manualshive.com logo in svg

Adobe 22002486, Руководство пользователя, Страница: 180 / 189

Поделиться
Скачать
Adobe 22002486 Скачать руководство пользователя страница 180

Acrobat 9 Family of Products

Glossary of Security Terms

Security Feature User Guide

      180

MSCAPI

Windows Microsoft Crypto API (MSCAPI) is the API that the application uses to access cryptographic 
service providers such as PFX files and PKCS#11 files. MSCAPI is also used by the application anytime it 
uses a Windows security feature.

OCSP

See Online Certificate Status Protocol.

Online Certificate Status 
Protocol (OCSP)

OCSP defines a protocol for determining the revocation status of a digital certificate without requiring a 
CRL. Unlike CRL, OCSP obviates the need to frequently download updates to keep certification status 
lists current. Acrobat’s OCSP revocation checker adheres to RFC 2560.

organization digital ID, desktop

A digital ID issued to an organization or non-human entity (for example, the Adobe Public Relations 
Department). It can be used by an authorized employee to perform signing operations, at the desktop, 
on behalf of the company.

organization digital ID, server

A digital ID issued on behalf of an organization or non-human entity (e.g. Adobe Public Relations 
Department, Cisco Corporation, etc.) for performing server-based, automated signing operations.

PKCS

group of Public Key Cryptography Standards authored by RSA Security

PKCS#11 device

External hardware such as a smart card reader or token. It is driven by a module (a software driver such 
as a .dll file on Windows). 

PKCS#11 digital ID

An ID on a PKCS# device. A device may contain one or more IDs.

PKCS#11 format

Cryptographic Token Interface Standard: An encryption format used by smart cards, tokens, and other 
PKCS#11-compatible devices. The ID is stored on the device rather than on the user’s computer.

PKCS#11 module

The software module that drives a PKCS#11 device.

PKCS#11 token

See PKCS#11 device.

PKCS#12

Personal Information Exchange Syntax Standard: Specifies a portable, password protected, and 
encrypted format for storing or transporting certificates. The certificates are stored in .pfx (Windows) 
and .p12 (Macintosh) files. Unlike other formats, the file may contain private keys.

PKCS#7 

Certificate Message Syntax (CMS): Files with .p7b and .p7c extensions are registered by the Windows OS. 
If you double click on a .p7c file it will be viewed by a Windows application.

Policy Server

As of Acrobat 9, Adobe Policy Server is renamed to Adobe LiveCycle Rights Management Server 

privileged context

A context in which you have the right to do something that’s normally restricted. Such a right (or 
privilege) could be granted by executing a method in a specific way (through the console or batch 
process), by some PDF property, or because the document was signed by someone you trust. For 
example, trusting a document certifier’s certificate for executing JavaScript creates a privileged context 
which enables the JavaScript to run where it otherwise would not. 

qualified certificates

A qualified certificate that conforms to the RFC 3739 specification. It contains a qc statement that simply 
states that it is a qualified certificate. These types of certificates meet the requirements of the German 
digital signature law, and most qualified certificates currently originate from German trust centers.

qualified electronic signatures

Electronic signatures that use a qualified certificate valid at the time of their creation and that have been 
produced with a secure signature-creation device.

roaming ID

A roaming ID is a digital ID that is stored on a server. The private key always remains on the server, but 
the certificate and its public key can be downloaded at the subscriber’s request to any location. Roaming 
IDs require an Internet connection. 

root certificate

The top-most issuing certificate in a certificate chain. It is sometimes used as a trust anchor.

secure signature-creation 
devices

(SSCD) Software or hardware products used to store and apply signature code and that are designed for 
qualified electronic signatures

security restricted property or 
method

A property or method whose availability is restricted to certain events such as batch processing, console 
execution, or application startup. For example, in Acrobat 7.0,  a security-restricted method (S) can only 
be executed through a menu event if one of the following is true: The JavaScript user preferences item 
“Enable menu items JavaScript execution privileges” is checked or the method is executed through a 
trusted function. The 

JavaScript for Acrobat API Reference

 identifies the items that have restrictions.

Table 5  Security Terms

Содержание 22002486

Страница 1: ...PDF Creation Date November 17 2008 bbc Digital Signature User Guide for Acrobat 9 0 and Adobe Reader 9 0 Acrobat and Adobe Reader Version 9 0...

Страница 2: ...at Reader and the Adobe logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and or other countries Windows Windows NT and Windows XP are registered t...

Страница 3: ...19 2 3 3 Adding and Removing Digital ID Files from the File List 20 2 3 4 Changing an ID File s Password 20 2 3 5 Changing a PKCS 12 File s Password Timeout 21 2 3 6 Logging in to PKCS 12 Files 22 2 3...

Страница 4: ...1 4 Allowing Signing Reason 50 4 2 1 5 Showing Location and Contact Details 50 4 2 1 6 Enabling Document Warning Review 50 4 2 1 7 Requiring Document Warning Review Prior to Signing 51 4 2 1 8 Enabli...

Страница 5: ...for Documents with Multiple Signers 92 6 2 2 Setting up a Document for Certification 93 6 2 3 You can customize the way a certified document behaves for signers by giving form fields additional featur...

Страница 6: ...er Signing 124 7 6 1 JavaScript and Dynamic Content Won t Run 125 7 6 2 Certifying a Document is Prevented 125 7 6 3 Form Field Fill in Signing and or Other Actions Don t Work 125 8 Document Integrity...

Страница 7: ...8 10 2 2 3 Exporting Your Certificate 158 10 2 2 4 Emailing Your Certificate 159 10 2 2 5 Saving Your Digital ID Certificate to a File 160 10 2 2 6 Requesting a Certificate via Email 161 10 2 2 7 Emai...

Страница 8: ...n page 139 Working with Attachments on page 141 Controlling Access to Referenced Files and XObjects on page 145 only available in 7 0 5 and later Internet URL Access on page 146 1 2 Who Should Read Th...

Страница 9: ...curity Documentation In many enterprise environments there is no clear distinction between audience types Some end users are power users and don t shy away from modifying the registry and tweaking app...

Страница 10: ...Acrobat on the Windows platform Acrobat Security Administration Guide Administrators Application deployment and configuration in enterprise settings Digital Signature User Guide for Adobe Acrobat and...

Страница 11: ...thereby creating what is known as a certificate chain Digital IDs operate by using a key pair data encrypted with one key can only be decrypted by the other corresponding key When you sign PDF docume...

Страница 12: ...e applications provide tools for configuring and managing directory servers For details see Using Directory Servers to Add Trusted Identities on page 38 Figure 2 Trusted identities 2 1 2 Digital ID St...

Страница 13: ...nd private keys Export Import Export Import Export Import Export Import fdf An Adobe file data exchange format used for importing and exporting settings and certificates usually PKCS 12 files Export I...

Страница 14: ...r Security Settings opens a dialog for adding removing and setting the usage preferences for digital IDs stored on pfx files PKCS 11 modules and tokens roaming ID servers and the Windows Certificate S...

Страница 15: ...g before using your ID Specifying Digital ID Usage Set an ID to automatically use each time one is required for signing or certificate encryption Sharing Exporting a Digital ID Certificate Since a dig...

Страница 16: ...annot be used 2 2 2 Sharing Exporting a Digital ID Certificate Digital ID certificates must be distributed among participants in signing and certificate encryption workflows Other users must have acce...

Страница 17: ...list in workflows where you are asked to select an ID To provide a friendly name 1 Choose Advanced Acrobat or Document Reader Security Settings 2 Select Digital IDs in the left hand tree Figure 4 3 H...

Страница 18: ...icate can be used for signing encryption or both An Export button allow you to export the certificate to a file Details tab Lists all the certificate fields extensions and their values Revocation tab...

Страница 19: ...ted your ID or obtained a new one then you should be logged in However you may need to log in for the following cases You logged out of the file for some reason You are importing an acrobatsecurityset...

Страница 20: ...er created self signed digital IDs created with those applications A file can have one or more IDs To delete or add an ID file 1 Choose Advanced Acrobat or Document Reader Security Settings 2 Select D...

Страница 21: ...word timeout 1 Choose Advanced Acrobat or Document Reader Security Settings 2 Highlight Digital ID Files in the left hand tree Figure 9 3 Select a file in the right hand panel Figure 9 4 Choose Passwo...

Страница 22: ...ause the dialog prompts for a password the batch sequence is effectively stopped until a user intervenes Logging in to a file provides the ID to the process without stopping it or requiring user input...

Страница 23: ...t and storage location New PKCS 12 Digital ID File Stores the IDs in a password protected file with a pfx Win or p12 Mac extension The file is in a PKCS 12 standard format The files can be copied move...

Страница 24: ...able Unicode Support Optional Use Unicode when your information cannot be adequately displayed with Roman characters Note Many applications do not support non ASCII characters in certificates Be sure...

Страница 25: ...ll not be affected Deleting the last self signed PKCS 12 ID in a pfx or p12 file also deletes the digital ID file Caution Because deleting an ID deletes its private key operations that require that ke...

Страница 26: ...r in the Security Settings Console automatically without any special configuration Acrobat products automatically find that ID However if there is a problem you can browse to and add Windows Certifica...

Страница 27: ...may be used as a general guide IDs stored on a PKCS 11 device are subject to the same operations as described in Generic ID Operations on page 15 2 5 1 Adding an ID that Resides on External Hardware...

Страница 28: ...bel should appear in the right hand panel If there is more than one select one 4 Choose Change Password 5 Enter the old password 6 Enter a new password and confirm it 7 Choose OK Figure 19 Digital ID...

