The Doc Assurance Service helps lower the risk of sensitive information falling into the wrong hands. It's persistent security ensures that documents remain protected, whether users are online or offline. The Doc Assurance service intern contains three services: encryption, reader extension, and digital signatures. These services help you restrict access to unauthorized users, enable advanced features for PDF documents, and certify documents. The service requires following settings to be up and running:
Before installing the AEM Forms add-on package, ensure that the installation path of the AEM Quickstart does not contain any spaces.
Out of the box, the DocAssurance service is not available for use. To use the DocAssurance service, bootdelegate the RSA and BouncyCastle libraries installed along with AEM Forms package. Perform the following steps to bootdelegate the libraries:
Using the Trust Store Management, you can import, edit, and delete certificates that you trust on the server for validation of digital signatures and certificate authentication. You can import and export any number of certificates. After a certificate is imported, you can edit the trust settings and trust store type. AEM uses private keys to securely communicate with other web services. In order for the private key to be accessible to AEM, setup AEM keystore. Perform the following steps to initialize a trust store and key store:
The DocAssurance service can apply usage rights to PDF documents. To apply usage rights to PDF documents, setup certificates for Reader Extensions.
Before setting up the certificates, ensure that you have a:
- Certificate file (.pfx).
- Private Key password provided with the certificate.
- Private Key Alias. You can execute the Java keytool command to view the Private Key Alias:
keytool -list -v -keystore [keystore-file] -storetype pkcs12
- Keystore file password. If you are using Adobe's Reader Extensions certificate, the Keystore file password is always the same as Private Key password.
Perform the following steps to setup certificates:
On the AEM Author instance, certificates reside in a KeyStore. If you have not created a KeyStore earlier, click Create KeyStore and set a new password for the KeyStore. If the server already contains a KeyStore, skip this step. If you are using Adobe's Reader Extensions certificate, the Keystore file password is always the same as Private Key password.
On moving to production environment, replace your evaluation credentials with production credentials. Ensure that you delete your old Reader Extensions credentials, before updating an expired or evaluations credential.
To use AES 256 encryption for PDF files, obtain and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy files. Replace the local_policy.jar and US_export_policy.jar files in the jre/lib/security folder. For example, if you are using Sun JDK, copy the downloaded files to the [JAVA_HOME]/jre/lib/security folder.
The assembler service depends on the Reader Extensions service, Signature service, Forms service, and Output service. Perform the following steps to verify that the required services are up and running: