Adobe 22002484 Security Guide

Adobe 22002484 Manual

Get Adobe 22002484 PDF manuals and user guides View all Adobe 22002484 manuals
Add to My Manuals
Save this manual to your list of manuals

Adobe 22002484 manual content summary:

  • Adobe 22002484 | Security Guide - Page 1
    bc PDF Creation Date: August 4, 2008 Document Security User Guide for Acrobat 9.0 and Adobe Reader 9.0 Acrobat® and Adobe® Reader® Version 9.0
  • Adobe 22002484 | Security Guide - Page 2
    Systems Incorporated. All rights reserved. Document Security User Guide for Adobe® Acrobat 9.0 and Adobe® Reader 9.0 on Windows® and Macintosh®. If this guide is distributed with software that includes an end user agreement, this guide, as well as the software described in it, is furnished under
  • Adobe 22002484 | Security Guide - Page 3
    Should You Use This Guide? ...8 1.4 Roadmap to Security Documentation 8 2 Getting and Using Your Digital ID 10 2.1 Digital ID Basics...10 2.1.1 What is a Digital ID? ...10 2.1.2 Digital ID Storage Mechanisms ...11 2.1.3 Registering a Digital ID for Use in Acrobat...12 2.1.4 Digital ID Management
  • Adobe 22002484 | Security Guide - Page 4
    Acrobat 8 Family of Products Security Feature User Guide 4 3.2.4 Searching for Digital ID Certificates...34 3.3 Certificate Trust Settings... 40 3.4 Using Directory Servers to Add Trusted Identities 40 3.4.1 Manually Configuring a Directory Server...41 3.4.2 Editing Directory Servers Details ...
  • Adobe 22002484 | Security Guide - Page 5
    Acrobat 8 Family of Products Security Feature User Guide 5 5.1.1 Creating a Reusable Settings Import 91 7.1.3 Configuring ALCRMS Settings Manually...91 7.1.4 Managing your ALCRMS Account ...92 Javascript and Certified Documents...102 8.4 Adobe Trusted Identity Updates 103 8.5 Working with
  • Adobe 22002484 | Security Guide - Page 6
    Acrobat 8 Family of Products Security Feature User Guide 6 8.5.2 Adding Files to the Black and White Lists...107 8.5.3 Resetting the Settings 132 9.2.3.5 Importing Directory Server Settings...134 9.2.3.6 Importing Adobe LiveCycle Rights Management Server Settings 135 9.2.3.7 Importing Roaming ID
  • Adobe 22002484 | Security Guide - Page 7
    and use the application user interface. Because system administrators may be responsible for deploying and supporting the Adobe Acrobat family of products (including Adobe Reader) in document security workflows, leverage this guide to help your clients use the product correctly and effectively. This
  • Adobe 22002484 | Security Guide - Page 8
    Acrobat Family of Products Security Feature User Guide Getting Started How Should You Use This Guide? 8 1.3 How Should You Use This Guide instructions reader PDF documents. They read specifications and API documents to figure out how to solve real-world enterprise problems without requiring manual
  • Adobe 22002484 | Security Guide - Page 9
    For information about A guide to the documentation in the Adobe Acrobat SDK. Acrobat and PDF Library API Reference Developers A description of the APIs for Acrobat and Adobe Reader® plug-ins, as well as for PDF Library applications. JavaScript for Acrobat API Reference Developers A listing
  • Adobe 22002484 | Security Guide - Page 10
    one key can only be decrypted by the other corresponding key. When you sign PDF documents, you use the private key to apply your digital signature. You distribute or on a signing server (for roaming IDs). Acrobat applications include a default signature handler that can access digital IDs from any
  • Adobe 22002484 | Security Guide - Page 11
    Acrobat Family of Products Security Feature User Guide via digital ID service providers (sometimes called Cryptographic Service Providers or CSPs). A service provider is simply by Adobe applications and other Windows applications and the Acrobat store which is used only by the Acrobat family
  • Adobe 22002484 | Security Guide - Page 12
    Guide Getting and Using Your Digital ID Registering a Digital ID for Use in Acrobat 5.x .acrobat security An XML format encapsulated in a PDF which stores .fdf An Adobe file data exchange use. To do so, choose Advanced (Acrobat) or Document (Reader) > Security Settings, selecting Digital IDs in
  • Adobe 22002484 | Security Guide - Page 13
    . .apf is not supported in 9.0. You must use Acrobat 8.x or earlier to use this type of ID. 2.1.4 Digital ID Management and the Security Settings Console The Security Settings Console enables users to manage their own digital IDs. Choosing Advanced (Acrobat) or Document (Reader) > Security Settings
  • Adobe 22002484 | Security Guide - Page 14
    Acrobat Family of Products Security Feature User Guide Getting and Using Your Digital ID Generic ID Operations 14  Adobe Reader (Windows): Edit > Preferences > Identity  Adobe Reader (Macintosh): Adobe Reader > Preferences > Identity 2. Configure the identity details. These details will appear
  • Adobe 22002484 | Security Guide - Page 15
    Family of Products Security Feature User Guide Getting and Using Your Digital ID Sharing (Exporting) a Digital ID Certificate 15 1. Choose Advanced (Acrobat) or Document (Reader) > Security Settings. 2. Select Digital IDs in the left-hand tree (Figure 2.2.1). 3. Highlight an ID in the list on
  • Adobe 22002484 | Security Guide - Page 16
    Acrobat Family of Products Security Feature User Guide Getting and Using Your Digital ID Customizing a Digital you are asked to select an ID. To provide a friendly name: 1. Choose Advanced (Acrobat) or Document (Reader) > Security Settings. 2. Select Digital IDs in the left-hand tree (Figure 4). 3.