Страница 29: ...vice 1 Choose Advanced Acrobat or Document Reader Security Settings 2 Expand the tree under PKCS 11 Modules and Tokens 3 Highlight any module 4 A card or token label should appear in the right hand pa...

Страница 30: ...rust is complex and it may mean different things in different contexts In Acrobat security workflows trust can mean the following Trusting participants in your workflows In both document security and...

Страница 31: ...th the certificates of document recipients you trust For example Acrobat s user interface prompts authors to select one or more recipients when applying certificate security Because it is often the ca...

Страница 32: ...d to all group members with a single action Users manage contacts groups and certificates by choosing Advanced Acrobat or Document Reader Manage Trusted Identities and opening the Trusted Identities M...

Страница 33: ...a Certificate From a File Acrobat and Adobe Reader are can export certificates to a file so that they can be shared as needed To import certificates follow the instructions described in Migrating and...

Страница 34: ...etails see Using Directory Servers to Add Trusted Identities on page 38 Tip Home users do not usually need to change the directory server list Users in enterprise environments typically have the list...

Страница 35: ...he trusted identities list should be associated with one or more certificates Those certificate s trust settings may be individually configured Choosing to not trust a certificate does not prevent a d...

Страница 36: ...Certificate Viewer Figure 28 Certificates can be separately trusted for approval signatures and certification signatures Certificates can be individually configured to trust operations such as signin...

Страница 37: ...nder you usually want to accept these settings so you can use the certificate they way the sender intended Figure 29 Certificate trust settings Use this certificate as a trusted root Makes the certifi...

Страница 38: ...rs Acrobat considers the following operations potential threats to a secure application operating environment Internet connections cross domain scripting silent printing external object references and...

Страница 39: ...machines tells the user how to configure the server manually or sends the server configuration details in a file as described in Migrating and Sharing Security Settings on page 149 Figure 30 Digital...

Страница 40: ...n to look up LDAP entries User name The login username Password The login password Timeout The number of seconds to keep trying to connect Maximum Number of Records to Receive The number of records to...

Страница 41: ...5 4 Specifying a Default Directory Server A default server may be specified so that it is always used when searching for digital IDs To set default directory server 1 Choose Advanced Acrobat or Docume...

Страница 42: ...rtificates Like certificates contacts can be added removed edited and so on from the trusted identity list 3 6 1 Viewing and Editing Contact Details When a contact s details change it is possible to u...

Страница 43: ...anager Doing so allows you to email it later or locate it on a shared network directory Other users can then add that data to their trusted identity list For details see Saving Your Digital ID Certifi...

Страница 44: ...t Figure 33 3 Choose Details 4 Choose a certificate from the list 5 Choose Remove Association Figure 36 6 Choose a certificate from the list Note The certificate list is populated with the currently a...

Страница 45: ...igure 33 4 Choose Delete 5 Choose whether or not to delete the certificates along with contact Once a certificate is deleted it can no longer be used to validate someone s signature or encrypt a docum...

Страница 46: ...horized or the application allows such changes the changes are not flagged as problematic or warnings In general the goal should be to design documents and workflows so that both the signature status...

Страница 47: ...cintosh Acrobat Preferences Security Adobe Reader Windows Edit Preferences Security Adobe Reader Macintosh Adobe Reader Preferences Security 2 Set your preferences as described in the following sectio...

Страница 48: ...those cases administrators may preconfigure Acrobat to use an alternate plugin or provide user training on how to choose the right one Third party plugins include Entrust plug in for Acrobat 4 and 6 T...

Страница 49: ...es 3 Choose the Creation tab Figure 39 Figure 39 Signature creation preferences 4 Recommended Set Include signature s revocation status when signing Embedding the signing certificate s revocation stat...

Страница 50: ...y Adobe Reader Macintosh Adobe Reader Preferences Security 2 Choose Advanced Preferences 3 Choose the Creation tab Figure 39 4 Set Show location and contact information when signing 4 2 1 6 Enabling D...

Страница 51: ...ghest degree of assurance that the signing process is not adversely impacted by malicious content 1 Choose one of the following Acrobat Windows Edit Preferences Security Acrobat Macintosh Acrobat Pref...

Страница 52: ...Signature Appearances 4 2 2 1 Creating a Custom Signature Acrobat creates a default signature from the signer s name However a signature can be any graphic such an scanned signatures text or a combin...

Страница 53: ...nce panel Figure 41 Note If you have created a watermark file as described in Creating a Custom Watermark or Background on page 52 the watermark should automatically appear in all of your signature ap...

Страница 54: ...ing Distinguished name A name with details such as country organization organizational unit and so on Labels A label for each of the items above For example Reason Logo The logo or graphic used as a b...

Страница 55: ...ecause signature appearances only display local time the appearance time will be different from the timestamp time shown in the Date Time tab of the Signature Properties dialog Figure 43 Timestamps Lo...

Страница 56: ...ministrators preconfigure end user machines or provide the server information in an FDF file If you have an FDF file see Importing Timestamp Server Settings on page 169 4 Enter the server settings Nam...

