secure this Document, and select a
policy (Figure 129). In general, policies save time while ensuring a more consistently secure workflow. For
more information, see Chapter 7, "Security Policies".
Tip: Policies are just a scripted way to automatically apply settings to a document. Because policies do not
travel with a document, they can be used to apply settings to a document that will be opened in any
version of Acrobat. In other words, it is the security method and its settings that limit backward
compatibility, not the use of a policy that applies them.
Acrobat
Security User Guide
Security Methods and Encryption
139
Figure 129 Security method selection from Policy Manager
Encryption is used whenever a security method is added to a document. Security methods encrypt
documents or parts of documents and are always involved in granting or denying permissions, thereby
protecting content from unauthorized access. During the security method workflow, users simply select a
radio button in the Select Document Components to Encrypt to set the encryption options (Figure 130).
The user interface and workflow varies with the security method type as follows:
•
Password security: The user is first asked to select a level of Acrobat backward compatibility. The
selection automatically determines the encryption algorithm. Different document components can be
encrypted based on the user’s selection. See Table 10.
•
Certificate security: The user first selects what document components to encrypt and all of the
options are available. Either a 128 bit RC4 or AES algorithm is then selected.
•
APS security: The user selects what document components to encrypt and all of the options are
available. The user is not given an opportunity to select an algorithm because it is automatically
applied by the server.
Figure 130 Encryption configuration panel
Table 9 Encryption support
Component
Description
Compatibility
All contents
Encrypts the document and its metadata.
Acrobat 3 and
later
Acrobat
Security User Guide
140
Table 9 Encryption support
Component
Description
Compatibility
All contents
except metadata
Provides access for document storage/retrieval systems and search engines to have access to
the document metadata. Acrobat 6 and later compatible. A document open or a permissions
password is required.
Acrobat 6 and
later
Encrypting everything except the metadata allows continued access to Acrobat’s Catalog
feature. By leaving the metadata unencrypted, users can catalog and index the metadata of
encrypted documents, thereby making that data searchable.
Only file
attachments
Allows full access to the document and encrypts only the file attachments. Acrobat 7and later
compatible. Permissions cannot be set on attachments. Using password security, a document
open password is required for attachments.
Acrobat 7 and
later
The evolution of Acrobat has seen the addition of security methods that use more sophisticated
encryption algorithms (Table 10). When configuring password security, users also have the opportunity to
set the Acrobat compatibility level. Choosing to remain compatible with earlier versions of Acrobat results
in the use of older algorithms as well as potential limitations in what can be selected to not encrypt. For
example, choosing a compatibility level of Acrobat 5.0 or earlier will mean that all document contents will
be encrypted, including metadata and attachments.
When you apply certificate security you will be asked to select between the 128-bit RC4 or AES algorithms.
The selection criteria should include the following:
•
128-bit AES is only compatible with Acrobat 7.0 and later. It is mandated for some U.S. government
documents because it is more secure than RC4. AES has a bigger file size and adds up to 32 bytes per
stream.
•
128-bit RC4 is compatible with Acrobat 6.0 and later as well as other non-Adobe and Adobe PDF
clients such as Ghostscript and Apple Preview that have not implemented AES. RC4 has a smaller file
size by about 32 bytes per stream.
Table 10 Acrobat version, encryption algorithm, and security handler correlation
Ver.
Password
Entrust Certificate
Adobe Certificate
APS
2.0
Algorithms: 40-bit RC4
N/A
Not supported
Not supported
3.0
N/A
Not supported
Not supported
4.0
Not supported
Not supported
Not supported
Not supported
Self-sign p7b and apf files
only.
Not supported
Encrypted: All contents.
4.0.5
(64-bit decrypt)
5.0
Algorithms: 40 and 128-bit
RC4
N/A
RC4
Acrobat
Security User Guide
Security Methods and Permissions
141
Table 10 Acrobat version, encryption algorithm, and security handler correlation
Ver.
Password
Entrust Certificate
Adobe Certificate
APS
6.0
RC4
RC4
Self-sign and third-party
Not supported
Encrypted: All contents, all
but metadata.
but metadata.
RC4, 128-bit AES
N/A
7.0
Same as 7.0
but metadata.
Self-sign and third-party
RC4, 128-bit AES
but metadata, only
attachments.
7.0.5
RC4
but metadata, only
attachments.
N/A
Same as 7.0
RC4, 128-bit AES
but metadata, only
attachments.
Same as 7.0
Permissions can be set whenever a security method is added to a document. Permission settings enable a
document author to limit a document recipient’s activities and interaction with a document. For example,
restrictions can be placed on editing, copying, and printing. During the security method workflow, users
set permissions by simply choosing the desired options in the Permissions panel.
All of the security methods provide the following options:
•
Printing Allowed:
•
Not Allowed prevents users from printing the document.
•
Low Resolution lets users print the document at no higher than 150-dpi resolution. Printing may be
slower because each page is printed as a bitmapped image. This option is only available if a high
encryption level (Acrobat 5 or Acrobat 6) is selected. Low resolution also prevents users from
printing a high quality document and using optical character recognition software to create a
similar document with no security.
•
High Resolution lets users print at any resolution, directing high-quality vector output to PostScript
and other printers that support advanced high-quality printing features.
• Changes Allowed: Limits page-level editing, commenting, and form field interaction (Table 11).
•
Enable copying of text, images, and other content: Allows file contents (excluding comments) to be
copied. It also makes the content available to assistive technology devices such as screen readers. It
also lets utilities that need access to the contents of a PDF file, such as Acrobat Catalog, get to those
contents. This option is only available if a high encryption level is selected.
•
Enable text access for screen reader devices for the visually impaired: Only available if the option
above is NOT checked. Lets visually impaired users read the document with screen readers. This option
doesn't allow users to copy or extract the document's contents. This option is only available if a high
encryption level is selected.
Acrobat
Security User Guide
142
Table 11 Changes allowed choices for permissions
Change allowed
Description
None
Prevents users from changing the document, including filling in signature and form fields.
Inserting, Deleting, and Rotating Pages
Lets users insert, delete, rotate pages, and create bookmarks and thumbnail pages. This
option is only available if a high encryption level is selected.
Fill-in Form Fields and Signing
Lets users fill in forms and add digital signatures. This option doesn't allow users to add
comments or create form fields.
Commenting, Filling in Form Fields, and
Signing
Lets users fill in forms and add digital signatures and comments.
Any Except Extracting Pages
Lets users change the document using any method listed in the Changes Allowed menu,
except remove pages.
The user interface and workflow varies slightly with the security method type as follows:
•
Password security: The first checkbox activates all the other fields. The Permissions panel’s
appearance varies with how it is accessed, but their features are identical. Only the password security
method requires a permissions password. If the document has both types of passwords, it can be
opened with either password. The document open password and permissions password cannot be
identical.
•
Certificate security: The first checkbox activates all the other fields. Permissions can be individually
specified for different users. To do so, highlight a document recipient and choose Permissions.
•
APS security: Permissions can be individually specified for different users by highlighting a document
recipient and choosing Permissions. APS security provides the option of preventing a document
recipient from saving and viewing the document offline, thereby storing a copy of the document on
the local machine. This may not be desirable on public computers or when the computer is not secure.
Figure 131 Permissions panel: Password Security from Policy Manager
Figure 132 Permissions panel: Certificate Security
Acrobat
Security User Guide
Viewing Encryption and Permission Settings
143
Figure 133 Permissions panel: APS Security
Viewing Encryption and Permission Settings
A document’s security method settings include its encryption level (algorithm), the document
components that were encrypted, its permissions, and other related information.
To view a document’s security settings:
1. Choose Document > Security > Show Security Settings for This Document.
2. Choose Show Details. The settings are displayed in a dialog that varies with the security method type.
The dialog does not update until a user saves and closes the document.
Figure 134 Document security settings: Password security
Acrobat
Security User Guide
Security Method User Interface
Figure 135 Document security settings: Certificate security
Figure 136 Document security settings: APS security
Document Security Menus
You can view a list of current policies or access the Policy Manager the main menu or via a toolbar:
• To display the menu for working with security methods and policies, choose Document > Security.
• To display the Task toolbar’s shortcut to security policies, choose View > Toolbars > Tasks.
Figure 137 Security menu
144
Acrobat
Security User Guide
Security Policy Manager
For details, see “Security Policy Manager” on page 169.
Status Icons
Document Property Dialog
Document permissions and security method can be viewed from the Document Properties dialog’s
Security tab.
To display the Document Properties dialog:
1. Choose Document > Security > Show Security Settings for this Document or do one of the
following:
•
Choose File > Document Properties.
•
Press Control+ D.
•
Select the right arrow above Acrobat’s scroll bar and choose Document Properties.
2. Choose the Security tab.
145
Acrobat
Security User Guide
Associating Batch Processing with a Security Method
146
Figure 139 Document Property dialog
Associating Batch Processing with a Security Method
Acrobat can be configured to associate batch processes with a security method. When a batch process is
associated with a security method, the method is invoked whenever a batch process is initiated.
To set the batch process security preference:
2. Select Batch Processing in the left-hand tree.
3. Select a security method from the drop down list.
The security handler does not apply security to files. Instead, it determines how batch processing deals
with files that are password-protected. If Don't Ask For Password is selected, the batch sequence
proceeds as if the files are not secure. If Password Security is selected, batch processing pauses when
it encounters secured files and prompts for a password.
4. Choose OK.
Figure 140 Security methods for batch processing
Acrobat
Security User Guide
Password Security
147
Password Security
Password security provides a simple method for sharing documents by sharing its password. Like all
security methods, password security has the ability to enforce document restrictions such as opening,
printing, editing, and so on. Unlike certificate and APS security, password security encryption levels can
use settings that are backward-compatible to Acrobat 3.0.
At a high level, adding password security to a document involves selecting a security type, configuring
encryption and permissions, and then saving the document (Figure 141).
Figure 141 Password security workflow
Note that password security does not provide the ability to specify different permissions for different
users, and document protection is somewhat dependant on password strength. However, it does provide
separate options for opening the document and setting user permissions; therefore, password security
uses two kinds of passwords: a Document Open password and a Permissions password.
•
Document Open password: The document open password is required to open a password-protected
document.
•
Permissions password: The permissions password is required to change document permissions such
as copying, printing, editing, and so on.
Acrobat
Security User Guide
Applying Password Security
148
Tip: If the document has both types of passwords, it can be opened with either password. The document
open password and permissions password cannot be identical.
To configure and add password security to a document:
1. Choose Document > Security > Secure this Document.
Tip: To make the document backward-compatible to Acrobat 3.0, choose Document > Security > Show
Security Settings for this Document. However, this workflow does not provide an author with the
opportunity to save the settings as a policy. If you use this workflow, skip to 6.
2. Select Password Security.
3. Choose Next. The New Security Settings Policy dialog appears.
4. Choose one of the following:
•
Save these settings as a policy: Choosing to save the settings as a policy activates the Policy
name and Description fields. Once the wizard is completed (and the settings configured), the
settings are automatically saved as a policy and added to the list of policies in the Document >
Security menu and the Policy Manager. To create a policy, enter a policy name and optional
description and choose whether or not to save the passwords with the policy.