  • Adobe 22002484 | Security Guide - Page 17
    Acrobat Family of Products Security Feature User Guide Getting and Using Your Digital ID Managing PKCS#12 Digital ID whether a revocation check occurred and the result. Allows users to initiate a manual check and analyze problems.  Trust tab: Displays the certificate's trust level. If it does not
  • Adobe 22002484 | Security Guide - Page 18
    compatible files (with .cer and .der extensions). Note: In enterprise settings, you may be instructed by your administrator to get a digital ID from a specific location or to customize Acrobat or Adobe Reader to work with software supplied by your organization. To find a digital ID file: 1. Choose
  • Adobe 22002484 | Security Guide - Page 19
    if one is required. 9. Review the digital ID list and choose Finish. 2.3.3 Adding and Removing Digital ID Files from the File List Adobe Acrobat and Adobe Reader only allow deletion of user-created self-signed digital IDs created with those applications. A file can have one or more IDs. To delete
  • Adobe 22002484 | Security Guide - Page 20
    Acrobat Family of Products Security Feature User Guide Getting and Using Your Digital ID Changing a PKCS Password Timeout options are disabled. To change the password timeout: 1. Choose Advanced (Acrobat) or Document (Reader) > Security Settings. 2. Highlight Digital ID Files in the left-hand tree
  • Adobe 22002484 | Security Guide - Page 21
    Acrobat Family of Products Security Feature User Guide Figure 11 Digital ID files: Timeout settings automatically and bypass normal user interface actions, do the following: 1. Choose Advanced (Acrobat) or Document (Reader) > Security Settings. 2. Select Digital ID Files in the left-hand tree (
  • Adobe 22002484 | Security Guide - Page 22
    Acrobat Family of Products Security Feature User Guide and always password protected. This common format is supported by most security software applications, including web browsers. is C:\Documents and Settings\ \Application Data\Adobe\\\Security\ .  Windows
  • Adobe 22002484 | Security Guide - Page 23
    Guide Figure 13 Digital ID: Configuration Getting and Using Your Digital ID Creating a Self-Signed Digital ID 23 6. Configure the digital ID. The dialog is prepopulated if the Identity preferences have been previously configured: Tip: If you use non-Roman characters, choose Enable Unicode Support
  • Adobe 22002484 | Security Guide - Page 24
    Family of Products Security Feature User Guide Figure 14 Digital ID: PKCS#12 location and password Getting and Using Your Digital ID Deleting a PKCS#12 Digital ID 24 2.3.8 Deleting a PKCS#12 Digital ID Adobe Acrobat and Adobe Reader only allow deletion of user-created, self-signed digital IDs
  • Adobe 22002484 | Security Guide - Page 25
    Guide Getting and Using Your Digital ID Managing Windows Digital IDs 25 2.4 Managing Windows Digital IDs For the Acrobat family of products, a "Windows digital ID" is an ID that resides in the Windows certificate store rather than the Acrobat store. Windows supports as Acrobat and Adobe Reader.