Страница 57: ...are stored in a signature field embedded on the page A signature field is an Acrobat form field Signature fields are automatically created at the time of signing but it is also possible to create empt...

Страница 58: ...mode by selecting Forms Add or Edit Fields and then double click on them OR right click and choose Properties 2 Display the General tab 3 Configure the options Name Any arbitrary name Tooltip Any arb...

Страница 59: ...n author must create a blank signature field and edit the properties before initiating the signing process Invisible field properties cannot be edited To change a signature field s appearance 1 Create...

Страница 60: ...the following Customizing Field Appearances Specifying a Post Signing Action 2 Choose Close 3 Right click on the field 4 Choose Use Current Properties as New Defaults 4 3 5 Cut Copy and Paste Signatu...

Страница 61: ...Field Once a field is configured multiple copies of the field can be placed on the same page To create multiple copies of a field 1 Place the field in edit mode by selecting Forms Add or Edit Fields 2...

Страница 62: ...e If there is more than one signature field make sure end users can understand which signature fields are associated with specific data Appearance Signature fields can look similar to other form field...

Страница 63: ...PDF file AND compares the object hash in the signature to the object hash from the objects in memory This allows the application to detect prohibited changes 4 Use the drop down list to select from t...

Страница 64: ...o that an action occurs whenever the user interacts with the field in some predefined way However documents are usually signed to protect guarantee and or attest to the signed content Signers usually...

Страница 65: ...The user stops hovering over or tabs away from the field Select Action See Table 6 4 Choose Add 5 Follow the action instructions that appear in the action dialog 6 Optional Move actions Up Down Edit o...

Страница 66: ...in a cross platform format that plays in Windows and Macintosh Play Media Acrobat 5 Compatible Plays the specified QuickTime or AVI movie that was created as Acrobat 5 compatible There must already be...

Страница 67: ...Specifying a Signature Hash Algorithm Embedding Revocation Information in a Signature Specifying Certificate Properties for Signing Specifying Signing Certificates Origin Specifying Certificates by K...

Страница 68: ...1 filter 2 subFilter 4 version and 8 reasons 8 0 16 legalAttestations 32 shouldAddRevInfo and 64 digestMethod X X X X legalAttestations A list of legal attestations that the user can use when creatin...

Страница 69: ...reasons 16 legalAttestations Acrobat 8 0 32 shouldAddRevInfo Acrobat 8 0 64 digestMethod Acrobat 8 0 128 lockDocument 256 appearanceFilter Usage 1 specifies filter 3 specifies filter and sub filter a...

Страница 70: ...Acrobat 7 0 A seed value timeStamp specifier object It uses the url and flags properties to specify a timestamp server For details see Specifying Timestamps for Signing on page 76 version number The m...

Страница 71: ...ted correctly the debugger returns undefined 6 Save the document and test the field Figure 55 Seed values JavaScript debugger 5 2 Forcing a Certification Signature By default signature fields can be s...

Страница 72: ...onal signatures Other changes to the document invalidates the signature Note that annotations can be used to obscure portions of a document and thereby affect the visual presentation of the document T...

Страница 73: ...rtain document features for example subsequent signing and filling out forms these permissions are set at the document level and cannot become more restrictive as signatures are applied Acrobat 9 prov...

Страница 74: ...the required flag based on the properties of the document Example 5 2 Seed value lockDocument f this getField mySigFieldName f signatureSetSeedValue lockDocument true false auto Set the setting as re...

Страница 75: ...signers can choose one of the provided reasons or create a new one by typing in the Reason field Specifying a signing reason will remove all of the default reasons from the reason drop down list User...

Страница 76: ...esponding application level settings if any Use the timeStampspec specifier object s url and flags properties to specify a timestamp server Table 10 Seed values timeStampspec properties Property Type...

Страница 77: ...amp server seed value Obtain the signature field object var f this getField mySigFieldName f signatureSetSeedValue timeStampspec url http 153 32 69 130 tsa flags 1 Figure 60 Time stamp server error 5...

Страница 78: ...r format Tip Since it is possible that different handlers might be used for signing and validating filter and subfilter are used together to assure that signing workflows with different components are...

Страница 79: ...SigFieldName f signatureSetSeedValue digestMethod SHA384 5 9 Embedding Revocation Information in a Signature Users signers have the option to embed certificate revocation status in a signature by turn...

Страница 80: ...ect identifiers or OIDs Authors specify which certificate signers must use by setting the certSpec object s properties Table 11 These can be preferences or requirements If a certificate cannot be foun...

Страница 81: ...sage array of integers Acrobat 8 0 Integers in HEX or decimal that specify the keyUsage extension that must be present in the signing certificate Each integer is constructed as follows There are two b...

Страница 82: ...e subjects that are acceptable for signing The subject property identifies specific individuals as certificate owners that can sign Access to the physical DER encoded certificate is required It is ide...