•
Discard these settings after applying: Choosing to discard the settings deactivates the Policy
name and Description fields and no settings are saved.
Figure 142 Security policy: General settings
5. Choose Next. The Password Security Settings dialog appears.
Acrobat
Security User Guide
149
Figure 143 Password Security - Settings dialog
6. Configure the Password Security - Settings dialog:
1. Compatibility: Sets the Acrobat compatibility level as follows:
•
Acrobat 3.0 and later: All document contents are encrypted with the 40-bit RC4 algorithm. This
option provides the most limited set of permission setting options.
•
Acrobat 5.0 and later: Encryption uses the 128-bit RC4 encryption algorithm. This setting
allows the accessibility option to be selected independently of the copy option, restricts printing
to 150-bit dpi, and expands the set of Changes Allowed options.
•
Acrobat 6.0 and later: Encryption uses the 128-bit RC4 algorithm. This setting allows the option
of leaving the document metadata unencrypted while the remainder of the document is
encrypted. All of the options for Acrobat 5.0 and later are also available.
•
Acrobat 7.0 and later: Encryption uses the 128-bit AES algorithm. When selected, the option of
only encrypting the file attachments is available as well as all of the previous options.
Tip: The compatibility options determine what encryption options will be available. Compatibility with
earlier versions of Acrobat may mean all document contents will have to be encrypted.
12. Configure the Select Document Components to Encrypt panel. For more information, see “Security Methods and Encryption” on page 139.
13. Check Require a password to open the document.
14. Enter a password.
15. Reenter the password when asked to confirm it.
16. Choose OK.
Acrobat
Security User Guide
Setting Permissions
150
17. After an alert appears indicating the changes won’t be applied until the document is saved, choose
OK.
Figure 144 Security settings require “save” alert
2. If desired, set the password-based permissions as described in “Setting Permissions” on page 150.
3. Save the document. New or changed settings do not appear in the user interface until the document is
closed and reopened.
Setting Permissions
Document authors can set a permissions password that allows users to change the document’s
permissions. Only a holder of the permissions password will be able to change the permissions. However, if
a document has a document open and a document permissions password, both can open the document.
Tip: Adobe recommends that permission passwords and document open password always be used
together. The permissions password is used to change permissions and is NOT needed to gain access
to the features the author is permitting. Thus, holders of the permissions password are essentially
“owners” of the document and can do anything to it that the author could do.
Note: All Adobe products enforce the restrictions set by the permissions password. However, not all
third-party products fully support and respect these settings. Recipients using such third-party
products might be able to bypass some of the restrictions you have set.
To specify permissions:
1. Set new document permissions or change existing ones:
•
Set new permissions: Add password security to a document as described in “Applying Password
Security” on page 148.
•
Change permissions: Choose Document > Security > Show Security Settings for this
Document.
2. Set or change the password settings:
•
If passwords have not already been set, select Password Security from the Security Method drop
down list, and configure the password settings as described in “Password Security” on page 147.
•
If password security has already been configured, choose Change Settings.
3. Check Use a password to restrict printing and editing of the document and its security settings.
Note: When a password security is configured through the Policy Manager, the checkbox is labelled
Use permissions password to restrict editing of security settings.
Acrobat
Security User Guide
Opening a Password-Protected Document
151
Tip: The document open password and permissions password cannot be identical.
5. Configure the permissions. For more information, refer to “Security Methods and Permissions” on page
141.
6. Choose OK.
7. When the password permissions alert appears, choose OK.
Figure 145 Permissions alert
8. When asked to confirm the password, reenter it.
9. Choose OK.
10. After an alert appears indicating the changes won’t be applied until the document is saved, choose OK.
Figure 146 Security change alert
11. Choose OK to exit the Document Properties dialog.
Opening a Password-Protected Document
Password protected documents require that a user know the document open password to open it. The
permissions password (if any) can also be used to open the document.
To open a password protected document:
1. Open the document.
3. Choose OK.
Acrobat
Security User Guide
Removing a Password
Figure 147 Password prompt
Removing a Password
To remove password security settings from a document:
•
Choose Secure > Remove Security on the Tasks toolbar.
•
Choose No Security from the Security Method menu in the Security tab of the Document
Properties dialog box.
2. When prompted, enter the permissions password.
3. Choose OK.
Changing Document Collection Passwords
To change security settings for a collection of documents:
1. Choose Advanced > Batch Processing.
•
Select an existing sequence such as Password or Set Security to No Changes, and then choose
Run Sequence.
•
To set different security options, define a new batch-processing sequence or edit an existing
sequence.
Password Recovery
Caution: There is no way to recover a lost password from a document. Keep a backup copy that is not
password-protected.
152
Acrobat
Security User Guide
Certificate Security
153
Certificate Security
If you share documents within a large group that require high security, you will likely be using certificate
security methods. Businesses use certificate security because a public key infrastructure (PKI) can be set up
and managed by a PKI administrator. The administrator can set up a central certificate server (LDAP
directory server) for distributing and sharing certificates, custom certificates can be created for specialized
workflows, and so on. Where secure PDFs do not have to be compatible with Acrobat versions prior to 6.0,
certificate security has several advantages:
Allows specifying different permission settings for users: Unlike password-based security which
applies permissions similarly to all document recipients, certificate security allows authors to specify
unique permissions for individuals and groups. For example, it is possible to give employees the ability to
sign documents and fill in form fields while giving only managers the ability to add comments or delete
pages. Such permissions are useful for distributing documents across an organization where different
groups need different kinds of document access and rights.
Superior security attributes: No password has to be remembered or shared as the public and private
keys to encrypt and decrypt documents resides only on the machines of those participating in secure
workflows. Such keys are less susceptible to brute force discovery that passwords.
Note: Participants in a certificate security workflow must have a digital ID. Acrobat versions prior to 6.0
cannot open documents that have certificate security applied.
Figure 148 Certificates security workflow
Acrobat
Security User Guide
Using Windows Certificate Store Certificates
154
Using Windows Certificate Store Certificates
For details, see “Using the Windows Certificate Store for Signing and Certificate Security” on page 31.
Applying Certificate Security
If a policy does not exist that can be applied to the current document, create new security settings. The
workflow allows users to decide whether or not these new settings should be saved as a policy.
To add certificate security method to a document:
1. Choose Document > Security > Secure This Document.
It is also possible to choose Document > Security > Show Security Settings for this Document and
then select Certificate Security from the Security Method drop down list (Figure 128).
2. Choose New.
3. Select Use public key certificates.
4. Choose Next.
•
Save these settings as a policy: Choosing to save the settings as a policy activates the Policy
name and Description fields. Once the wizard is completed (and the settings configured), the
settings are automatically saved as a policy and added to the list of policies in the Document >
Security menu and the Policy Manager. To create a policy, enter a policy name and optional
description.
•
Discard these settings after applying: Choosing to discard the settings deactivates the Policy
name and Description fields and no settings are saved.
6. Configure the Select Document Components to Encrypt panel. For more information, see “Security
Methods and Encryption” on page 139.
7. Choose the encryption algorithm:
•
documents because it is more secure than RC4. AES has a bigger file size and adds up to 32 bytes
per stream.
•
Acrobat
Security User Guide
155
Figure 149 Configuring certificate security
8. Choose Next.
9. Select a digital ID that you will use to access this document in the future.
If the required digital ID does not appear in the list, choose Add Digital ID and follow the steps
described in “Getting Your Own Digital ID” on page 13.
Tip: It is possible to choose Cancel and continue applying certificate security without selecting your
digital ID. A prompt will appear asking whether you would like to return to the digital ID selection or
continue without selecting an ID. However, doing so leaves you off of the recipient list and will
permanently lock you out of the document.
10. If you have more than one digital ID, choose the digital ID persistence level. Most users select one ID as
the default.
• Ask me which Digital ID to use next time
• Use this Digital ID until I close the application
• Always use this Digital ID
Tip: This option will not appear for users with only one digital ID.
11. Choose OK.
Acrobat
Security User Guide
156
Figure 150 Choosing a digital ID for certificate security
12. Choose Search or Browse to find the document recipient’s digital IDs that will enable access to the
secure document:
•
Search lets you search preconfigured directories for certificates on remote servers as well as in your
local Trusted Identity list. For details about searching for certificates, see “Searching for a Digital ID
to Trust” on page 164. Highlight one or more found digital IDs and choose OK.
•
Browse lets you search your computer for certificates stored locally. Highlight one or more found
digital IDs and choose OK.
Tip: Most users in a business environment will want to search their company LDAP directory server. For details, see “Using Directory Servers to Add Trusted Identities” on page 53.
Figure 151 Adding recipients to a document with certificate security
Acrobat
Security User Guide
Applying a Certificate Security Policy
157
13. If you want to specify document permissions, highlight one or more recipients.
Different permissions can be set for different recipients. Select multiple recipients from the list by using
the Control or Shift keys.
1. Choose Permissions.
2. When an alert appears indicating that non-Adobe products may not respect these settings, choose
OK.
3. Choose Restrict printing and editing of the document and security settings (Figure 152).
4. Configure the permissions. For details, refer to “Security Methods and Permissions” on page 141.
5. Choose OK. The Permission Settings dialog closes.
Figure 152 Permissions panel
14. Choose Next.
15. Review the setting details.
16. Choose OK.
17. After an alert appears indicating the changes won’t be applied until the document is saved, choose OK.
18. Choose Finish.
Applying a Certificate Security Policy
If the requisite certificate security settings already exist in a policy, simply apply that policy with Policy
Manager:
1. Choose Document > Security > Secure This Document.
2. Select an existing policy that uses certificate security.
3. Choose Apply.
Acrobat
Security User Guide
Opening a Certificate-Protected Document
Opening a Certificate-Protected Document
Password protected documents require that a user know the document open password to open it. If a
permissions password has been set, that password can also be used to open the document.
To open a password protected document:
1. Open the document.
2. Enter the password associated with the digital ID used to encrypt the document.
3. Choose OK.
Figure 153 Opening an encrypted document: With certificate security
158
Acrobat
Security User Guide
Adobe Policy Server Security
159
Adobe Policy Server Security
APS security methods are only available to those users with access to an Adobe Policy Server. Adobe Policy
Server is a server-based security system that provides a Web-based user interface for dynamic control over
documents. Adobe Policy Server can be configured to run with LDAP, ADS, and other enterprise systems so
that document recipient and group lists can be leveraged from information the organization already has in
place. Policies provided by Adobe Policy Server are stored on the server for easy editing, auditing, and
management.
While server security policies are stored on a policy server, the documents that use them are not. However,
users may be required to connect to the policy server to open and use documents that use a server
security policy.
Tip: For information on configuring Adobe Policy Server, see the help system in the Adobe Policy Server
Web Console.
Policies stored on Adobe Policy Server enable reusing security settings. But they also have the added
benefit of letting you expire and revoke documents no matter how many copies were created or
distributed and maintain accountability by auditing who opens protected documents.
Using server-based security policies is a four stage process:
1. Policy server configuration: The system administrator of your company or group usually configures
Adobe Policy Server, manages accounts, and sets up organizational policies. For more information on
configuring the policy server, see the Adobe website.
2. Publishing a document with a security policy: An author creates a document and applies a policy
stored on Adobe Policy Server to the document. The policy server generates a license and unique
encryption key for the document. Acrobat embeds the license in the document and encrypts it using
the encryption key. The author or administrator can use this license to track and audit the document.
3. Viewing a document that has a policy applied: When users try to open the secure document in
Acrobat 7.0 (or Adobe Reader 7.0), they must authenticate their identities. If the user is granted access
to the document, the document is decrypted and opens with whatever permissions are specified in the
policy.
4. Administering events and modifying access: Using the Web Console, the author or administrator
can track events and change access to policy-secured documents. Administrators can view all
document and system events, modify configuration settings, and change access to policy-secured
documents. For continued access to the file, users may be required to check in the document
periodically.
Applying APS Security
To create a security policy using Adobe Policy Server:
1. Choose Document > Security > Manage Security Policies.
2. Choose New.
3. Select Use the Adobe Policy Server.
4. Choose Next.
Acrobat
Security User Guide
Applying APS Security
160
5. Enter a policy name and description.
6. Configure the Validity period panel. A document’s validity period determines how long it will be
accessible. When a recipient opens a document with an expired validity period, an alert appears stating
that the document is locked (Figure 154).
Figure 154 Validity period expired alert
8. Select Audit Documents to track the events of the documents to which the policy is applied. Events
include printing, modifying, viewing, closing, form filling, and signing documents. The server will keep
track of these events and make the information available to those with server access.
Figure 155 Audit alert for APS security
9. Choose Next.
10. Highlight one or more recipients. Different permissions can be set for different recipients. Select
multiple recipients from the list by using the Control or Shift keys.
If all of the needed recipients do not appear in the recipient list, choose Add User, Add Group, or Add
External, and add them.
Note: External users receive an email message informing them that they have access to secure
documents. The email message includes a registration link.
Acrobat
Security User Guide
Connecting to an Adobe Policy Server
161
Figure 156 Permissions: Setting for recipients (APS security)
11. Choose Permissions and configure the permissions. For more information, refer to “Security Methods
and Permissions” on page 141.
Tip: APS security provides the option of preventing a document recipient from saving and viewing the
document offline, thereby storing a copy of the document on the local machine. This may not be
desirable on public computers or when the computer is not secure.
12. Choose Next.
13. Choose Finish.
Connecting to an Adobe Policy Server
Administrators typically provide end users with server connection details. Once these details are obtained,
configure the server connection details.
To connect to Adobe Policy Server:
2. Select Adobe Policy Servers on the left.
3. Choose New.
4. Enter the server settings:
• Name: The server name.
• Server URL: The server URL.
• Username: The login username if required.
• Password: The login password if required.
5. Choose Connect to this Server.
Acrobat
Security User Guide
Using the Server (APS) Web Console
162
6. If setup is successful, a dialog appears that says “You have successfully configured this Adobe Policy
Server.” Choose OK.
Figure 157 APS Server Configuration
Using the Server (APS) Web Console
If an Adobe Policy Server is available, a security menu item for APS connections appears.
To use the APS web console:
1. Choose Document > Security > Use APS Web Console.
2. If prompted, enter a username and password and choose OK.
3. Work with the policies as described in the Adobe Policy Server Help documentation.
Viewing Server Policies in the APS Console
To view Adobe Policy Server policies:
3. Choose the Policies tab.
Organizational policies and policies you created appear in your browser. For more information on using
Adobe Policy Server, choose Help in the upper right corner of the APS Web Console window.
Creating an APS Policy in the APS Console
To create a security policy using Adobe Policy Server:
3. Choose the Policies tab.
Acrobat
Security User Guide
Importing and Exporting APS Settings
163
4. Configure the policy as described in the Adobe Policy Server documentation.
Importing and Exporting APS Settings
Adobe Policy Server setting can be distributed via FDF files. Both users and administrators can import and
export server settings in the same way as timestamp and directory server information is imported and
exported. For details, see Chapter 8, "Sharing Acrobat Settings and Data with FDF Files".
Acrobat
Security User Guide
Changing Security Methods and Settings
164
Changing Security Methods and Settings
While anyone who can open a document can view its security methods, only those with the correct
permissions can change those methods.
Viewing Security Settings in Acrobat
When a document has restricted features, any tools and menu items related to those features are disabled.
Users who are restricted from using certain document features should contact the document author. A
document’s permissions and security method can be viewed from the Security tab in the Document
Properties dialog.
Display a document’s signature and security status by double-clicking any pen or lock icons that appear in
the lower left corner of the document window.
To view the security settings of a document in Acrobat:
1. Choose Document > Security > Show Security Settings for this Document.
Note that new or changed settings do not appear in the user interface until the document is closed and
reopened.
Figure 158 Security tab
Viewing Security Settings in a Browser
To view document security settings in a Web browser:
1. Click on the Document Pane menu button (a right arrow) above the document’s scroll bar.
Acrobat
Security User Guide
Changing the Security Method
165
2. Choose Document Properties
Figure 159 Viewing document properties in a browser
Changing the Security Method
To change a document’s security settings:
1. Choose Document > Security > Show Security Settings for this Document.
2. Choose a new security method from the drop down list.
Note: Security settings cannot be changed on signed documents. Signature fields must first be
cleared.
3. If the document is password protected, enter the document password.
4. Choose a security method and configure it. For details, see the following:
•
“Password Security” on page 147
•
“Certificate Security” on page 153
•
“Adobe Policy Server Security” on page 159
5. Choose OK.
Changing Security Method Settings
To change the security settings for an encrypted document:
1. From the Tasks toolbar, choose Document > Security > Show Security Settings for this Document.
2. In the Security panel, choose Change Settings.
3. Change the settings as needed. For details, see the following:
•
“Password Security” on page 147
•
“Certificate Security” on page 153
•
“Adobe Policy Server Security” on page 159
4. Save the document.
Acrobat
Security User Guide
Removing Document Security
Removing Document Security
To remove security settings from a document:
1. From the toolbar, choose Document > Security > Remove Security for this Document.
2. If prompted, type the permissions password.
3. When asked to confirm removal of the security settings, choose OK.
4. Choose OK.
166
7
Security Policies
Security policies provide a way to save and reuse security settings so that authors can apply identical
security settings to multiple documents. Policies do not travel with and are not embedded in a document.
When a document is sent to someone, it travels with the specified security settings, but the policy stays
with the document author. Anytime a security method is configured that will be reused, creating a security
policy will save time and effort later. For more information, refer to the following:
• “Security Policy Basics” on page 168
• “Managing Security Policies” on page 172
167
Acrobat
Security Policies
Security User Guide
Security Policy Basics
168
Security Policy Basics
Security policies are simply a saved and reusable collection of security settings. Security policies enable
users to apply the same security settings to multiple documents. Policies do not travel with and are not
embedded in a document. They are simply an automated (scripted) way to apply security to a document.
When a document is sent to someone, it travels with the specified security settings, but the policy stays
with the document author.
Policy settings include two main kinds of information:
•
Encryption type, permission settings, and passwords (if any).
•
Information about who can open a document or change security settings such as a list of individual
recipients or groups.
Security Policy Types
Because policies are simply a scripted way to apply reusable security methods, there is a security policy
type that corresponds to each of the default security methods:
•
Password policies: These reusable policies password-protect a document and are stored on the
creator’s computer. The password information is stored in the document, and any document recipient
with the password can access that document. Therefore, creating a password policy does not involve
specifying any document recipients.
•
Public key certificate policies: These reusable policies encrypt documents for a list of recipients and
are stored on the creator’s computer. User access information is embedded in the document, so
creating a certificate policy involves specifying individuals and groups stored in the author’s local
Trusted Identity Manager.
•
Adobe Policy Server policies: These reusable policies are stored on a server for use by those with the
permission. User access information is embedded in the document, so creating a certificate policy
involves specifying individuals and groups stored on the Adobe Policy Server.
User vs. Organizational Policies
There are two sources for security policies. These policies can be displayed together or individually (Figure
161):
•
User policies: User policies are developed and applied by anyone. User policies for passwords and
public key certificates are stored locally, while Adobe LiveCycle Policy Server policies are stored on the
server. Policy authors can edit and delete the policies they create.
•
Organizational policies: An organizational policy is created by an Adobe Policy Server administrator
and is stored on a policy server. The server controls access to documents and auditing events as
defined by the security policy. Only a policy administrator can create, edit, and delete organizational
policies.
Security Policy User Interface
Document Security Menus
You can view a list of current policies or access the Policy Manager using the main menu or via a toolbar:
•
Choose Document > Security to display the menu for working with security policies.
Acrobat
Security Policies
Security User Guide
• Security Policy User Interface
Choose View > Toolbars > Tasks to display the Task toolbar’s shortcut to security policies.
Figure 160 Security menu
Security Policy Manager
Choose Document > Security > Manage Security Policies to display the Policy Manager.
Figure 161 Security Policy Manager
Document Property Dialog
Document permissions and security method can be viewed from the Document Properties dialog’s
Security tab.
To display the Document Properties dialog:
169
Acrobat
Security Policies
Security User Guide
1. Choose Document > Security > Show Security Settings for this Document or do one of the
following:
•
Choose File > Document Properties.
•
Choose Control D.
•
Select the right arrow above Acrobat’s scroll bar and choose Document Properties.
Figure 162 Document Property dialog
Status Icons
170
Acrobat
Security Policies
Security User Guide
171
Acrobat
Security Policies
Security User Guide
Managing Security Policies
172
Managing Security Policies
Security policies can be edited, copied, and managed using the Policy Manager. To display the Policy
Manager, choose Document > Security > Manage Security Policies.
Figure 164 Security Policy Manager
Creating Security Policies
While policies can be created ahead of time, most policies are created during the course of configuring
new security method settings. When the Security Settings dialog appears, simply choose Save these
settings as a policy and enter a policy name and optional description (Figure 165). Note that the option
to create a policy is part of all workflows except when password security is configured by choosing
Document > Security > Show Security Settings for This Document.
Figure 165 Security policy: General settings
To create a security policy:
Acrobat
Security Policies
Security User Guide
Applying a Security Policy to a Group
173
1. Choose Document > Security > Manage Security Policies (Figure 161).
2. Choose New.
3. Select a security method for the policy.
Figure 166 Policy security method selection
4. Choose Save these settings as a policy.
5. Enter a policy name and optional description.
6. Configure the security method as usual:
•
“Applying Password Security” on page 148
•
“Applying Certificate Security” on page 154
•
“Applying APS Security” on page 159
Only certificate-based and APS policies may be applied to a group. Certificate-based policies have access
to the groups stored in the Trusted Identity Manager or available through its search mechanism. APS
policy workflows allow you to search for groups available on the network.
Password policies apply to everyone equally in the sense that only password holders can open and use a
password-protected document.