  • Adobe 22002484 | Security Guide - Page 26
    Acrobat Family of Products Security Feature User Guide 12 File" on page 18.  Choose Advanced (Acrobat) or Document (Reader) > Security Settings. Then expand the left-hand tree Choose Next. 10. Your certificate(s) will be automatically downloaded. Review the digital ID list and choose Finish. 2.5.2
  • Adobe 22002484 | Security Guide - Page 27
    Acrobat) or Document (Reader) > Security Settings. 2. Expand the left-hand tree to Roaming ID Accounts (Figure 17). 3. Select an account in the right-hand panel. 4. Choose Login. 5. Follow the instructions a smart card reader or the token is inserted directly into an USB port. Adobe products can be
  • Adobe 22002484 | Security Guide - Page 28
    Acrobat Family of Products Security Feature User Guide 3. Highlight PKCS#11 Modules and Tokens. Figure 18 PKCS#11 Security Settings menu items Getting and Using Your Digital ID Changing Passwords 28 4. Choose Add
  • Adobe 22002484 | Security Guide - Page 29
    Acrobat Family of Products Security Feature User Guide 6. Enter a new password and confirm it. 7. Choose The login interface may be provided by the Adobe application or by the device supplier. To log in to a device: 1. Choose Advanced (Acrobat) or Document (Reader) > Security Settings. 2. Expand the
  • Adobe 22002484 | Security Guide - Page 30
    owner's signature. Understanding what a trusted identity is and how trust levels are set can help you set up streamlined workflows and troubleshoot problems. For example, you can add trusted identities ahead of time and individually set each certificate's trust settings. In enterprise settings where
  • Adobe 22002484 | Security Guide - Page 31
    of Products Security Feature User Guide Managing Certificate Trust and Trusted Identities What is a Trusted Identity? 31 The Acrobat family of products provide tools for selecting and interacting with the certificates of document recipients you trust. For example, Acrobat's user interface prompts
  • Adobe 22002484 | Security Guide - Page 32
    Acrobat Family of Products Security Feature User Guide Managing Certificate Trust and Trusted Identities Adding action. Users manage contacts, groups, and certificates by choosing Advanced (Acrobat) or Document (Reader) > Manage Trusted Identities and opening the Trusted Identities Manager. Figure
  • Adobe 22002484 | Security Guide - Page 33
    Acrobat Family of Products Security Feature User Guide Managing Certificate Trust and Trusted Identities Requesting a From a File Acrobat and Adobe Reader are can export certificates to a file so that they can be shared as needed. To import certificates, follow the instructions described in "
  • Adobe 22002484 | Security Guide - Page 34
    Acrobat Family of Products Security Feature User Guide Figure 25 Importing digital ID data Managing Certificate is populated through three mechanisms:  The default server settings that ship with Adobe Acrobat and Adobe Reader.  The Windows Certificate Store if the user has turned on this option.
  • Adobe 22002484 | Security Guide - Page 35
    Guide Figure 26 Digital IDs: Searching for certificates Managing Certificate Trust and Trusted Identities Searching for Digital ID Certificates 35 To search for a certificate so that you can add one or more people to your trusted identities list: 1. Choose Advanced (Acrobat) or Document (Reader
  • Adobe 22002484 | Security Guide - Page 36
    Acrobat Family of Products Security Feature User Guide Figure 27 Searching for a document recipients Managing Certificate Trust and Trusted Identities Certificate Trust Settings 36 3.3 Certificate Trust Settings Contacts in the trusted identities list
  • Adobe 22002484 | Security Guide - Page 37
    Acrobat Family of Products Security Feature User Guide Managing Certificate Trust and Trusted Identities of the following:  If you already have the certificate: 1. Choose Advanced (Acrobat) or Document (Adobe Reader) > Manage Trusted Identities. 2. Choose Certificates in the Display drop down list.
  • Adobe 22002484 | Security Guide - Page 38
    Acrobat Family of Products Security Feature User Guide Managing Certificate Trust and Trusted Identities Setting Certificate Trust 38 2. On the Trust tab, select the trust options. In enterprise settings, an administrator should tell
  • Adobe 22002484 | Security Guide - Page 39
    Acrobat Family of Products Security Feature User Guide Managing Certificate Trust and Trusted Identities Setting the Edit Certificate Trust dialog is displayed; otherwise, choose Advanced (Acrobat) or Document (Reader) > Manage Trusted Identities. 2. Choose Certificates from the Display drop
  • Adobe 22002484 | Security Guide - Page 40
    Security User Guide. 3.4 Using Adobe Acrobat and Adobe Reader for Windows ship with default servers:  Versions 7.x:  VeriSign Internet Directory Service  GeoTrust Directory Service  IDtree Directory Service  Version 8.x and 9x:  VeriSign Internet Directory Service the server manually, or sends
  • Adobe 22002484 | Security Guide - Page 41
    details in a file as described in "Migrating and Sharing Security Settings" on page 112. To manually configure an identity directory: 1. Choose Advanced (Acrobat) or Document (Reader) > Security Settings. 2. Select Directory Servers in the left-hand list (Figure 32). 3. Choose New. 4. Configure
  • Adobe 22002484 | Security Guide - Page 42
    as described in "Manually Configuring a Directory Server" on page 41. 6. Choose OK. 3.4.3 Deleting a Directory Server Previously configured directory servers can be removed from the server list at any time. To delete a directory server: 1. Choose Advanced (Acrobat) or Document (Reader) > Security
  • Adobe 22002484 | Security Guide - Page 43
    may be specified so that it is always used when searching for digital IDs. To set default directory server: 1. Choose Advanced (Acrobat) or Document (Reader) > Security Settings. 2. Select Directory Servers in the left-hand list (Figure 32). 3. Select a directory server from the right-hand panel
  • Adobe 22002484 | Security Guide - Page 44
    Acrobat Family of Products Security Feature User Guide Figure 35 Contacts: Viewing details Managing Certificate Trust and Trusted Identities Emailing Certificate or Contact Data 44 3. Choose Details. Figure 36 Edit Contact dialog 4. Edit
  • Adobe 22002484 | Security Guide - Page 45
    Acrobat Family of Products Security Feature User Guide Managing Certificate Trust and Trusted Identities Associating a replace the old certificate association with a new one. 1. Choose Advanced (Acrobat) or Document (Reader) > Manage Trusted Identities. 2. Choose a contact in the left-hand
  • Adobe 22002484 | Security Guide - Page 46
    Acrobat Family of Products Security Feature User Guide Managing Certificate Trust and Trusted Identities imported. To delete a contact (and optionally a certificate): 1. Choose Advanced (Acrobat) or Document (Reader) > Manage Trusted Identities. 2. Choose Contacts from the Display drop-down list.