Страница 83: ...flesnit_DER cer var myIssuerCert security importFromFile Certificate C Temp nebsCompany_DER cer f signatureSetSeedValue certspec subject mySubjectCert issuer myIssuerCert flags 3 5 10 2 Specifying Cer...

Страница 84: ...me f signatureSetSeedValue certspec keyUsage 0x7FFFFFF1 Set KeyUsage to digitalSignature flags 32 Require keyUsage 5 10 3 Specifying Certificates by Policy For legal reasons policies are often associa...

Страница 85: ...When a valid certificate is not found users can be redirected to a URL during the signing workflow The URL may be to a server with a certificate repository or more likely the URL may be a link to a We...

Страница 86: ...with the specified server will appear in the signing dialog s digital ID drop down list when a user attempts to sign the field To require signing only with a roaming ID 1 Create a signature field wit...

Страница 87: ...nu item under Tools called Request Employee Signature 2 Add a signature and text field for display to the current open file 3 Set seed value 3 1 Wrap certificate object 3 2 Set seed value to the added...

Страница 88: ...mysubjectDN CN Example Root CA OU Example Trust Services O Example Systems Incorporated C US var myusage endUserSigning true var ExampleRootCertBinary 308204A130820389A00302010202043E1CBD28300D06092A...

Страница 89: ...k a signature type Learn about approval and certification signatures so you know which to use 6 1 2 Signature Types A document can contain certification and or approval signatures Which signature type...

Страница 90: ...y invokes the Sign Document dialog 6 2 Signing With a Certification Signature Certifying a document enables the first signer attest to its contents and specify the types of changes permitted for the d...

Страница 91: ...4 of the PDF Reference manual Note that aside from when a signer is certifying Acrobat does not actively inform the user about the document s legal defensibility In any case a document s legal defens...

Страница 92: ...it allows the recipient to identify whether a document s problematic features content that could change the document appearance originated with the certifier or not More importantly this gives the re...

Страница 93: ...to Individual Form Fields 6 2 3 You can customize the way a certified document behaves for signers by giving form fields additional features with seed values For example you can preconfigure custom s...

Страница 94: ...e 15 Password Enter a password if the selected digital ID requires it Appearance Select an appearance or use the default one Reason If the application is configured to display the Reason for Signing D...

Страница 95: ...able to certify the document as is If not remove the problematic content and start over If the content is ok enter a Warnings Comment for the document recipient Select the default or enter a custom co...

Страница 96: ...en a document is ineligible for certification the certification user interface items are disabled In order to certify the document clear existing signatures remove the restrictions if you have permiss...

Страница 97: ...g 1 Review the text in the Document Message Bar at the top of the document 2 Choose View Report to invoke the PDF Signature Report dialog Acrobat checks to see if the document contains dynamic content...

Страница 98: ...or install a new digital ID now Password Enter a password if the selected digital ID requires it Appearance Select an appearance or use the default one Reason If the application is configured to disp...

Страница 99: ...deleting the signature in the following cases You cannot delete someone else s signature If the author of a signature field has marked it to become read only after it is signed it can only be cleared...

Страница 100: ...ms and the Warning Triangle on page 121 Save as 8 1 except that changes to document behavior are detected and invalidate an approval signature prior versions displayed a yellow triangle upon discovery...

Страница 101: ...document looked like at the signing point in time Only very limited changes are possible after a signature is applied At most form field values additional signatures and annotations can be changed or...

Страница 102: ...dation Document recipients should configure their environment to handle incoming documents in a way that enhances workflow efficiency or meets some business need While Adobe Acrobat and Adobe Reader p...

Страница 103: ...checking is automatic what time is associated with a validated signature and whether or not a status icon appears with the signature Figure 70 Signature verification preferences 3 Select the signatur...

Страница 104: ...ndows Certificate Store contains a store called Trusted Root Certificate Authorities that contains numerous root certificates issued by different certification authorities Certificates are root certif...

Страница 105: ...a specified policy constraint If the timestamp server returns a response that doesn t include a matching policy OID then the client would reject the timestamp and it s status would be invalid The use...

Страница 106: ...signing or that it has only changed in ways specifically permitted by the signer Signatures can be validated one at a time or all at once Before validating a signature it is a good idea to understand...

Страница 107: ...alidated simultaneously This feature is particularly useful if the auto validate option has been turned off To validate all signatures 1 Choose Advanced Sign Certify Validate All Signatures 2 If a dia...

Страница 108: ...Choose the Summary tab Figure 75 Figure 75 Signature Properties Summary 3 Choose Show Certificate Adding an unverified digital ID certificate to the trusted identity list could pose a security threat...

Страница 109: ...sted Identities 7 When asked if the certificate should be trusted choose OK Figure 77 Trusting certificate from a document warning 8 When the Import Contact Settings dialog appears configure its trust...

Страница 110: ...101 7 3 6 Validating Signature Timestamps If you know a signature is timestamped or your workflow requires timestamps read the following sections At a high level the rules are as follows You can confi...

Страница 111: ...which you check to see if the timestamp was applied and that its certificate is valid In order to validate a timestamp you need to manually verify The timestamp was applied If a timestamp fails for so...

Страница 112: ...ns with the end entity and once it reaches a trusted root revocation checking stops 6 Choose Add to Trusted Identities 7 When asked if the certificate should be trusted from within the document choose...

Страница 113: ...nature validity state has not been checked Invalid signatures either have an invalid certificate or the document has changed in ways specifically prohibited by the author 7 4 2 Document Status Definit...

Страница 114: ...Acrobat 9 Family of Products Validating Signatures Security Feature User Guide Document Status Definitions 114 7 4 2 1 Signature status cheat sheet...

Страница 115: ...ject the document as insecure 7 5 1 Troubleshooting an Identity Problem If the signature status or overall document status indicates that there is a problem with verifying the authenticity of the sign...

Страница 116: ...Certificates on page 118 Checking Certificate Revocation Status on page 119 Exporting a Certificate Other than Yours to a File on page 120 7 5 1 1 Troubleshooting Digital ID Certificates Someone becom...

Страница 117: ...cription of the certificate path validity statement path validation time and sometimes the type of validation Summary tab Owner issuer validity period intended usage An Export button allow users to ex...

Страница 118: ...them trusted identity list To verify the origin of the certificate 1 Display the certificate in the Certificate Viewer If the certificate is embedded in a signature right click on the signature choos...

Страница 119: ...s and so on For details see Certificate Trust Settings on page 35 7 5 1 4 Checking Certificate Revocation Status Only the certificate issuer a certificate authority has the right to revoke a certifica...

Страница 120: ...e or save it to a file as described in Exporting Your Certificate on page 158 7 5 2 Troubleshooting a Document Integrity Problem If the signature status or overall document status indicates that there...

Страница 121: ...npoint the problem or you need help with some of the steps above read the following Troubleshooting Digital ID Certificates on page 116 7 5 2 1 LiveCycle Dynamic Forms and the Warning Triangle Documen...

Страница 122: ...ning Modifications on page 122 Comparing a Signed Version to the Current Version on page 123 7 5 2 3 Viewing a List of Post Signing Modifications Because it is possible to change a document without ch...

Страница 123: ...e review the highlighted areas to review what was changed This method compares the two versions page by page Compare completes by opening a temporary document that summarizes the differences The first...

Страница 124: ...a document behaves on your desktop could be the result of one or more factors How the document was authored Were restrictions or requirements placed on the signature fields How a document was signed...

Страница 125: ...s by default For details see Certificate Trust Settings on page 35 7 6 2 Certifying a Document is Prevented Only one certification signature is allowed in a document therefore it must be the first one...

Страница 126: ...eview mode or warnings are reviewed analyzing the result to determine if a document should be trusted Tip There is only a loose correlation between signature or document status and the information dis...

Страница 127: ...hoose View Signed Version View Signed Version is essentially a rollback feature that enables the signature validator to view the document version as ut was at the point in time when it was signed 3 Ch...

Страница 128: ...not the author contact the author for additional information Figure 91 PDF Signature Report Content which cannot be suppressed in preview mode Content preview mode can suppress Preview mode can suppre...

Страница 129: ...g Dynamic features Presentations user launched multimedia JavaScript dynamic forms and so on PDF content with variable rendering JavaScript non embedded fonts and so on External content Hyperlinks alt...

Страница 130: ...s not available in standard Acrobat installations For example the document may be protected by the Adobe Policy Server Document contain streams encrypted using crypt filter Page content may silently c...

Страница 131: ...or printing Form XObject must not contain an OPI alternate version Table 16 Uncategorized warnings String Code Description Unrecognized PDF content 4000 Unrecognized PDF content The document contains...

Страница 132: ...ed location These behaviors include silent printing cross domain access external stream access and internet access and script and data injection For example if a PDF from your company has an embedded...

Страница 133: ...y to transport data and that turning on enhanced security will impair FDF s ability to do that External streams access Access to external XObjects that is references to objects such as images that res...

Страница 134: ...e FDF functionality unless those FDF files originate from a specifically privileged file folder or server Table 17 lists the high level rules defining FDF behavior Tip If you need to configure your en...

Страница 135: ...ting to a different PDF which needs to get loaded everything is happening in the browser The FDF data gets injected into the second PDF Same as above except it all happens in the Acrobat rather than i...

Страница 136: ...in the Multimedia Trust panel one for documents that are trusted and one for documents that are not In order to understand multimedia behavior then you need to know whether or not a document is trust...

Страница 137: ...rences for trusted documents and other documents To configure multimedia preferences 1 Open the Multimedia Trust Manager Acrobat and Adobe Reader Windows Edit Preferences Multimedia Trust Acrobat and...

Страница 138: ...ent and the security of the workflow before enabling dynamic content Whether dynamic content executes in certified documents based on the Trusted Document or Other Document settings depends on two ite...

Страница 139: ...u event is no longer privileged You can execute security restricted methods through menu events in one of the following ways By going to Edit Preferences JavaScript and checking the item named Enable...

Страница 140: ...to application users These certificates allow you to validate signatures that are signed with certificates that chain up to those trusted certificates In other words you can validate those signatures...

Страница 141: ...s However Table 4 File types on the white list These can be attached and may be opened or saved if the file extension is associated with the requisite program File types on the black list These can be...

Страница 142: ...mpressed Archive hta Hypertext Application inf Information or Setup file ini Initialization Configuration file ins IIS Internet Communications Settings Microsoft isp IIS Internet Service Provider Sett...

Страница 143: ...le pcd Visual Test Microsoft pkg Mac OS X Installer Package pif Windows Program Information file Microsoft prf Windows System file prg Program file pst MS Exchange Address Book file Outlook Personal F...

Страница 144: ...etting the Black and White Lists Because the registry list could grow over time and users do not have direct access to the lists through the user interface resetting the list to its original state may...

Страница 145: ...chment can be opened Unchecked Clicking or opening an attachment will never result in launching it s associated viewing application Use this option if a higher level of security is needed 9 6 Controll...

Страница 146: ...he Internet Tip This feature interacts with the new Security Enhanced preference feature URLs that are set as privileged locations are exempt from enhanced security restrictions even if enhanced secur...

Страница 147: ...products maintain a white and black list of URLs called the Trust List Users can specify whether or not URL access is allowed on a global or per URL basis For URLs that aren t explicitly trusted or bl...

Страница 148: ...egories panel 3 Choose Change Settings in the Internet Access panel 4 Choose Let me specify a list of allowed and blocked web sites 5 Configure the black and white lists Add a URL to the URL fields an...

Страница 149: ...rypted Files can be used to backup and restore settings to distribute settings in a workgroup or enterprise and to send specific information to another user Sharing Settings Certificates with FDF FDF...

Страница 150: ...encryption method Encrypting the file ensures that the settings can t be viewed by anyone other than the intended recipients Figure 109 Security settings Encryption method 7 Follow the dialog instruc...

Страница 151: ...are the same Details about each individual setting are found in the FDF section as well as elsewhere in this document Caution The settings in the imported file will overwrite your current settings Be...

Страница 152: ...s Security 2 Check Load security settings from a server 3 Enter the server address in the URL field 4 Select a signing certificate if any The acrobatsecurity file will be signed with a certified signa...

Страница 153: ...ments for a number of people in her organization An administrator sends her an FDF file that contains a large group of contacts When Alice opens the FDF file she is walked through the FDF Data Exchang...

Страница 154: ...ew security feature that when turned on disables some FDF functionality unless those FDF files originate from a specifically privileged file folder or server The new feature is called Enhanced Securit...

Страница 155: ...ng an FDF file 10 2 2 1 Distributing a Trust Anchor or Trust Root Distributing a trusted certificate from Acrobat involves wrapping one or more certificates in an FDF file and making it available to o...

Страница 156: ...t is absolutely trusted by you or your organization It also allows users to trust other certificates that chain up to the same root The trust anchor is often an ICA for example since if the root is is...

Страница 157: ...configured your identity details this screen may not appear For details see Setting Identity Information on page 14 10 Do not sign if the certificate you use to sign uses the same trust anchor or you...

Страница 158: ...y need to manually set the imported certificate s trust level When distributing a trusted root in a signed file that the FDF recipient can validate set the certificate trust level 1 Choose Advanced Ac...

Страница 159: ...Export on the Summary tab 10 2 2 4 Emailing Your Certificate If you do not have an email program on your machine save the data to a file as described in Saving Your Digital ID Certificate to a File o...

Страница 160: ...o a file 1 Choose Advanced Acrobat or Document Adobe Reader Security Settings 2 Select Digital IDs in the left hand tree 3 Highlight an ID in the list on the right 4 Choose Export 5 Choose Save the ex...

Страница 161: ...2 Choose Request Contact Figure 119 Emailing a certificate request 3 Confirm or enter your identity so that the recipient can identify you The identity panel is prepopulated if the information has be...

Страница 162: ...ave and then choose OK Tell the intended recipient s where to find the file 10 2 2 7 Emailing Server Details Adobe LiveCycle Rights Management Server directory server roaming credential server and tim...

Страница 163: ...mplete the signing workflow Figure 133 Sign FDF files so that recipients of the file can easily trust the file and its contents 8 Choose Next 9 Enter the email information Figure 124 Digital ID Direct...

Страница 164: ...ettings with FDF Files There are several ways to import Acrobat and Adobe Reader data from an FDF file By choosing File Open Double clicking on an FDF file fdf Tip The first two options above automati...

