Manage Digital IDs

Search
Adobe Acrobat User Guide

On this page

Applies to: Adobe Acrobat 2017 Adobe Acrobat 2020 Adobe Acrobat DC

某些 Creative Cloud 应用程序、服务和功能在中国不可用。

Digital IDs FAQ

A digital ID is like an electronic driver’s license or passport that proves your identity. A digital ID usually contains your name and email address, the name of the organization that issued it, a serial number, and an expiration date. Digital IDs are used for certificate security and digital signatures.

Digital IDs contain two keys: the public key locks, or encrypts data; the private key unlocks, or decrypts that data. When you sign PDFs, you use the private key to apply your digital signature. The public key is in a certificate that you distribute to others. For example, you can send the certificate to those who want to validate your signature or identity. Store your digital ID in a safe place, because it contains your private key that others can use to decrypt your information.

Digital ID's in Acrobat
Digital IDs include a private key that you safeguard and a public key (certificate) that you share.

You don’t need a digital ID for most of the work you do in PDFs. For example, you don’t need a digital ID to create PDFs, comment on them, and edit them. You need a digital ID to sign a document or encrypt PDFs through a certificate.

Self-signed digital IDs can be adequate for personal use or small-to-medium businesses. Their use should be limited to parties that have established mutual trust.

Most business transactions require a digital ID from a trusted third-party provider, called a certificate authority. Because the certificate authority is responsible for verifying your identity to others, choose one that is trusted by major companies doing business on the Internet. The Adobe website gives the names of Adobe security partners that offer digital IDs and other security solutions. See Adobe Approved Trust List members.

Unfortunately, you cannot recover or reset the password if you’ve forgotten it. If you created the ID yourself, you can create a new one with the same information that you used for the ID. If you got the ID from a certificate authority, contact the authority for help.

Create a self-signed digital ID

Sensitive transactions between businesses generally require an ID from a certificate authority rather than a self-signed one.

  1. In Acrobat, click the Edit menu and choose Preferences > Signatures.

  2. On the right, click More for Identities & Trusted Certificates.

  3. Select Digital IDs on the left, and then click the Add ID button .

    Add a new digital ID

  4. Select the option A New Digital ID I Want To Create Now, and click Next.

    Create a new digital ID

  5. Specify where to store the digital ID, and click Next.

    New PKCS#12 Digital ID File

    Stores the digital ID information in a file, which has the extension .pfx in Windows and .p12 in Mac OS. You can use the files interchangeably between operating systems. If you move a file from one operating system to another, Acrobat still recognizes it.

    Windows Certificate Store (Windows only)

    Stores the digital ID to a common location from where other Windows applications can also retrieve it.

    PKCS-digital-id

  6. Do the following:

    1. Type a name, email address, and other personal information for your digital ID. When you certify or sign a document, the name appears in the Signatures panel and in the Signature field.
    2. Choose an option from the Key Algorithm menu. The 2048-bit RSA option offers more security than 1024-bit RSA, but 1024-bit RSA is more universally compatible.
    3. From the Use Digital ID For menu, choose whether you want to use the digital ID for signatures, data encryption, or both.
    4. Click Next.
    Enter your identity information

  7. Do the following:

    1. Type a password for the digital ID file. For each keystroke, the password strength meter evaluates your password and indicates the password strength using color patterns. Reconfirm your password.
    2. The digital ID file is stored at the default location as shown in the File Name field. If you want to save it somewhere else, click Browse and choose the location.
    3. Click Finish.
    Provide a password for the ID

    If a digital ID file with the same name exists, you're prompted to replace it. Click OK to replace, or browse and select a different location to store the file.

  8. The ID is created. You can export and send your certificate file to contacts who can use it to validate your signature.

    The ID is created

    Note:

    Make a backup copy of your digital ID file. If your digital ID file is lost or corrupted, or if you forget your password, you cannot use that profile to add signatures.

Register a digital ID

To use your digital ID, register your ID with Acrobat or Reader.

  1. In Acrobat, click the Edit menu and choose Preferences > Signatures. In Identities & Trusted Certificates, and click More.

  2. Select Digital IDs on the left.
  3. Click the Add ID button .
  4. Choose one of the following options:

    A File

    Select this option if you obtained a digital ID as an electronic file. Follow the prompts to select the digital ID file, type your password, and add the digital ID to the list.

    A Roaming Digital ID Stored On A Server

    Select this option to use a digital ID that’s stored on a signing server. When prompted, type the server name and URL where the roaming ID is located.

    A Device Connected To This Computer

    Select this option if you have a security token or hardware token connected to your computer.

  5. Click Next, and follow the onscreen instructions to register your digital ID.

Specify the default digital ID

To avoid being prompted to select a digital ID each time your sign or certify a PDF, you can select a default digital ID.

  1. In Acrobat, click the Edit menu and choose Preferences > Signatures. In Identities & Trusted Certificates, and click More.