To create a certificate security policy:
2. Choose New.
3. Select Use public key certificates.
4. Choose Next. The security settings dialog appears.
5. Enter a policy name and optional description (Figure 165).
Acrobat
Security Policies
Security User Guide
174
7. Leave Ask for recipients when applying this policy unchecked.
If the option is not selected, choosing Next displays a dialog in which recipient certificates can be associated with this policy. Tip: Always choose your own certificate so you do not lock yourself out of the document.
8. Choose the encryption algorithm:
•
documents because it is more secure than RC4. AES has a bigger file size and adds up to 32 bytes
per stream.
•
9. Choose a certificate.
10. Choose OK.
11. Add a group from the Trusted Identity Manager.
1. Choose Search.
2. Uncheck Search all directories.
3. Choose Trusted Identities from the Directories drop down list.
4. Select a group from the Groups drop down list.
All of these contacts in this group will appear in the Search Results field.
5. Highlight the needed contacts.
6. Choose OK.
Acrobat
Security Policies
Security User Guide
Viewing a Security Policy
175
Figure 167 Searching for group contacts
7. Choose Next.
8. Choose Finish.
Viewing a Security Policy
To view a security policy:
2. Choose a security policy.
3. Choose View.
The policy opens in read-only mode. It cannot be edited. Review the policy settings as needed.
Copying a Security Policy
Copying a policy is useful when a new policy is needed that is similar to an existing policy. The first policy is
simply copied, changed as needed, and then saved under a new name.
To copy a security policy:
3. Choose Copy.
4. Change the policy’s settings as described in one of the following sections:
•
“Applying Password Security” on page 148
•
“Applying Certificate Security” on page 154
Acrobat
Security Policies
Security User Guide
Editing a Security Policy
• 176
“Applying APS Security” on page 159
5. Choose Finish.
Editing a Security Policy
Existing policies can be edited. For example, if a document is distributed to a group of users and the
owners wants to revoke permission for others to open it, the owner can change the policy.
To edit a security policy:
3. Choose Edit.
4. Change the policy’s settings as described in one of the following sections:
• “Applying Password Security” on page 148
• “Applying Certificate Security” on page 154
• “Applying APS Security” on page 159
5. Choose Finish.
Making a Security Policy Favorite
When a policy is selected as a favorite, a star appears next to that policy and the policy is then listed on the
security menu.
To make a security policy favorite:
3. Choose Favorite.
4. Choose Close.
A star appears next to the selected policy. Any policy labelled as a favorite will appear in the security
menu (Figure 168).
Acrobat
Security Policies
Security User Guide
Refreshing the Security Policy List
177
Figure 168 Security policy: Favorites list
Refreshing the Security Policy List
If the policies are available via a server, refresh the security policy list to ensure that you have access to the
most up-to-date server policies.
1. Choose Document > Security > Refresh Security Policies.
2. When the login screen appears, enter a username and password.
3. Choose OK.
Adding a Security Policy to a Document
Organization and user policies can be applied to any document by those who have permission to do so. If
policies are available via a server, Choose Document > Security > Refresh Security Policies to ensure
that you have access to the most up-to-date server policies.
To apply a security policy to a document:
1. Choose Document > Security > Secure this Document.
2. Highlight a policy.
3. Choose Apply.
4. Configure the required settings as needed by the policy type. For details, see one of the following:
• “Applying Password Security” on page 148
• “Applying Certificate Security” on page 154
• “Applying APS Security” on page 159
5. Choose OK until the dialogs close
6. Save the document.
Tip: If a policy has been designated as a “favorite,” a star appears next to the selected policy. All favorites
appear in the security menu (Figure 168).
Acrobat
Security Policies
Security User Guide
Removing Security Policy from a Document
178
Removing Security Policy from a Document
Security policies can be removed from an open document by those with permissions to do so. User
security policies can always be removed by the current user. However, organizational policies reside on a
server and can only be deleted by the policy’s author, typically the a server administrator.
To remove security from a document:
1. Choose Document > Security > Remove Security Settings for this Document.
2. Choose OK at the confirmation prompt.
Deleting a Security Policy from the Policy List
A user can delete any policy that they created. It is not possible to delete organizational policies created by
an administrator.
To delete a security policy:
3. Choose Delete.
4. Choose Yes at the confirmation dialog.
5. Choose Close.
8
Sharing Acrobat Settings and Data with FDF Files
Acrobat and Adobe Reader use FDF files to exchange data between the Acrobat family of client and server
products. With FDF files, users can exchange digital ID data and Adobe Policy Server, directory server, and
timestamp server settings. FDF files can be created on a server or by any Acrobat user. They can be shared
in networked directories or sent as email attachments.
Note: FDF files use a .fdf extension, and like .pdf, it is registered by Adobe so that files with these
extensions are opened by the required application when opened in a browser or file explorer.
Contact information and certificates associated with digital IDs can be easily shared with FDF files. Digital
ID information can be exported and imported using workflows that rely on email or files on networked
directories. Individual users can send and request digital ID data, and administrators can distribute FDF
files with data for any number of users (groups) across an organization.
FDF files enable administrators (and any other user) to help end others configure their Acrobat
installations by exporting directory and timestamp server settings to FDF files. Whether the file is located
on a network or emailed, FDF file recipients simply double click on a FDF file to import its data
automatically via the FDF import wizard, thereby eliminating the need for error prone, manual
configuration.
FDF files provide individuals and businesses with many opportunities for streamlining workflows. For
example:
•
Alice wants to email her certificate to Bob and wants Bob to reply with his certificate. Alice chooses
Request Contact in the Trusted Identity Manager. The workflow generates and emails an FDF file that
that can contain her certificate, a request for Bob’s certificate, and Alice’s return email address.
•
Alice needs to encrypt documents for a number of people in her organization. An administrator sends
her an FDF file that contains a large group of contacts. When Alice opens the FDF file, she is walked
through the FDF Data Exchange UI wizard so that she can import these contacts into her Trusted
Identities list.
•
A server wants a copy of Bob’s certificate so that the server can encrypt documents for Bob. The server
generates an FDF file that contains a certificate request and a return URL address. When Bob’s
downloads the FDF file from the server, he is walked through the FDF Data Exchange UI wizard where
he can respond by allowing his certificate to be returned.
•
A company needs to distribute its trusted certificate to customers so that they can verify that the
company’s documents are authentic. A server or administrator creates an FDF file that contains the
trusted certificate and posts it on a Web server that hosts a Web page with a link to the file. When
customer’s download the file, they are asked whether they wish to add this certificate to the Trusted
Identity list and are given the ability to set the certificate’s trust level.
For more information, refer to the following:
•
Importing Acrobat Data
•
“Responding to an Emailed Request for a Digital ID” on page 181
•
“Importing a Single Certificate via FDF” on page 181
•
“Importing Multiple Certificates via FDF” on page 182
•
“Importing Timestamp Server Settings via FDF” on page 184
179
Acrobat
Security User Guide
• 180
• “Importing Directory Server Settings via FDF” on page 185
• “Importing APS Server Settings via FDF” on page 186
Exporting Acrobat Data
• “Distributing a Trust Anchor or Trust Root” on page 189
• “Emailing Your Digital ID Certificate” on page 193
• “Saving Your Digital ID Certificate to a File” on page 195
• “Requesting a Digital ID via Email” on page 195
• “Emailing Server Details via FDF” on page 197
• “Exporting Server Details via FDF” on page 198
Acrobat
Security User Guide
181
There are several ways to import Acrobat data from an FDF file:
•
By choosing File > Open.
•
Double clicking on an FDF file (.fdf )
•
For digital ID information, importing it into the Trusted Identity Manager.
•
For server settings, importing it with the Security Settings dialog.
Figure 169 Certificates: Email attachment
For details, see “Responding to an Emailed Request for a Digital ID” on page 14.
Importing a Single Certificate via FDF
Contact information and certificates may be exported from Acrobat, stored on local and networked
directories, or sent as attachments in an email. Administrators often export certificate details to an FDF file
that can be shared throughout a company. Individual users can also use FDF files to share certificates.
Sharing this information ahead of time enables users to configure their trusted identities list all at once, on
an as needed basis, or before receiving a signed document.
To add a contact and the contact’s certificate to the list of trusted identities:
1. Click on the FDF file or select the file and choose File > Open. The digital ID certificate may be sent
directly from Acrobat as an email attachment (Figure 169) or may reside in a networked directory.
2. Review the contact information when the Import Contact dialog appears.
Note: If the file is signed, then Import Contact dialog will also have a Signature panel as shown in
Figure 171.
Acrobat
Security User Guide
Importing Multiple Certificates via FDF
182
Figure 170 Certificates: Contact Information
3. Choose Set Contact Trust.
4. When the Import Contact Settings dialog appears, configure the Trust Settings and Policy Restrictions.
For details, see the user documentation.
5. Choose Certificate Details.
6. Choose the Details tab.
7. In the Certificate data panel, scroll to MD5-digest and SHA-1 digest and note the fingerprint numbers.
8. Contact the certificate's originator and verify the fingerprints are correct.
9. Choose OK.
10. Choose OK.
11. Choose Close.
Contact information and certificates may be exported from Acrobat, stored on local and networked
directories, or sent as attachments in an email. Administrators often export certificate details for multiple
users to an FDF file that can be shared throughout a company. Sharing this information ahead of time
enables users to configure their trusted identities list all at once, on an as-needed basis, or before receiving
a signed document.
To add more than one certificate to the list of trusted identities all at once:
1. Click on the FDF file or select the file and choose File > Open. The digital ID certificate may be sent
directly from Acrobat as an email attachment (Figure 169) or may reside in a networked directory.
Acrobat
Security User Guide
183
Figure 171 Importing certificate from FDF
2. Check or uncheck Accept the level of Trust specified by the signer for all Contacts in this file.
If the checkbox is selected, all contacts associated with this certificate will accept the level of trust that
was set by the user that signed the FDF file.
If the checkbox is not selected, no trust level will be set for these certificates. The certificate cannot be
used for many actions (such as providing a valid timestamp or encrypting) until a trust level is set as
described in the user documentation.
Note: This step assumes a trust level has been specified by the sender.
3. Choose Add Contacts to List of Trusted Identities.
4. If there are multiple contacts in the file, the Choose Contacts to Import dialog appears. Remove those
that are not wanted and highlight the rest.
5. Choose Import.
6. Choose OK in the confirmation dialog.
Acrobat
Security User Guide
Importing Timestamp Server Settings via FDF
184
Figure 172 Making a contact a trusted identity
Importing Timestamp Server Settings via FDF
In most cases, timestamp servers do not have to be manually configured. Timestamp server administrators
often place the server information to an FDF file. This file can be emailed or made available on a network.
To add server settings from a file:
1. Locate the FDF file:
•
Find the file in an email or on the local file system and double click on it, or
•
Import it through the Security Settings dialog: Choose Advanced > Security Settings:
1. Select Time Stamp Servers in the left-hand list.
2. Choose Import.
3. Browse to the FDF file.
4. Choose Open.
5. Review the sender’s details. Verify the signature properties if needed (Figure 173).
Note: The FDF may be signed. If it is not, it will have no signature properties.
Acrobat
Security User Guide
Importing Directory Server Settings via FDF
185
Figure 173 Timestamps: Importing server details from an FDF file
6. Review the timestamp server list. To avoid importing all servers, highlight those that should not be
imported and Select Remove.
7. Choose Import.
Default server information may have been exported with the FDF file. If one of the servers has been
selected as a default, a dialog appears asking if the specified server should be used as the default.
8. Choose Yes or No.
If No is selected, a default timestamp server must be selected before timestamps can be used.
Figure 174 Timestamps: Importing a default server
9. After the import completes, choose OK.
Importing Directory Server Settings via FDF
Administrators and other users can export directory server settings to an FDF file. This file can be emailed
or placed in a local or network directory. Users can import (add) directory server information through the
Security Settings user interface or simply by double clicking on the FDF file containing the data.
To add server settings from a file:
Acrobat
Security User Guide
Importing APS Server Settings via FDF
186
•
•
1. Select Directory Servers in the left-hand list.
2. Choose Import.
4. Choose Open.
Note: The FDF may be signed. If it is not, it will have no signature properties.
Figure 175 Digital ID Directory servers: Importing
6. Choose Import Search Directory Settings.
7. If a confirmation dialog appears, choose OK.
This dialog will not appear if Do not show this message again was previously selected.
8. Choose Close.
The server settings are automatically imported and the new server should now appear in the directory
server list.
Administrators and other users can export APS server settings to an FDF file. This file can be emailed or
placed in a local or network directory. Users can import (add) server information through the Security
Settings user interface or simply by double clicking on the FDF file containing the data.
Acrobat
Security User Guide
To add a server from a file:
•
•
1. Select Adobe Policy Servers in the left-hand list.
2. Choose Import.
4. Choose Open.
Note: The FDF should be signed. If it is not, it will have no signature properties.
Figure 176 Importing APS settings
6. Choose Log In.
Figure 177 Logging in to an Adobe Policy Server
7. Choose OK.
8. Choose Import.
187
Acrobat
Security User Guide
188
9. When a dialog appears asking whether or not you want to make this your default server, choose Yes or
No.
10. Choose OK.
The server settings are automatically imported and the new server should now appear in the directory
server list.
Acrobat
Security User Guide
189
FDF files can be created by administrators, end users, and even a server. It is a good idea to sign FDF files so
that recipients of the file can easily trust the file and its contents.
Note: Recipients won’t be able to validate your signature unless you have previously sent them your
digital ID certificate.
Figure 178 Signing an FDF file
Distributing a Trust Anchor or Trust Root
Distributing a trusted certificate from Acrobat involves wrapping one or more certificates in an FDF file
and making it available to other users via email, a network directory, or a Web site. Recipients simply click
on the file or a link to the file to open the Acrobat wizard which downloads and/or installs the certificate.
Certificate Chains and Trust Anchors /Roots
Certificates usually exist as part of a hierarchy or “chain” of certificates, and part or all of the chain can be
wrapped in an FDF file. The bottom-most and end user certificate (yours) is called an “end entity” (EE)
certificate. The top-most certificate, (the root) is typically issued by a trusted Certificate Authority (CA).
Certificates in between the end entity and root certificates are sometimes called “intermediate certificates”
(ICAs). Acrobat enables users to specify one or more of the certificates in a chain as trusted for specific
operations. Thus, an EE certificate could have one or more trust anchors (trusted ICAs) that chain up to a
the top-most CA certificate which is the primary trust anchor or “trusted root.”
A typical chain might include your certificate, your company’s ICA, and a root CA. Certificates inherit trust
from certificates higher up in the chain. For example, if the root certificate is trusted, then any certificates
chaining up to the that root will also be trusted. Some organizations issue their own CA or ICA certificates
and make them trust anchors for their employees.
It is a common practice to trust certificates as high up in the chain as possible. Since revocation checking
starts at the chain bottom and continues until it reaches a trusted root, trusting the top-most certificate
enables revocation checking for each certificate in the chain. It also allows users to trust other certificates
that chain up to the same root. However, if the root is issued by VeriSign, it might not be wise to make it a
trust anchor as that tells Acrobat to trust the millions of certificates that chain up to VeriSign.
Acrobat
Security User Guide
190
Administrators may need to distribute and install ICA or CA trust anchors to users and individuals may
need to distribute EE certificate for the same reasons:
•
To distribute certified or signed documents to partners and customers.
•
To enable public key encryption (certificate security) to restrict documents access to a known
audience outside the enterprise.
• To help document recipients validate the signatures of document authors.
At a high level, the process for distributing a trusted anchor, CA, ICA, or EE certificate is always the same:
1. Setting the certificate’s trust level for actions such as validating signatures, certifying documents,
executing JavaScript, or enabling multimedia.
2. Exporting the desired certificate. When Acrobat exports a certificate, it automatically exports the other
certificates in that certificate’s chain and includes them in the FDF file.
3. Providing the certificate recipient with instructions for importing the certificate.
Setting Certificate Trust Level
Before distributing a trusted root, set the certificate trust level:
Figure 179 Trusted Identities: Viewing
3. Highlight the needed certificate.
4. Choose Edit Trust.
5. Display the Trust Settings tab.
Acrobat
Security User Guide
191
6. Set the certificate’s trust settings:
•
Signatures and as a Trusted Root: Trusts the certificate as a trusted root for approval signatures.
The net result is that any other certificates which have this one as a root in the chain will also be
trusted for signing. At least one certificate in the chain (and preferably only the root in the chain)
must be a trusted root to validate signatures and timestamps certificates.
Tip: There is no need to make end entity or intermediate certificates trusted roots if they chain up to
trusted root. It is best practice to only trust the topmost certificate as the root because revocation
checking occurs on every certificate in a chain until the root is reached. For example, if you have a
certificate which chains up to your company’s intermediate certificate which in turn chains up to
VeriSign, you would only make VeriSign a trusted root and NOT your company’s, your own, or any of
your coworker’s certificate’s.
•
Certified Documents: Trusts the certificate for certification signatures.
•
Dynamic Content: Not recommended for certified documents. Trusts movies and other dynamic
content. This option requires that the application environment be configured correctly. For more
information, see “Trusting Dynamic Content in Certified Documents” on page 44.
•
Embedded High Privilege JavaScript: Not recommended for certified documents. Trusts
embedded scripts. This option requires that the application environment be configured correctly.
For more information, see “Trusting JavaScript in Certified Documents” on page 45.
Note: Recipients of the distributed root will be able to inherit these trust settings as well as any other trust
settings of certificates higher up in the chain during import.
7. Choose OK.
8. Choose OK.
Export the Certificate
After setting the certificate trust level, export it to a file:
Tip: If the Trusted Identity Manager is open after setting the trust levels, skip to step 3.
Acrobat
Security User Guide
192
In addition to this method, you can also display the certificate from any signature or certificate security
method workflow where a Show Certificate or Certificate Details button appears, such as the
Signature Properties dialog.
3. Select the certificate (Figure 179).
Tip: You could just choose Export and bypass the following two steps. However, exporting the certificate
from the Certificate Viewer allows you to see the entire certificate chain and select all or part of it.
4. Choose Show Certificate. The Certificate Viewer displays the certificate.
5. Select a certificate in the chain that appears in the left-hand window.
Figure 181 Selecting a certificate chain for export
6. Choose Export.
•
Email the data to someone: Emailing the data automatically creates an FDF file that other Adobe
product users can easily import.
•
Save the exported data to a file and Acrobat FDF Data Exchange: FDF is a format that other
Adobe product users can easily import. It is only recognized by Adobe products.
8. Choose Next.
9. Optional: If the Identity Information dialog appears, enter the your email address and any other
information. If you have already configured your identity details, this screen may not appear. To view
your current settings, choose Edit > Preferences > Identity.
Acrobat
Security User Guide
193
10. Do not sign if the certificate you use to sign uses the same trust anchor or you are distributing. Since
recipients do not have this certificate yet, they will not be able to validate your signature.
Note: You can sign the FDF if you have a digital ID that uses a trust anchor OTHER than the one you are
currently distributing. The FDF file recipients must also already have that digital IDs certificate so
that they can validate your signature without relying on the certificate you are currently sending.
This workflow is uncommon, but it does allow recipients to automatically inherit your predefined
trust settings for the certificate embedded in the file.
11. Choose Next.
12. Continue with the workflow until the trusted root is emailed or placed in a directory where your
intended recipients can find it.
Provide Instructions to the Trusted Root Recipients
1. Open the FDF attachment with one of the following methods:
•
Click on the FDF file. It may be an email attachment or a file on a network or your local system.
•
Choose File > Open, browse to the FDF file, and choose Open.
2. The instructions for installing a trusted root depend on whether or not the FDF file is signed or
unsigned:
•
If you receive an unsigned FDF containing a trusted root:
1. Choose Set Contact Trust.
2. On the Trust Settings tab, select the requisite trust options.
Note: The sender should tell the recipient which settings are appropriate.
3. Choose OK.
4. Choose OK.
•
If you receive a signed FDF containing a trusted root:
1. Check Accept the level of trust specified by the signer for all contacts in this file.
2. Choose Close.
•
•
•
To export from the certificate list in the Security Settings dialog, display it by choosing Advanced >
Acrobat
Security User Guide
• Emailing Your Digital ID Certificate
To export any certificate displayed in the Certificate Viewer, choose Export on the General tab.
To email a digital ID certificate:
5. Choose Email the data to someone (Figure 182).
Figure 182 Digital ID: ID export options
6. Choose Next.
7. Enter the recipient’s email address and any other optional information.
Figure 183 Emailing a digital ID
8. Choose Next.
9. Choose Sign if you want to sign the FDF file; otherwise, choose Next.
10. Enter an email address.
11. Choose Next.
12. Review the data and choose Finish.
194
Acrobat
Security User Guide
195
13. When the email program opens, send the email.
•
•
•
Exporting from the certificate list in the Security Settings dialog. Display it by choosing Advanced >
• Exporting any certificate displayed in the Certificate Viewer. Simply choose Export on the General tab.
To save a digital ID certificate to a file:
5. Choose Save the exported data to a file (Figure 182).
6. Choose a file type:
•
Acrobat FDF Data Exchange: FDF files can only be emailed in 7.0.7
•
Certificate Message Syntax - PKCS#7: Save the file as a PKCS7 file.
•
Certificate File: Saves the file in CER format.
7. Choose Next.
8. Browse to a file location and choose Save.
9. Choose Next.
10. Review the data to export and choose Finish.
When you request digital ID information from someone, Acrobat automatically includes in that email an
FDF file containing your contact and certificate information.
To request a certificate from another user:
2. Choose Request Contact.
Acrobat
Security User Guide
196
Figure 184 Emailing a certificate request
3. Confirm or enter your identity.
Tip: The identity panel is prepopulated if the information has been previously configured in Edit >
Preferences > Identity.
4. Choose Include My Certificates to allow other users to add your certificate to their list of trusted
identities.
5. Choose whether to email the request or save it as a file.
6. Choose Next.
7. Select the digital ID file to export.
Figure 185 Certificates: Selecting a digital ID for export
8. Choose Select.
•
Email: Enter the person’s email address in the Compose Email dialog and choose Email. Send the
email message when it appears in the default email application with the certificate request
attached.
Acrobat
Security User Guide
Emailing Server Details via FDF
•
197
Save as file: Choose a location for the certificate file Export Data As dialog. Choose Save, and then
choose OK. Tell the intended recipient(s) where to find the file.
Emailing Server Details via FDF
Adobe Policy Server, directory server, and timestamp server details can be exported to an FDF file for
distribution to one or more people. Server information sent via an email resides in an attached FDF file. To
send directory server details in an email:
2. Select Directory Servers, Timestamp Servers, or Adobe Policy Servers from the left-hand list.
3. Select a server from the right-hand panel.
4. Choose Export.
5. Choose Email the exported data to email the FDF file.
Figure 186 Digital ID Directory servers: Export destination
6. Choose Next.
7. Configure the identity information if it is not already specified under Edit > Preferences > Identity
(Figure 187).
Tip: The Identity panel will not appear if the information has been previously configured. The identity
panel is prepopulated if the information has been previously configured in Edit > Preferences >
Identity.
Acrobat
Security User Guide
Exporting Server Details via FDF
198
Figure 187 Digital ID Directory servers: Sender’s identify
8. Choose Next.
9. Enter the email information.
Figure 188 Digital ID Directory servers: Email details
10. Choose Next.
11. Review the export details.
12. Choose Finish.
Adobe Policy Server, directory server, and timestamp server details can be exported to an FDF file for
distribution to one or more people. Server information can be written to a file and save to any location. To
save server details to a file:
2. Select Directory Servers, Timestamp Servers, or Adobe Policy Servers from the left-hand list.
3. Select a server from the right-hand panel.Choose Export.
4. Choose Save the exported data to a file to save the data in an FDF file that can be shared (Figure 186).
5. Choose Next.
Acrobat
Security User Guide
199
6. Configure the identity information if it is not already specified under Edit > Preferences > Identity
(Figure 187).
Tip: The Identity panel will not appear if the information has been previously configured.
7. Choose Next.
8. Choose Sign. When the signing dialog appears, choose Sign again (Figure 175). Sign FDF files so that
recipients of the file can easily trust the file and its contents.
9. Choose Next.
10. Browse to a location in which to save the file.
11. Choose a file name and choose Save.
12. Choose Next.
13. Review the export details.
14. Choose Finish.
External Content and Document Security
This document describes how to use Trust Manager control how documents interact with elements
outside of the document.
•
Setting Attachment Options
•
External Stream Access
•
Internet URL Access
For information about multimedia permission settings, refer to “Setting Dynamic Content (Multimedia)
Security Options” on page 117.
Setting Attachment Options
Before working with attachments, you should understand both the default behavior as well as how to
modify that behavior. For details, see the following:
•
“Default Attachment Behavior” on page 200
•
“Modifying Attachment Behavior Via the User Interface” on page 204
Modifiable attachment options include the following:
•
“Adding Custom Attachment Extensions” on page 205
•
“Propagating New Attachment Settings” on page 205
•
“Allowing Attachments to Open Files or Launch Applications” on page 205
Default Attachment Behavior
You should exercise caution when attaching files to a PDF since the content may adversely affect a
document or even the document’s operating environment. To mitigate the risk inherent in attachments:
•
Know what the content is and from where it originated.
•
Be aware of dangerous file types and how Acrobat manages those types. Acrobat maintains a Black
Lists and White Lists which controls application behavior:
•
File types not on the black list: These can be attached without a warning dialog. Trying to open or
save them from within Acrobat invokes a dialog which allows the user to perform the action just
once or to add them to the good type (white) list or bad type (black) list.
•
File types on the white list: These can be attached and may be opened or saved if the file
extension is associated with the requisite program.
•
File types on the black list: These can be attached, but a warning dialog appears stating that they
cannot be save or opened from Acrobat. No actions are available for these files.
For details about changing this list, see “Modifying Attachment Behavior Via the User Interface” on
page 204.
•
Prevent attachments from opening other files and launching applications. This is Acrobat’s default
behavior. For details about changing this behavior, see “Allowing Attachments to Open Files or Launch
Applications” on page 205.
200
Acrobat
Security User Guide
201
Black Lists and White Lists
Acrobat 7.0 products (Professional, Standard, and Adobe Reader) always allow you to open and save PDF
and FDF file attachments. However, attachments represent a potential security risk because they can
contain malicious content, open other dangerous files, or launch applications. Certainly file types such as
.bin, .exe, .bat, and so on will be recognized as threats by most users.
Adobe Acrobat and Adobe Reader store some of these good and bad (white and black) file types in a list in
the registry (Table 6). This list contains the file types that can and cannot be opened or saved. Acrobat
recognizes these file types . If a bad file type is recognized during the attachment process, a warning
appears (Figure 189).
Figure 189 Attachment: Dangerous type warning
Why Attach a File that’s on the Black List?
Acrobat will let you attach files types that are on the black list because a document recipient may have a
less restrictive black list than the sender. While the recipient may be able to open the file, the attacher will
not be able to execute or open it from within the application. Attempting to open a prohibited file type
results in a warning that the action is not allowed (Figure 190).
Figure 190 Attachment: Cannot open warning
Table 6 Default prohibited file types
Extension
Description
.ade
Access Project Extension (Microsoft)
.adp
Access Project (Microsoft)
.app
Executable Application
.asp
Active Server Page
.bas
BASIC Source Code
.bat
Batch Processing
.bz
Bzip UNIX Compressed file
.bz2
Bzip 2 UNIX Compressed file (replaces BZ)
Acrobat
Security User Guide
Extension
Description
.cer
Internet Security Certificate file (MIME x-x509-ca-cert)
.chm
Compiled HTML Help
.class
Java Class file
.cmd
DOS CP/M Command file, Command file for Windows NT
.com
Command
.command
Mac OS Command Line executible
.cpl
Windows Control Panel Extension (Microsoft)
.crt
Certificate file
.csh
UNIX csh shell script
.exe
Executable file
.fxp
FoxPro Compiled Source (Microsoft)
.gz
Gzip Compressed Archive
.hex
Macintosh BinHex 2.0 file
.hlp
Windows Help file
.hqx
Macintosh BinHex 4 Compressed Archive
.hta
Hypertext Application
.inf
Information or Setup file
.ini
Initialization/Configuration file
.ins
IIS Internet Communications Settings (Microsoft)
.isp
IIS Internet Service Provider Settings (Microsoft)
.its
Internet Document Set, International Translation
.job
Windows Task Scheduler Task Object
.js
JavaScript Source Code
.jse
JScript Encoded Script file
.ksh
UNIX ksh shell script
.lnk
Windows Shortcut file
.lzh
Compressed archive (LH ARC)
.mad
Access Module Shortcut (Microsoft)
.maf
Access (Microsoft)
.mag
Access Diagram Shortcut (Microsoft)
.mam
Access Macro Shortcut (Microsoft)
.maq
Access Query Shortcut (Microsoft)
202
Acrobat
Security User Guide
Extension
Description
.mar
Access Report Shortcut (Microsoft)
.mas
Access Stored Procedures (Microsoft)
.mat
Access Table Shortcut (Microsoft)
.mau
Media Attachment Unit
.mav
Access View Shortcut (Microsoft)
.maw
Access Data Access Page (Microsoft)
.mda
Access Add-in (Microsoft), MDA Access 2 Workgroup (Microsoft)
.mde
Access MDE Database file (Microsoft)
.mdt
Access Add-in Data (Microsoft)
.mdw
Access Workgroup Information (Microsoft)
.mdz
Access Wizard Template (Microsoft)
.msc
Microsoft Management Console Snap-in Control file (Microsoft)
.msi
Windows Installer file (Microsoft)
.msp
Windows Installer Patch
.mst
Windows SDK Setup Transform Script
.ocx
Microsoft Object Linking and Embedding (OLE) Control Extension
.ops
Office Profile Settings file
.pcd
Visual Test (Microsoft)
.pif
Windows Program Information file (Microsoft)
.prf
Windows System file
.prg
Program file
.pst
MS Exchange Address Book file, Outlook Personal Folder file (Microsoft)
.rar
WinRAR Compressed Archive
.reg
Registration Information/Key for Windows 95/98, Registry Data file
.scf
Windows Explorer Command
.scr
Windows Screen Saver
.sct
Windows Script Component, Foxpro Screen (Microsoft)
.sea
Self-expanding archive (used by Stuffit for Mac files and possibly by others)
.shb
Windows Shortcut into a Document
.shs
Shell Scrap Object file
.sit
Compressed archive of Mac files (Stuffit)
.tar
Tape Archive file
203
Acrobat
Security User Guide
Modifying Attachment Behavior Via the User Interface
204
Extension
Description
.tgz
UNIX Tar file Gzipped
.tmp
Temporary file or Folder
.url
Internet Location
.vb
VBScript file or Any VisualBasic Source
.vbe
VBScript Encoded Script file
.vbs
VBScript Script file, Visual Basic for Applications Script
.vsmacros
Visual Studio .NET Binary-based Macro Project (Microsoft)
.vss
Visio Stencil (Microsoft)
.vst
Visio Template (Microsoft)
.vsw
Visio Workspace file (Microsoft)
.webloc
Mac OS Finder Internet Location
.ws
Windows Script file
.wsc
Windows Script Component
.wsf
Windows Script file
.wsh
Windows Script Host Settings file
.zip
Compressed Archive file
.zlo
ZoneLabs ZoneAlarm Mailsafe Renamed .PIF file
.zoo
An early compressed file format
Modifying Attachment Behavior Via the User Interface
Users can indirectly manage the registry list of which file types can be opened and saved. In other words,
the list in Table 6 can be extended one at a time as each attached file is opened.
To add a file to the registry’s attachment list:
1. Attach a file type not in the registry list. For example, myfile.xyz.
2. In Acrobat, try to open the files.
3. When the Launch Attachment dialog appears, choose one of the following (Figure 191):
•
Open this file: Opens the files without changing the registry list.
•
Always allow opening files of this type: Adds the file type to the registry list and warnings are
bypassed in the future.
•
Never allow opening files of this type: Does not open the file or add it to the registry list.
4. Choose OK.
Note: Because the registry list could grow over time and users do not have direct access to the list (it can’t
be easily viewed), resetting the list to its original state results in the highest level of security.
Acrobat
Security User Guide
Adding Custom Attachment Extensions
205
Choosing Reset list of allowed / disallowed file attachment types in the Trust Manager removes
all custom, user-specified entries in the registry list.
Figure 191 Launch Attachment dialog
Adding Custom Attachment Extensions
To add custom extensions, add your own file extension entries to the very end of the list. The method is
the same on both Windows and Macintosh. Use the following format for each custom extension:
|.FILEEXTENSION:PERMVALUE
For example, to add the extension .ext with a value of Always Allowed, you would add:
|.ext:2
Propagating New Attachment Settings
If the Acrobat 7.x product is already installed various user machines and InstallShield Tuner 7 for Acrobat
was not used to customize user installations, it is still possible to propagate the change across multiple
users.