Страница 165: ...te Figure 125 Emailing your certificate 3 Choose a digital ID from the list of existing digital IDs Note If you do not have a digital ID or choose Cancel an alert appears that says A certificate was n...

Страница 166: ...porting this information ahead of time enables you to configure your trusted identities list before needing to validate a signature or encrypt a document for someone To add someone s certificate to yo...

Страница 167: ...ertificates You can use an FDF file to import multiple certificates or a company wide address book into your list of trusted identities This enables you to encrypt a document using the public key of t...

Страница 168: ...your list of trusted identities To do so choose Signature Properties Show Certificate select the Trust tab and choose Add to Trusted Identities If the checkbox is selected all contacts associated with...

Страница 169: ...e Security Settings user interface or simply by double clicking on the FDF file containing the data To import the server settings 1 Locate the FDF file find the file in an email or on the local file s...

Страница 170: ...ere is more than one server and you do not want to import all of them highlight those that should not be imported and select Remove 4 Choose Import A dialog appears asking if the first or only server...

Страница 171: ...file system and double click on it The FDF can also be imported through the Security Settings Console by choosing Advanced Acrobat or Document Adobe Reader Security Settings selecting Directory Serve...

Страница 172: ...nd the file in an email or on the local file system and double click on it The FDF can also be imported through the Security Settings Console by choosing Advanced Acrobat or Document Adobe Reader Secu...

Страница 173: ...up user machines or export the configuration details to an FDF file which is emailed or made available on a network In the latter case you can import the server settings through the Security Settings...

Страница 174: ...and URL 5 Choose Next 6 Enter a user name and password Tip The topmost portion of this dialog is customizable and server dependant The fields will remain the same but the branding will vary Figure 138...

Страница 175: ...following methods Click on the FDF file It may be an email attachment or a file on a network or your local system In Acrobat or Adobe Reader choose File Open browse to the FDF file and choose Open No...

Страница 176: ...one will also be trusted for signing At least one certificate in the chain and preferably only one must be a trusted root trust anchor to validate signatures and timestamps Tip There is no need to mak...

Страница 177: ...t Options on page 139 Privileged system operations networking printing file access etc Some operations represent a security risk more serious than others Acrobat considers the following operations pot...

Страница 178: ...ital ID A digital ID issued by a certified document services provider CDS digital ID certificate See CDS digital ID certificate authority CA An entity that issues trusted roots certificates That part...

Страница 179: ...ipt that exists within a document rather than that which is executed from the JavaScript Console or through a batch process embedded validation response Information from the digital ID issuer that was...

Страница 180: ...gistered by the Windows OS If you double click on a p7c file it will be viewed by a Windows application Policy Server As of Acrobat 9 Adobe Policy Server is renamed to Adobe LiveCycle Rights Managemen...

Страница 181: ...d of the time clock of the computer that is used to apply the digital signature trust anchor A certificate in a certificate chain that is trusted for selected operations It could be an intermediate ce...

Страница 182: ...2 lzh 142 mad 142 maf 142 mag 142 mam 142 maq 142 mar 142 mas 142 mat 142 mau 143 mav 143 maw 143 mda 143 mde 143 mdt 143 mdw 143 mdz 143 msc 143 msi 143 msp 143 mst 143 ocx 143 ops 143 p12 178 p7b 17...

Страница 183: ...tity List 32 Adobe Profile Files 178 Adobe Trusted Identity Updates 140 ALCRMS 178 Allowing and Blocking Specific Web Sites 147 Allowing Attachments to Launch Applications 145 Allowing Signing Reason...

Страница 184: ...ure Field 57 Creating a Custom Signature 52 Creating a Custom Signature Appearance 53 Creating a Custom Watermark or Background 52 Creating a Self Signed Digital ID 22 Creating Multiple Copies of a Si...

Страница 185: ...tails 163 Exporting Your Certificate 158 External connection warning 148 External Content 131 External Content and Document Security 132 External streams access 133 F FDF Files and Security 154 filter...

Страница 186: ...ge Trusted Identities menu item 32 Managing Certificate Trust and Trusted Identities 30 Managing Contacts 42 Managing PKCS 12 Digital ID Files 19 Managing Windows Digital IDs 26 Manually Configuring a...

Страница 187: ...hod 180 Security setting import Success dialog 152 Security Setting Import and Export 149 Security setting preferences for server import 152 Security settings Document message bar 151 Encryption metho...

Страница 188: ...ue 77 Timestamps Date Time tab 111 Entering server details 56 Importing a server 170 Importing server details from an FDF file 170 Local machine time 55 110 Trusted stamp 55 111 Untrusted stamp 55 111...

Страница 189: ...and 143 Windows Help file 142 Windows Installer file Microsoft 143 Windows Installer Patch 143 Windows Program Information file Microsoft 143 Windows Screen Saver 143 Windows Script Component 144 Wind...

Отзывы:

Нет отзывов