  • Adobe 22002484 | Security Guide - Page 47
    of Products Security Feature User Guide Figure 39 Contacts: Deleting Managing Certificate Trust and Trusted Identities Deleting Contacts and Certificates 47 Deleting a Certificate To delete a certificate: 1. Choose Advanced (Acrobat) or Document (Reader) > Manage Trusted Identities. 2. Choose
  • Adobe 22002484 | Security Guide - Page 48
    , printing, and other features to only those users that have the required password, a digital ID, or access to an Adobe LiveCycle Rights Management Server. Acrobat's default security methods not only protect document content from unauthorized access, but also allow users to specify encryption levels
  • Adobe 22002484 | Security Guide - Page 49
    Acrobat Family of Products Security Feature User Guide Document Security Basics Choosing a Security Method Type 49 to different users whose identities can be verified and managed. Supported by Acrobat 6.0 and later.  Adobe LiveCycle Rights Management Server security: These policies are stored on
  • Adobe 22002484 | Security Guide - Page 50
    Feature User Guide Document Security Basics Security Policies 50 Table 5 Security method pros and cons Method Pros Cons Password Backward-compatible to Acrobat 3.0 for certain encryption levels. Simple and easily understood. Share documents by sharing the password. Supports passwords for
  • Adobe 22002484 | Security Guide - Page 51
    Acrobat Family of Products Security Feature User Guide Document Security Basics Security Methods and Encryption 51 your need for a specific security level and support for backward compatibility:  All contents: Encrypts the document and its metadata (Acrobat 3 and later).  All contents except
  • Adobe 22002484 | Security Guide - Page 52
    Guide Document Security Basics Security Methods and Permissions 52  128-bit RC4 is compatible with Acrobat 6.0 and later as well as other non-Adobe and Adobe PDF All contents, all but metadata, attachments. only attachments. Dropped support for .apf files. Algorithms: 128 and 256 bit AES
  • Adobe 22002484 | Security Guide - Page 53
    Acrobat Family of Products Security Feature User Guide Figure 43 Permissions panel Document Security Basics Security provide the following options: Note: Adobe products enforce permissions restrictions. However, not all third-party products fully support and respect these permissions. Ecryption and
  • Adobe 22002484 | Security Guide - Page 54
    Acrobat Family of Products Security Feature User Guide Document Security Basics Associating Batch Processing with a Security to assistive technology devices such as screen readers. It also lets utilities that need access to the contents of a PDF file, such as Acrobat Catalog, get to those contents.
  • Adobe 22002484 | Security Guide - Page 55
    Acrobat Family of Products Security Feature User Guide Figure 44 Security methods for batch processing Restrictions" on page 56. To view a document's encryption settings: 1. Choose Advanced (Acrobat) or Document (Reader) > Security > Show Security Properties. Tip: You can also choose File >
  • Adobe 22002484 | Security Guide - Page 56
    Acrobat Family of Products Security Feature User Guide Figure 46 Document security settings: Certificate security view the document restrictions summary in the Document Properties dialog, choose Advanced (Acrobat) or Document (Reader) > Security > Show Security Properties. Tip: You can also choose
  • Adobe 22002484 | Security Guide - Page 57
    Acrobat Family of Products Security Feature User Guide Figure 48 Document Property dialog Document Security Basics Viewing Security Settings in a Browser 57 4.2.3 Viewing Security Settings in a Browser To view document security settings in a
  • Adobe 22002484 | Security Guide - Page 58
    Acrobat Family of Products Security Feature User Guide Document Security Basics Editing Security Method Settings 58 Note: New settings do not appear in the user interface until the document is closed and reopened. 3.
