U bekijkt help-inhoud voor de versie::

The Doc Assurance Service helps lower the risk of sensitive information falling into the wrong hands. It's persistent security ensures that documents remain protected, whether users are online or offline. The Doc Assurance service intern contains three services: encryption, reader extension, and digital signatures. These services help you restrict access to unauthorized users, enable advanced features for PDF documents, and certify documents. The service requires following settings to be up and running:  

Configuring the DocAssurance service

The DocAssurance service requires RSA and BouncyCastle libraries. These libraries are installed along with the AEM Forms. Before configuring the DocAssurance service, Install and configure the AEM Forms package.


Before installing the AEM Forms add-on package, ensure that the installation path of the AEM Quickstart does not contain any spaces.

Out of the box, the DocAssurance service is not available for use. To use the DocAssurance service, bootdelegate the RSA and BouncyCastle libraries installed along with AEM Forms package. Perform the following steps to bootdelegate the libraries:   

  1. Stop the AEM Forms server.

  2. Open the sling.properties at [AEM installation]\crx-quickstart\conf\ for editing.


    If you use [AEM_root]\crx-quickstart\bin\start.bat to start AEM, then edit the sling.properties at [AEM_root]\crx-quickstart\

  3. Add the following properties to the sling.properties file

  4. Save and close the file. Restart the AEM Forms server.

Intialize Key store and Trust Store

Using the Trust Store Management, you can import, edit, and delete certificates that you trust on the server for validation of digital signatures and certificate authentication. You can import and export any number of certificates. After a certificate is imported, you can edit the trust settings and trust store type. AEM uses private keys to securely communicate with other web services. In order for the private key to be accessible to AEM,  setup AEM keystore. Perform the following steps to initialize a trust store and key store:

  1. Log in to AEM Forms instance as an administrator.  

  2. Go to Tools > Security > Users. Click on the name of the user that you want to enable document services for.  

  3. In Account settings, click Create TrustStore. Set credentials for the trust store. Click OK. The trust store is initialized.

  4. Click Create KeyStore. Set credentials for the key store. Click OK. The key store is initialized.

  5. Add respective certificates and private keys needs to trust store and key store. 

Set up certificates for Reader extensions

The DocAssurance service can apply usage rights to PDF documents. To apply usage rights to PDF documents, setup certificates for Reader Extensions.
Before setting up the certificates, ensure that you have a:

  • Certificate file (.pfx).
  • Private Key password provided with the certificate.
  • Private Key Alias. You can execute the Java keytool command to view the Private Key Alias:
    keytool -list -v -keystore [keystore-file] -storetype pkcs12
  • Keystore file password. If you are using Adobe's Reader Extensions certificate, the Keystore file password is always the same as Private Key password.

Perform the following steps to setup certificates:

  1. Log in to AEM Author instance as an administrator.

  2. Go to Tools > Security > Users.  

  3. Click the name field of the user account. The Edit User Settings page opens.  

  4. On the AEM Author instance, certificates reside in a KeyStore. If you have not created a KeyStore earlier, click Create KeyStore and set a new password for the KeyStore.  If the server already contains a KeyStore, skip this step. If you are using Adobe's Reader Extensions certificate, the Keystore file password is always the same as Private Key password.

  5. On the Edit User Settings page, click Manage KeyStore.

  6. On KeyStore Management dialog, expand the Add Private Key from Key Store file option and provide an alias. The alias is used to perform the Reader Extensions operation.

  7. To upload the certificate file, click Select Key Store File and upload a <filename>.pfx file. 

  8. Add the Key Store Password, Private Key Password, and Private Key Alias that is associated with the certificate to the respective fields. Click Submit.

  9. Close the KeyStore Management page and click Save on the Edit User Settings page.


On moving to production environment, replace your evaluation credentials with production credentials. Ensure that you delete your old Reader Extensions credentials, before updating an expired or evaluations credential.

Enabling AES-256 for Encryption Service

To use AES 256 encryption for PDF files, obtain and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy files. Replace the local_policy.jar and US_export_policy.jar files in the jre/lib/security folder. For example, if you are using Sun JDK, copy the downloaded files to the [JAVA_HOME]/jre/lib/security folder.

Configuring the Assembler services

The assembler service depends on the Reader Extensions service, Signature service, Forms service, and Output service. Perform the following steps to verify that the required services are up and running:

  1. Login to URL http://[server]:[port]>/system/console/bundles as an administrator.

  2. Search the following service and ensure that the services are up and running:

    Service Name Bundle Name
    Signatures Service adobe-aemfd-signatures
    Reader Extensions Service com.adobe.aemfd.adobe-aemfd-readerextensions
    Forms Service com.adobe.livecycle.adobe-lc-forms-bedrock-connector
    Output Service com.adobe.livecycle.adobe-lc-forms-bedrock-connector