To do so:
1. Finish editing the FeatureLockDown Windows registry key.
2. Select the sBuiltInPermList key.
3. Choose File > Export to save the REG key.
4. Invoke this REG key using whatever method you normally use to deploy this change in your
organization. For example, use a BAT file that runs during a user's logon script to invoke the REG key.
Allowing Attachments to Open Files or Launch Applications
The Trust Manager enables users to control whether or not attachments can open files or launch
applications. By default, Acrobat does not allow attachments to open files or launch applications.
To set attachment preferences:
3. Check or uncheck Allow documents to open other files an launch other applications. Leave this
option unchecked if a high level of security is needed.
Acrobat
Security User Guide
206
Note: When the option is unchecked, documents will never open other files or launch applications. When
the option is checked, the application uses a stored black list to determine what that file can do. Any
file on the black list will not be allowed to open a file or launch an application. Acrobat and Adobe
Reader both ship with a default black list.
4. Choose OK.
Both Adobe Acrobat and Adobe Reader can inform the user when a PDF file is attempting to send or
receive stream data. In the PDF world, a stream is an URL or some file specification identified as a stream
object by flags as specified in the PDF 1.6 Reference. Only PDF developers create PDF files with streams, so
the average user usually does not need to enable access to external streams.
Silently transmitting data represents a security risk since malicious content can be transferred whenever
the application communicates with an external source. Therefore, only users that are advised to do so by a
system administrator should enable this feature.
To configure external stream access:
3. Check or uncheck Enable External Streams in the Resource Access panel.
4. The default (and most secure) behavior does not enable external streams. When external streams are
enabled, PDF files that contain an embedded switch defining a host address can silently transmit data
to and from the remote host. Do not enable this option unless you want access to remote data.
5. Choose OK.
Figure 192 Resource Access
Internet URL Access
Both Adobe Acrobat and Adobe Reader can inform the user when a PDF file is attempting to connect to an
Internet site. Opening a Web page represents a security risk because malicious content can be transferred
whenever the application communicates with the Internet. In addition to obvious, visible links in a PDF
document, form fields can contain JavaScript calls that open a page in a browser or try to get data silently
from the Internet.
Adobe Acrobat and Adobe Reader maintain a white and black list of URLs called the “Trust List.” Users can
specify whether or not URL access is allowed on a global or per-URL basis. For URLs that aren’t explicitly
trusted or blocked, a warning should appear whenever a PDF document tries to access the Internet (Figure
193).
Acrobat
Security User Guide
Internet URL Access
207
Figure 193 External connection warning
To configure Internet resource access:
3. Choose Change Site Settings.
4. Select an option from the Default behavior for URL access drop down list (Figure 194):
•
Use Trust List: The default. When the URL is not in the list, the application behaves as specified by
the Default behavior for other sites field.
•
Always Allow: The application makes the connection to any URL without prompting the user.
•
Always Deny: The application never makes the connection to any URL and does not advise the user
why the connection was not established.
5. If Use Trust List is selected, add a URL in the text field and choose Allow or Block. Repeat as necessary.
6. Configure the behavior for sites not in the trust list by selecting an option from Default behavior for
other sites. Choose Always Deny, Always Allow, or Always Prompt.
7. Choose OK.
8. Choose OK.
Acrobat
Security User Guide
Internet URL Access
Figure 194 Managed Sites dialog
208
Index
.
.ade 201
.adp 201
.app 201
.asp 201
.bas 201
.bat 201
.bz 201
.bz2 201
.cer 202
.chm 202
.class 202
.cmd 202
.com 202
.command 202
.cpl 202
.crt 202
.csh 202
.exe 202
.fxp 202
.gz 202
.hex 202
.hlp 202
.hqx 202
.hta 202
.inf 202
.ini 202
.ins 202
.isp 202
.its 202
.job 202
.js 202
.jse 202
.ksh 202
.lnk 202
.lzh 202
.mad 202
.maf 202
.mag 202
.mam 202
.maq 202
.mar 203
.mas 203
.mat 203
.mau 203
.mav 203
.maw 203
.mda 203
.mde 203
.mdt 203
.mdw 203
.mdz 203
.msc 203
.msi 203
.msp 203
.mst 203
.ocx 203
.ops 203
.pcd 203
.pif 203
.prf 203
.prg 203
.pst 203
.rar 203
.reg 203
.scf 203
.scr 203
.sct 203
.sea 203
.shb 203
.shs 203
.sit 203
.tar 203
.tgz 204
.tmp 204
.url 204
.vb 204
.vbe 204
.vbs 204
.vsmacros 204
.vss 204
.vst 204
.vsw 204
.webloc 204
.ws 204
.wsc 204
.wsf 204
.wsh 204
.zip 204
.zlo 204
.zoo 204
A
Access Type 54
Acrobat 3.0 and later 149
Acrobat version, encryption algorithm, and security handler correlation 140
Actions that can be associated with a signature field 85
adbe.pkcs7.detached 102
adbe.pkcs7.sha1 102
adbe.x509.rsa_sha1 102
Add Digital ID dialog 13
Adding a contact 51
209
Acrobat
Index
Security User Guide
Adding a Digital ID from a Signature 34
Adding a Security Policy to a Document 177
Adding Certificate Servers as Searchable Directories 31
Adding Custom Attachment Extensions 205
Adding Custom Legal Attestations 98
Adding Custom Signing Reasons 98
Adding IDs During a Workflow 13
Adding IDs in Advance 14
Adding or Removing Group Contacts 51
Adding recipients to a document with certificate security 156
Adding Someone to Your Trusted Identity List 34
Adding Timestamps to Signatures 92
Adding Windows Certificate Store Certificates to the Search Path 32
Adobe Policy Server policies 168
Adobe Policy Server Security 159
Advanced Document Customizations 94
Advanced Editing Tools 61
All contents 139
All contents except metadata 140
Allowing Attachments to Open Files or Launch Applications 205
Always use this Digital ID 155
Applying a Certificate Security Policy 157
Applying a Security Policy to a Group 173
Applying APS Security 159
Applying Certificate Security 154
Applying Password Security 148
APS Server Configuration 162
Arranging Signature Fields 78
Ask me which Digital ID to use next time 155
Associating a Certificate with a Contact 48
Associating Batch Processing with a Security Method 146
Attachment
Cannot open warning 201
Dangerous type warning 201
Audit alert for APS security 160
Authoring a Document with Multiple Fields 81
Authoring Signable Forms 81
B
Backing up the Private Key 19
Black Lists and White Lists 201
Browsing for a Trusted Identity 36
C
Certificate Chains and Trust Anchors /Roots 189
Certificate Security 153
Certificate Trust Settings 43
Certificate trust settings 43, 44, 191
Certificate Viewer 40
Certificate viewer
Trust tab 123
Certificate Viewer information 39
Certificates
Contact Information 182
Email attachment 181
Selecting a digital ID for export 35, 196
210
Verifying originator 41
Certificates security workflow 153
Certified document indicators 66
Certifying a Document 67
Certifying a document
Certification visibility selection 70
Choose allowable actions 69
Document integrity warnings 69
Document is not certified warning 68
Save as certified document dialog 68
Signature 70
Certifying a Document (Certifying Signatures) 65
Changes Allowed 141
Changes allowed choices for permissions 142
Changing a Digital ID’s Password and Timeout 24
Changing a Trusted Identity’s Certificate Association 49
Changing Blank Signature Field Defaults 77
Changing Document Collection Passwords 152
Changing or Clearing the Default Digital ID 21
Changing Security Method Settings 165
Changing Security Methods and Settings 164
Changing the Default Signing Method 63
Changing the Security Method 165
Check revocation 39
Checking Certificate Revocation Status 41
Choosing a digital ID for certificate security 156
Choosing a Security Method Type 137
Clearing One or More Signatures 73
Common Signature Workflows 57, 59
Compare
By page 134
By page summary report 133
Choose compare report type 132
Displaying changed text 135
Select file drop down menu 132
Type of comparison 132
Comparing a Signed Version with the Current Version 131
Comparing Documents 131
Comparing Documents by Page 133
Comparing Documents by Word 134
Compatibility 149
Configure Document Behavior 67
Configure the Select Document Components to Encrypt 149, 154, 160, 173
Configuring Acrobat to use Timestamps 92
Configuring certificate security 155
Configuring Document Status Preferences 115
Connecting to an Adobe Policy Server 161
Contact Information 72
Contacts
Deleting 50
Deleting a group 52
Editing a group 51
Selecting certificates 48
Viewing details 47
Copying a Security Policy 175
Creating a Blank Signature Field 74
Creating a Community of Document Authors and Recipients 28
Creating a Group 51
Acrobat
Index
Security User Guide
Creating a Self-Signed Digital ID 16
Creating an APS Policy in the APS Console 162
Creating and Storing Signature Appearances 87
Creating Default User Information 30, 63
Creating Multiple Copies of a Signature Field 78
Creating Security Policies 172
Creation time 115
Current time 114
Custom Workflows and Beyond 106
D
Default Attachment Behavior 200
Default prohibited file types 201
Deleting a Certificate 50
Deleting a Digital ID 21
Deleting a Directory Server 55
Deleting a Group 52
Deleting a Security Policy from the Policy List 178
Deleting a Signature Appearance 89
Deleting Contacts and Certificates 49
Details 39
Digital ID
Adding a digital ID 14
Certificate viewer 24
Components 10
Configuration 17
Creating a self-signed ID 16
Default ID specification 20
Deleting 21
Finding an existing ID 18
From others 11
Getting a third-party ID 19
ID export options 22, 194
Managing trusted identities 29
PKCS#12 location and password 18
Digital ID Basics 10
Digital ID Directory servers
Email details 198
Export destination 197
Importing 186
Sender’s identify 198
Server list 53
Setting defaults 55
Setting server details 54
Digital ID files
Login and Logout 26
Password configuration 25
Timeout settings 26
Digital ID management 20
Digital ID storage formats 11
Digital ID User Interface 11
Digital IDs
Searching the Windows Certificate Store 33
Digital signature 110
Digital signature icons 111
Digital Signature Preferences 63
Digital Signature Properties
Document Versioning panel 124, 130
211
Modifications panel 131
Digital Signatures Advanced Preferences
Default signing method 64
Signature verification 114
Digital Signatures for Document Authors 57
Digital Signatures for Document Recipients 109
Directory Name 54
Displaying a Certificate in the Certificate Viewer 39
Displaying the Signature Properties Dialog 125
Distributing a Trust Anchor or Trust Root 189
Document Legal Defensibility 65
Document Locking 65
Document Open password 147
Document Property Dialog 145, 169
Document Property dialog 146, 170
Document Security Menus 144, 168
Document Security Methods 136
Document security settings
APS security 144
Certificate security 144
Password security 143
Document Status dialog
for certified document 116
for Signed and encrypted document 115
Document status preferences 116
Document Versioning panel 126
Document versions 130
E
Edit Contact dialog 47, 49