  • Adobe 22002484 | Security Guide - Page 59
    Acrobat Family of Products Security Feature User Guide with any version of Acrobat. However, specific policy settings may not be supported for documents created with User password and certificate policies are stored locally while Adobe LiveCycle Rights Management Server policies are stored on the
  • Adobe 22002484 | Security Guide - Page 60
    Acrobat Family of Products Security Feature User Guide Document Security Basics Creating Security Policies with Policy Manager 60 4.3.1 Creating Security Policies with Policy Manager Policies can be created ahead of time or during
  • Adobe 22002484 | Security Guide - Page 61
    Acrobat Family of Products Security Feature User Guide Document Security Basics Viewing a Security Policy 61 1. Choose Advanced > Security > Secure this Document. 2. Highlight a policy. 3. Choose Apply to Document. 4. Save the document. Tip: If a policy
  • Adobe 22002484 | Security Guide - Page 62
    Acrobat Family of Products Security Feature User Guide Document Security Basics Making a Security Policy Favorite 62 4. Change the policy's settings as described in one of the following sections:  Chapter 5, "Password Security"  Chapter 6, "Certificate
  • Adobe 22002484 | Security Guide - Page 63
    Acrobat Family of Products Security Feature User Guide To delete a security policy: 1. Choose Advanced > Security > Manage Security Policies ( saved. For example, suppose that you want to send several documents, including non-PDF documents, to your accountant, but you don't want anyone else to view
  • Adobe 22002484 | Security Guide - Page 64
    Acrobat Family of Products Security Feature User Guide Document Security Basics Envelopes 64 Embed file attachments policies (or create a new policy if needed). Tip: Follow the on-screen instructions to complete the security envelope. If prompted, provide your identity information. 10. Choose
  • Adobe 22002484 | Security Guide - Page 65
    5 Password Security Acrobat users can perform any task in this section. Adobe Reader users can only view encrypted documents and security encryption levels may also be set to be backward-compatible to Acrobat 3.0. Note: Password security is unavailable if your administrator has configured your
  • Adobe 22002484 | Security Guide - Page 66
    Acrobat Family of Products Security Feature User Guide Password Security Creating Password Security Settings 66 can save the password with the policy so that it's automatically used, or you can have Acrobat prompt you for the policy each time you apply it. Figure 56 Security policy: General settings
  • Adobe 22002484 | Security Guide - Page 67
    Family of Products Security Feature User Guide Password Security Creating a Reusable Password Security Policy 67 1. Compatibility: The compatibility options determine what encryption options will be available. Compatibility with earlier versions of Acrobat may mean all document contents will
  • Adobe 22002484 | Security Guide - Page 68
    could do. Caution: Adobe products enforce permissions restrictions. However, not all third-party products fully support and respect these permissions devices such as screen readers. It also lets utilities that need access to the contents of a PDF file, such as Acrobat Catalog, get to those
  • Adobe 22002484 | Security Guide - Page 69
    Acrobat Family of Products Security Feature User Guide Password Security Creating Password Security for One-Time only encrypting the file attachments is available as well as all of the previous options.  Acrobat 9.0 and later: Encryption uses the 256-bit AES algorithm. When selected, the option of
  • Adobe 22002484 | Security Guide - Page 70
    Acrobat Family of Products Security Feature User Guide Figure 58 Encryption configuration panel Password it that the author could do. Note: Adobe products enforce permissions restrictions. However, not all third-party products fully support and respect these permissions. Ecryption and therefore
  • Adobe 22002484 | Security Guide - Page 71
    Acrobat Family of Products Security Feature User Guide Password Security Creating Password Security for One-Time Use to assistive technology devices such as screen readers. It also lets utilities that need access to the contents of a PDF file, such as Acrobat Catalog, get to those contents. This
  • Adobe 22002484 | Security Guide - Page 72
    Acrobat Family of Products Security Feature User Guide Password Security Opening a Password-Protected Document 72 5.2 Opening a Password-Protected Document You must know the Document Open or Permissions password to open the document. To
  • Adobe 22002484 | Security Guide - Page 73
    Acrobat Family of Products Security Feature User Guide Password Security Password Recovery 73 5.5 Password Recovery Caution: There is no way to recover a lost password from a document. Keep a backup copy that is not password-protected.
