Use certificates to encrypt documents and to verify a digital signature. A digital signature assures recipients that the document came from you. Encryption ensures that only the intended recipient can view the contents. A certificate stores the public key component of a digital ID. For more information about digital IDs, see Digital IDs.
When you secure a PDF using a certificate, you specify the recipients and define the file access level for each recipient or group. For example, you can allow one group to sign and fill forms and another to edit text or remove pages. You can choose certificates from your list of trusted identities, files on disk, LDAP server, or the Windows certificate store (Windows only). Always include your certificate in the recipient list so that you can open the document later.
If possible, encrypt documents using certificates from third-party digital IDs. If the certificate is lost or stolen, the issuing authority can replace it. If a self-signed digital ID is deleted, all PDFs that were encrypted using the certificate from that ID are inaccessible forever.
To encrypt many PDFs, use Action Wizard in Acrobat Pro (File > Action Wizard) to apply a predefined sequence. Alternatively, edit a sequence to add the security features you want. You can also save your certificate settings as a security policy and reuse it to encrypt PDFs.
For PDF Portfolios, Action Wizard applies security to the component PDFs but not to the PDF Portfolio itself. To secure the entire PDF Portfolio, apply security to the portfolio’s cover sheet.
The encryption algorithm and key size are version-specific. Recipients must have the corresponding version (or later) of Acrobat or Reader to decrypt and read the document.
Create a recipient list for the encrypted PDF. Always include your own certificate in the recipient list so that you are able to open the document later.
To check a trusted identity, select the recipient, and then click Details.
To remove recipients, select one or more recipients, and then click Remove. Do not remove your own certificate unless you do not want access to the file using that certificate.
To change permissions of recipients, select one or more recipients, and then click Permissions.
Businesses that use certificates for secure workflows often store certificates on a directory server that participants can search to expand their list of trusted identities.
When you receive a certificate from someone, you can add it to your list of trusted identities. You can set your trust settings to trust all digital signatures and certified documents created with a specific certificate. You can also import certificates from a certificate store, such as the Windows certificate store. A certificate store often contains numerous certificates issued by different certification authorities.
For complete information on sharing certificates, see the Digital Signatures Guide (PDF) at www.adobe.com/go/learn_acr_security_en.
Third-party security providers usually validate identities by using proprietary methods. Or, they integrate their validation methods with Acrobat. If you use a third-party security provider, see the documentation for the third-party provider.
Certificates that you receive from others are stored in a list of trusted identities. This list resembles an address book and enables you to validate the signatures of these users on any documents you receive from them.
When a contact sends a certificate to you in email, it is displayed as an import/export methodology file attachment.
Click Set Contact Trust again to see that the contact has been added to Certificates. Select the certificate to view Details and Trust information.
For Trust, select the options desired.
Use This Certificate As A Trusted Root only if it is required to validate a digital signature. Once you make a certificate a trust anchor, you prevent revocation checking on it (or any certificate in the chain).
To allow actions that can be a security risk, click Certified Documents, and then select the options you want to allow:
Includes FLV and SWF files as well as external links.
Trusts embedded scripts.
Privileged System Operations
Includes networking, printing, and file access
You can safely add a certificate to your trusted identities from a signed PDF by first verifying the fingerprint with the originator or the certificate.
If you use the Windows certificate store to organize your certificates, you can import certificates using a wizard in Windows Explorer. To import certificates, identify the file that contains the certificates, and determine the file location.
The Certificate Viewer dialog box provides user attributes and other information about a certificate. When others import your certificate, they often want to check your fingerprint information against the information they receive with the certificate. (The fingerprint refers to the MD5 digest and SHA1 digest values.) You can check certificate information for your digital ID files or the ID files that you import.
For more information about verifying certificates, see the Digital Signatures User Guide (PDF) at www.adobe.com/go/learn_acr_security_en.
The Certificate Viewer dialog box provides the following information:
Certificate validation period
Intended use of the certificate
Certificate data, such as the serial number and public key method
You can also check if the certificate authority has revoked the certificate. Certificates are typically revoked when an employee leaves the company or when security is compromised in some way.