  2. Click Digital IDs on the left, and then select the digital ID you want to use as the default.

  3. Click the Usage Options button , and choose a task for which you want the digital ID as the default. To specify the digital ID as the default for two tasks, click the Usage Options button again and select a second option.

    Select the options for which you want the digital ID as the default

    A check mark appears before selected options. If you select only the signing option, the Sign icon  appears next to the digital ID. If you select only the encryption option, the Lock icon  appears. If you select only the certifying option, or if you select the signing and certifying options, the Blue Ribbon icon  appears.

    Note:

    To clear a default digital ID, repeat these steps, and deselect the usage options you selected.

Change the password and timeout for a digital ID

Passwords and timeouts can be set for PKCS #12 IDs. If the PKCS #12 ID contains multiple IDs, configure the password and timeout at the file level.

Note:

Self-signed digital IDs expire in five years. After the expiration date, you can use the ID to open, but not sign or encrypt, a document.

  1. In Acrobat, click the Edit menu and choose Preferences > Signatures. In Identities & Trusted Certificates, and click More.

  2. Expand Digital IDs on the left, select Digital ID Files, and then select a digital ID on the right.

  3. Click Change Password. Type the old password and a new password. For each keystroke, the password strength meter evaluates your password and indicates the password strength using color patterns. Confirm the new password, and then click OK.

  4. With the ID still selected, click the Password Timeout button.

  5. Specify how often you want to be prompted for a password:

    Always

    Prompts you each time you use the digital ID.

    After

    Lets you specify an interval.

    Once Per Session

    Prompts you once each time you open Acrobat.

    Never

    You’re never prompted for a password.

  6. Type the password, and click OK.

Note:

Be sure to back up your password in a secure place. If you lose your password, either create a new self-signed digital ID and delete the old one, or purchase one from a third-party provider.

Delete your digital ID

When you delete a digital ID in Acrobat, you delete the actual PKCS #12 file that contains both the private key and the certificate. Before you delete your digital ID, ensure that it isn’t in use by other programs or required by any documents for decrypting.

Note:

You can delete only self-signed digital IDs that you created in Acrobat. A digital ID obtained from another provider cannot be deleted.

  1. In Acrobat, click the Edit menu and choose Preferences > Signatures. In Identities & Trusted Certificates, and click More.

  2. Select Digital IDs on the left, and then select the digital ID to remove.

  3. Click Remove ID.

  4. Enter the password, and then click OK.

    Note:

    If you have forgotten the password, you cannot delete the ID from here. When you click Remove ID, the Acrobat Security dialog box shows the complete location of the digital ID file. Go to the location, delete the file, and then relaunch Acrobat. The ID is removed from the list.

Protecting digital IDs

By protecting your digital IDs, you can prevent unauthorized use of your private keys for signing or decrypting confidential documents. Ensure that you have a procedure in place in the event your digital ID is lost or stolen.

How to protect your digital IDs

When private keys are stored on hardware tokens, smart cards, and other hardware devices that are password- or PIN-protected, use a strong password or PIN. Never divulge your password to others. If you must write down your password, store it in a secure location. Contact your system administrator for guidelines on choosing a strong password. Keep your password strong by following these rules:

  • Use eight or more characters.

  • Mix uppercase and lowercase letters with numbers and special characters.

  • Choose a password that is difficult to guess or hack, but that you can remember without having to write it down.

  • Do not use a correctly spelled word in any language, as they are subject to “dictionary attacks” that can crack these passwords in minutes.

  • Change your password on a regular basis.

  • Contact your system administrator for guidelines on choosing a strong password.

To protect private keys stored in P12/PFX files, use a strong password and set your password timeout options appropriately. If using a P12 file to store private keys that you use for signing, use the default setting for password timeout option. This setting ensures that your password is always required. If using your P12 file to store private keys that are used to decrypt documents, make a backup copy of your private key or P12 file. You can use the backed up private key of P12 file to open encrypted documents if you lose your keys.

The mechanisms used to protect private keys stored in the Windows certificate store vary depending on the company that has provided the storage. Contact the provider to determine how to back up and protect these keys from unauthorized access. In general, use the strongest authentication mechanism available and create a strong password or PIN when possible.

What to do if a digital ID is lost or stolen

If your digital ID was issued by a certificate authority, immediately notify the certificate authority and request the revocation of your certificate. In addition, you should not use your private key.

If your digital ID was self-issued, destroy the private key and notify anyone to whom you sent the corresponding public key (certificate).

Smart cards and hardware tokens

A smart card looks like a credit card and stores your digital ID on an embedded microprocessor chip. Use the digital ID on a smart card to sign and decrypt documents on computers that can be connected to a smart card reader. Some smart card readers include a keypad for typing a personal identification number (PIN).

Similarly, a security hardware token is a small, keychain-sized device that you can use to store digital IDs and authentication data. You can access your digital ID by connecting the token to a USB port on your computer or mobile device.

If you store your digital ID on a smart card or hardware token, connect it to your device to use it for signing documents.