  • Adobe 22002484 | Security Guide - Page 74
    6 Certificate Security Acrobat users can perform any task in this section. Adobe Reader users can only view encrypted documents and not for specialized workflows, and so on. Where secure PDFs do not have to be compatible with Acrobat versions prior to 6.0, certificate security has several advantages
  • Adobe 22002484 | Security Guide - Page 75
    Guide Certificate Security Setting up the Certificate Security Environment 75 6.1 Setting up the Certificate Security Environment If you're going to use certificate security, consider doing the following:  Configuring Acrobat path. Once the option is manually turned on, the Windows store will
  • Adobe 22002484 | Security Guide - Page 76
    Acrobat Family of Products Security Feature User Guide Figure 62 Windows integration Certificate Security Selecting a should be associated with at least one certificate. If there is only one certificate, Acrobat automatically selects it as the one to use for encryption. If more than one certificate
  • Adobe 22002484 | Security Guide - Page 77
    Acrobat Family of Products Security Feature User Guide Figure 63 Choosing a certificate for encryption Certificate Security Working with Groups of Contacts 77 6.2 Working with Groups of Contacts Contacts can be added to a group
  • Adobe 22002484 | Security Guide - Page 78
    Acrobat Family of Products Security Feature User Guide Certificate Security Deleting a Group 78 3. Add or remove a contact:  Adding a contact: Choose Add, select a contact from the contact list, and choose OK twice.  Removing a contact:
  • Adobe 22002484 | Security Guide - Page 79
    Acrobat Family of Products Security Feature User Guide Certificate Security Creating a Reusable Certificate Security Policy 79 1. Choose Advanced metadata of encrypted documents, thereby making that data searchable (compatible with Acrobat 6 and later).  Only file attachments: Allows full access
  • Adobe 22002484 | Security Guide - Page 80
    Family of Products Security Feature User Guide Certificate Security Creating a Reusable Certificate Security Policy 80  128-bit RC4: Compatible with Acrobat 6.0 and later as well as other non-Adobe and Adobe PDF clients such as Ghostscript and Apple Preview that have not implemented AES. RC4
  • Adobe 22002484 | Security Guide - Page 81
    Acrobat Family of Products Security Feature User Guide Certificate Security Creating a Reusable Certificate Security Policy and security settings. Caution: Adobe products enforce permissions restrictions. However, not all third-party products fully support and respect these permissions. Encryption
  • Adobe 22002484 | Security Guide - Page 82
    Acrobat Family of Products Security Feature User Guide vector output to PostScript and other printers that support advanced high-quality printing features. 2. Changes Allowed such as screen readers. It also lets utilities that need access to the contents of a PDF file, such as Acrobat Catalog, get
  • Adobe 22002484 | Security Guide - Page 83
    Acrobat Family of Products Security Feature User Guide Certificate Security Creating Certificate Security for the Current Document to Encrypt panel: Note: Adobe products enforce permissions restrictions. However, not all third-party products fully support and respect these permissions. Encryption
  • Adobe 22002484 | Security Guide - Page 84
    screen readers. This option doesn't allow users to copy or extract the document's contents. This option is only available if a high encryption level is selected. 5. Choose the encryption algorithm:  128-bit RC4: Compatible with Acrobat 6.0 and later as well as other non-Adobe and Adobe PDF clients
  • Adobe 22002484 | Security Guide - Page 85
    Acrobat Family of Products Security Feature User Guide Certificate Security Creating Certificate Security for the Current Document 85 Figure 70 Choosing a digital ID for certificate security 8. If you have more than one digital
  • Adobe 22002484 | Security Guide - Page 86
    Acrobat Family of Products Security Feature User Guide Certificate Security Creating Certificate Security for the document and security settings. Note: Adobe products enforce permissions restrictions. However, not all third-party products fully support and respect these permissions. Encryption and
  • Adobe 22002484 | Security Guide - Page 87
    Acrobat Family of Products Security Feature User Guide Certificate Security Applying a Certificate Security Policy 87 2. to assistive technology devices such as screen readers. It also lets utilities that need access to the contents of a PDF file, such as Acrobat Catalog, get to those contents.