Editing a Security Policy 176
Editing a Signature Appearance 89
Editing Directory Servers Details 54
Editing Signature Fields 77
Editing tools 61
Emailing a certificate request 35, 196
Emailing a digital ID 22, 194
Emailing Certificate or Contact Data 48
Emailing Server Details via FDF 197
Emailing your certificate 15
Emailing Your Digital ID Certificate 21, 193
Enable text access for screen reader devices for the visually impaired 141
Enabling JavaScript to Set Seed Values 95
Encryption configuration panel 139
Encryption support 139
Export the Certificate 191
Exporting Acrobat Data 189
Exporting Server Details via FDF 198
External connection warning 207
External Content and Document Security 200
External Stream Access 206
F
filter 101
Finding an Existing Digital ID 18
Forcing a Certification Signature and Document Locking 96
Acrobat
Index
Security User Guide
G
General 39
Getting a Third-Party Digital ID 19
Getting and Using Your Digital ID 9
Getting Your Own Digital ID 13
Green Check and Caution Triangle 125
H
Hidden 75
Hidden but printable 75
High Privilege JavaScript Defined 119
How are Digital IDs managed? 10
I
Identity preferences 30
Importing a Single Certificate From an FDF File 38
Importing a Single Certificate via FDF 181
Importing Acrobat Data 181
Importing and Exporting APS Settings 163
Importing and Exporting Directory Server Settings 56
Importing and Exporting Timestamp Server Settings 93
Importing APS Server Settings via FDF 186
Importing APS settings 187
Importing certificate from FDF 183
Importing digital ID data 36
Importing Directory Server Settings via FDF 185
Importing Multiple Certificates via FDF 182
Importing Timestamp Server Settings via FDF 184
Including Certificate Revocation Status in a Signature 64
Internet URL Access 206
212
Mouse Up 85
N
Name 75
O
On Blur 85
On Focus 85
Only file attachments 140
Opening a Certificate-Protected Document 158
Opening a Password-Protected Document 151
Opening an encrypted document
With certificate security 158
Orientation 75
P
Launch Attachment dialog 205
Legal Notice 39
Location 72
Locking Fields Automatically After Signing 82
Logging in to an Adobe Policy Server 187
Login, Logout, and Batch Processing 26
Password 54
Password policies 168
Password prompt 152
Password Recovery 152
Password Security 147
Password Security - Settings dialog 149
Password security workflow 147
Permissions
Setting for recipients (APS security) 161
Permissions alert 151
Permissions panel 157
APS Security 143
Certificate Security 142
Password Security from Policy Manager 142
Permissions password 147
Personalizing Signature Appearances 87
Policies 39
Policy OID 105
Policy security method selection 173
Port 54
Post-signing modifications 130
Printing Allowed 141
Problems encountered 39
Propagating New Attachment Settings 205
Provide Instructions to the Trusted Root Recipients 193
Public key certificate policies 168
M
Q
Main Signature Menu 60
Making a contact a trusted identity 184
Making a Field a Required Part of a Workflow 83
Making a Security Policy Favorite 176
Managed Sites dialog 208
Managing Contacts 47
Managing Security Policies 172
Managing Trusted Identities 27
Manually Configuring a Directory Server 53
Maximum Number of Records to Receive 54
Modifying Attachment Behavior Via the User Interface 204
Mouse Down 85
Mouse Enter 85
Mouse Exit 85
Question Mark and Caution Triangle 126
Question Mark and Pen 127
Question Mark and Person 126
J
JavaScript Security option 119
L
R
Read Only 75
Reason field behavior 99
Recommended Certification Workflow 66
Red X and Pen 127
Refreshing the Security Policy List 177
Removing a contact 51
Removing a Password 152
Removing Dangerous Content 67
Acrobat
Index
Security User Guide
Removing Document Security 166
Removing Security Policy from a Document 178
Requesting a Digital ID via Email 34, 195
Required 75
Required field not signed alert 84
Resource Access 206
Responding to an Emailed Request for a Digital ID 14, 181
Revalidate signatures warning 123
Revocation 39
Running JavaScript and Dynamic Content 127
S
Saving Certificate or Contact Details to a File 48
Saving Your Digital ID Certificate to a File 23, 195
Search Base 54
Searching for a Digital ID to Trust 36
Searching for a document recipients 38
Searching for group contacts 175
Secure time 114
Security and signature status icons 62, 145, 171
Security change alert 151
Security menu 144, 169
Security Method Basics 137
Security method pros and cons 138
Security method selection 137
Security method selection from Policy Manager 139
Security Method User Interface 144
Security method workflow 137
Security Methods and Encryption 139
Security Methods and Permissions 141
Security methods for batch processing 146
Security Policies 138, 167
Security policy
Favorites list 177
General settings 148, 172
Security Policy Basics 168
Security Policy Manager 145, 169, 172
Security Policy Types 168
Security Policy User Interface 168
Security settings menu and manager 12
Security settings require “save” alert 150
Security tab 164
Seed value
97
Automating signing tasks 106
Custom signing reason 99
Forcing a certification workflow 98
Reason not allowed error 100
Specifying a certificate issuer and subject 104
Specifying a certificate policy 105
Specifying a timestamp server 100
Specifying an alternate certificate URL 106
Specifying certificates for signing 102
Specifying signature components 102
Seed values
certSpec properties 103
Custom legal attestations 98
JavaScript debugger 96
timeStampspec properties 100
213
SeedValue object properties 94
Select Document Components to Encrypt 139
Selecting a certificate chain for export 192
Selecting a Certificate to use for Encryption 45
Selecting a digital ID 15
Self-signed ID alert 16
Server Name 54
Setting a Certificates Trust Level 190
Setting Attachment Options 200
Setting Digital Signature Validation Preferences 113
Setting Dynamic Content (Multimedia) Security Options 117
Setting High Privilege JavaScript Security Options 119
Setting Permissions 150
Setting Signature Field Tab Order 79
Setting up a Document for Certification 67
Setting Up Automatic Signature Validation 113
Setting up Form Fields 67
Setting up Palm OS appearance files 90
Setting up the Signing Environment 63
Setting up the Trusted Identity Environment 30
Setting up Your Environment for Receiving Documents 113
Sharing Acrobat Settings and Data with FDF Files 179
Signature Appearance 72
Signature appearance
Configuration 88
New button 87
Signature appearances 87
Signature Components
What Makes them Valid? 110
Signature components 59, 111
Signature field
Action properties 84
Aligning, centering, and distributing 78
Appearance properties 76
Copying multiple times 79
Default appearance 74
Edit options 78
General properties 74, 76, 82
Multiple copy options 79
Setting field tab order 80
Setting new defaults 77
Signing properties 82
Signature Field Context Menu 61
Signature field context menu 62
Signature Field Design and Editing 74
Signature menu
In Signature tab 61
Main menu items 60
Options menu items 61
Pen tool 60
Signature Properties
Summary 122
Signature Status and Validity Icons 111
Signature Tab Menus 60
Signature Types
Approval and Certifying 59
Signature validation confirmation 121
Signatures tab
Validate signature 121
Acrobat
Index
Security User Guide
Signatures User Interface 60
Signer Details 39
Signing a document
Choosing a digital ID 72
Creating a new field or invisible signature 71
Signature details 73
Signing a Document Without Certifying (Ordinary Signatures) 71
Signing an FDF file 189
Signing Basics 58
Signing Documents in Acrobat 71
Signing in a Browser 73
Specifying a Default Digital ID 20
Specifying a Default Directory Server 55
Specifying a Post-Signing Action 84
Specifying a URL When a Valid Certificate is not Found 105
Specifying Alternate Signature Handlers and Formats 101
Specifying Certificate Properties for Signing 102
Specifying General Field Properties 75
Specifying Signature Field Appearances 76
Specifying Signing Certificate Policies 104
Specifying Signing Certificates by Issuer and Subject 103
Specifying Timestamps for Signing 100
Status Icons 62, 145, 170
subfilter 101
T
Tasks toolbar 60
This server requires me to log on 54
Time stamp server error 101
Timeout 54
Timestamp Basics for Authors 91
Timestamp Basics for Document Recipients 128
Timestamps
Date/Time tab 129
Entering server details 93
Importing a default server 185
Importing server details from an FDF file 185
Local, machine time 91, 128
Trusted stamp 91, 92, 128
Untrusted stamp 91, 128
Tooltip 75
Trust 39
Trust Manager 118
Trusted Identities
Viewing 40, 190
Viewing revocation status 42
Trusting a certificate for encryption 46
Trusting a Certificate for Signing and Certifying 43
Trusting a Timestamp Certificate in a Signature 128
Trusting Dynamic Content in Certified Documents 44
Trusting JavaScript in Certified Documents 45
Trusting Timestamp Authority Certificates 42
Trusting Windows root certificates 32
U
Unlocking Signature and Form Fields 83
Untrusted signature 43
Upgrading a Legacy .apf Digital ID 19
Use this Digital ID until I close the application 155
214
Acrobat
Index
Security User Guide
User name 54
User vs. Organizational Policies 168
Using Directory Servers to Add Trusted Identities 53
Using Groups with Security Policies 52
Using the Server (APS) Web Console 162
Using the Windows Certificate Store for Signing 64
Using the Windows Certificate Store for Signing and Certificate Security 31
Using Windows Certificate Store Certificates 154
Using Windows Certificate Store Certificates for Validation 31
Using Your Digital ID 20
V
Valid digital signature 120
Validate all signatures dialog 121
Validating a Signature for an Earlier Document Version 124
Validating a Single Signature 120
Validating All Signatures Simultaneously 121
Validating an Unknown (Untrusted) Signature 121
Validating Signatures Manually 120
Validity period expired alert 160
Verifying Self-Signed Certificates 40
Viewing a List of Post-Signing Modifications 130
Viewing a Security Policy 175
Viewing a Signed Version of a Document 130
Viewing and Comparing Document Changes and Versions 130
Viewing and Editing Contact Details 47
Viewing document properties in a browser 165
Viewing Encryption and Permission Settings 143
Viewing Security Settings in a Browser 164
Viewing Security Settings in Acrobat 164
Viewing Server Policies in the APS Console 162
Viewing Your Digital ID Certificate Details 24
Visible 75
Visible but doesn’t print 75
Visual document changes 130
W
What is a Digital ID? 10
What is a Digital Signature? 58
When the Status Icon is Not a Green Check. . . 125
When Timestamps Can’t be Verified. . . 129
Why Attach a File that’s on the Black List? 201
Why Can’t I Certify? 70
Working with Digital IDs and Certificates 39
Working with Groups of Contacts 51
Working with Signed Documents 110
215

Acrobat 7.X Security Feature Reference

Transcription

Similar documents

parathom - Stillwaters Law Firm

Master of Optometry (M.Optom) - The Sankara Nethralaya Academy

Certificate of Registration Williamston Products, Inc.

12-29-15 TEFCU FUSE Brochure-web

Certificate of Registration

2015 Historic Autographs Celebrity 2 Cut

Vendor Enrollment Process http://eproc.hpcl.co.in OR http://eproc

start dough-raising. - Dough

Blackmon Mooring Contract

application for admission