  • Adobe 22002484 | Security Guide - Page 88
    Acrobat Family of Products Security Feature User Guide Certificate Security Opening a Certificate-Protected Document 88 1. Configure certificate security as described in "Creating Certificate Security Settings" on page 78. When you are prompted to
  • Adobe 22002484 | Security Guide - Page 89
    Acrobat Family of Products Security Feature User Guide Certificate Security Opening a Certificate-Protected Document 89 Figure 73 Opening an encrypted document: With certificate security
  • Adobe 22002484 | Security Guide - Page 90
    information on configuring your application to use an Adobe LiveCycle Rights Management Server, log in to or the end user can do it manually. Server settings can also be sent via policy server generates a license and an encryption key. Acrobat embeds the license in the document and encrypts it
  • Adobe 22002484 | Security Guide - Page 91
    administrators instructions. For more information, see "Enhanced Security" on page 95. 7.1.3 Configuring ALCRMS Settings Manually Your server administrators will provide you with server connection details. Once these details are obtained, configure Acrobat to use the server. To connect to a Adobe
  • Adobe 22002484 | Security Guide - Page 92
    Acrobat Family of Products Security Feature User Guide Figure 74 ALCRMS Server Configuration LiveCycle Rights Management Server Security Managing your ALCRMS Account 92 7.1.4 Managing your ALCRMS Account To manage your ALCRMS Account: 1. Choose Advanced > Security > Adobe LiveCycle Rights
  • Adobe 22002484 | Security Guide - Page 93
    Acrobat Family of Products Security Feature User Guide LiveCycle Rights Management Server Security Applying ALCRMS Security 93 before a user must synchronize with Adobe LiveCycle Rights Management Server. 10. Choose Save. 11. Exit the Web console and return to Acrobat. 12. Choose Finish. 7.2.2
  • Adobe 22002484 | Security Guide - Page 94
    Acrobat Family of Products Security Feature User Guide LiveCycle Rights Management Server Security Synchronizing a : 1. Open the document you would like to track. 2. Choose Advanced > Security > Adobe LiveCycle Rights Management > View Audit History. 3. If prompted, enter a username and password
  • Adobe 22002484 | Security Guide - Page 95
    administrators should either preconfigure client installations or distribute instructions for setting up the application correctly. For example, if a PDF has an embedded script, but it is from your company, it downloads. Acrobat and Reader provide two ways to block potentially unsafe PDFs:  A system
  • Adobe 22002484 | Security Guide - Page 96
    Acrobat Family of Products Security Feature User Guide External Content and Document Security Enabling Enhanced Host: Enter the name of the root URL only. For example, enter www.adobe.com but not www. adobe.com/products. To only allow higher privileges for files accessed from secure connections,
  • Adobe 22002484 | Security Guide - Page 97
    Acrobat Family of Products Security Feature User Guide usually involves some mechanism such as data injection into a PDF form field, installing files, executing a script, and so your environment for enhanced security or need to troubleshoot FDF workflows that may not be working as expected, see "
  • Adobe 22002484 | Security Guide - Page 98
    authorization dialog when Enhanced Security is on:  You submit data from a PDF in the browser and the URL has #FDF at the end. The FDF that comes refer to the Security Administration Guide for Acrobat 9.0 and Adobe Reader 9.0. 8.2 Controlling Multimedia The Acrobat family of products have a notion
  • Adobe 22002484 | Security Guide - Page 99
    Acrobat Family of Products Security Feature User Guide External Content and Document Security Configuring Multimedia 80). Caution: Membership on the trusted document list is permanent until the list is manually cleared. Therefore, once a document is on that list, changing the certificate trust
  • Adobe 22002484 | Security Guide - Page 100
    Guide External Content and Document Security Controlling Multimedia in Certified Documents 100 1. Open the Multimedia Trust Manager:  Acrobat and Adobe Reader (Windows): Edit > Preferences > Multimedia Trust  Acrobat and Adobe Reader player permissions as follows: Select the player is manually
  • Adobe 22002484 | Security Guide - Page 101
    Acrobat Family of Products Security Feature User Guide External Content and Document Security Setting JavaScript Options method indicates the events during which the method can be executed. Beginning with Acrobat 6.0, security-restricted methods can execute in a non-privileged context if the
  • Adobe 22002484 | Security Guide - Page 102
    Guide External Content and Document Security Javascript and Certified Documents 102 In Acrobat versions earlier than 7.0, menu events were considered privileged contexts. Beginning with Acrobat  Acrobat and Adobe Reader (Windows): Edit > Preferences > JavaScript  Acrobat and Adobe Reader (
  • Adobe 22002484 | Security Guide - Page 103
    each signer's certificate or manually configuring another trust anchor. The application default is to check for updates and then ask if you would like to install them. However, you can modify this behavior as follows: 1. Choose one of the following:  Acrobat and Adobe Reader (Windows): Edit
  • Adobe 22002484 | Security Guide - Page 104
    Acrobat Family of Products Security Feature User Guide External Content and Document Security Default Behavior: Black and White Lists 104  Be aware of dangerous file types and how the application manages those types. Adobe The Acrobat family of products always allow you to open and save PDF and
  • Adobe 22002484 | Security Guide - Page 105
    Acrobat Family of Products Security Feature User Guide External Content and Document Security Default Behavior: Black and White .ins IIS Internet Communications Settings (Microsoft) .isp IIS Internet Service Provider Settings (Microsoft) .its Internet Document Set, International Translation
  • Adobe 22002484 | Security Guide - Page 106
    Acrobat Family of Products Security Feature User Guide External Content and Document Security Default Behavior: Black and White Lists 106 Table 4 Default prohibited file types Extension Description .mad Access Module Shortcut (Microsoft) .maf
  • Adobe 22002484 | Security Guide - Page 107
    in Table 4 can be extended one at a time as each attached file is opened. Administrators can modify the registry directly (refer to the Acrobat Security Administration Guide). To add a file to a black or white list, attach the new file type to a document and then try to open it: 1. Choose Document
  • Adobe 22002484 | Security Guide - Page 108
    Acrobat Family of Products Security Feature User Guide Figure 85 Launch Attachment dialog External Content and opening of non-PDF file attachments with external applications (Figure 86):  Checked: Default. The application uses its stored black list to determine whether Acrobat should let the
  • Adobe 22002484 | Security Guide - Page 109
    Acrobat Family of Products Security Feature User Guide External Content and Document Security Controlling Access to Referenced Files and XObjects 109 8.6 Controlling Access to Referenced Files and XObjects Your application can inform you when a PDF file is attempting to access external content
  • Adobe 22002484 | Security Guide - Page 110
    of Products Security Feature User Guide External Content and Document Security Turning Internet Access Off and On 110 8.7.1 Turning Internet Access Off and On To block or allow all Web sites: 1. Choose Edit > Preferences (Windows) or Acrobat > Preferences (Macintosh). 2. Select Trust Manager
  • Adobe 22002484 | Security Guide - Page 111
    Guide External Content and Document Security Allowing and Blocking Specific Web Sites 111 8.7.2 Allowing and Blocking Specific Web Sites The Acrobat and white lists: 1. Choose Edit > Preferences (Windows) or Acrobat (or Adobe Reader) > Preferences (Macintosh). 2. Select Trust Manager in the
  • Adobe 22002484 | Security Guide - Page 112
    was formerly an FDF user guide. Security settings can be complex supports the import and export of all settings including digital ID data, trust, server details, signing preferences, and so on. Settings can only be exported from Acrobat but settings can be imported by both Acrobat and Adobe Reader
  • Adobe 22002484 | Security Guide - Page 113
    Figure 93 Security settings: Encryption method 7. Follow the dialog instructions which will vary with your choice of the document security method Signatures User Guide. 9.1.2 Importing Security Settings from a File Settings can be imported by both Acrobat and Adobe Reader. To import security settings
  • Adobe 22002484 | Security Guide - Page 114
    Acrobat Family of Products Security Feature User Guide Migrating and Sharing Security Settings Importing Security Settings from a File 114 1. Choose Advanced > Security > Import Security Settings. 2. Browse to an .acrobatsecuritysettings file. 3. Choose Open. 4. acrobatsecuritysettings
  • Adobe 22002484 | Security Guide - Page 115
    When the acrobatsecurity file opens, follow the instructions as described in "Importing Security Settings from a File" on page 113. Figure 97 Security setting preferences for server import 9.2 Sharing Settings & Certificates with FDF Acrobat and Adobe Reader support the use of FDF files to exchange
  • Adobe 22002484 | Security Guide - Page 116
    Acrobat provides the following FDF features:  Import and export of digital ID certificates.  Import and export of server settings for an Adobe need for error prone, manual configuration. FDF files provide request and a return URL address. When Bob downloads the FDF file from the server, he is
  • Adobe 22002484 | Security Guide - Page 117
    Acrobat Family of Products Security Feature User Guide involves some mechanism such as data injection into a PDF form field, installing files, executing a script, and configure your environment for enhanced security or need to troubleshoot FDF workflows that may not be working as expected, see
  • Adobe 22002484 | Security Guide - Page 118
    Acrobat Family of Products Security Feature User Guide Migrating and Sharing Security Settings Exporting Application Settings with FDF Files 118 Table 5 Rules for opening a PDF via FDF Action FDF PDF to the file to open the Acrobat wizard which downloads and/or installs the certificate.
  • Adobe 22002484 | Security Guide - Page 119
    , it automatically exports other selected certificates in that certificate's chain and includes them in the FDF file. 1. Choose Advanced (Acrobat) or Document (Adobe Reader) > Manage Trusted Identities. 2. Choose Certificates in the Display drop-down list. In addition to this method, you can also
  • Adobe 22002484 | Security Guide - Page 120
    someone: Emailing the data automatically creates an FDF file that other Adobe product users can easily import.  Save the exported data to a file: Acrobat FDF Data Exchange. FDF is a format recognized by the Acrobat family of products. 8. Choose Next. 9. (Optional) If the Identity Information dialog
  • Adobe 22002484 | Security Guide - Page 121
    . Most users will likely need to manually set the imported certificate's trust level. When distributing a trusted root in a signed file that the FDF recipient can validate, set the certificate trust level: 1. Choose Advanced (Acrobat) or Document (Adobe Reader) > Manage Trusted Identities. 2. Choose
  • Adobe 22002484 | Security Guide - Page 122
    Acrobat Family of Products Security Feature User Guide Migrating and Sharing Security Settings your web-based email program. To email a digital ID certificate: 1. Choose Advanced (Acrobat) or Document (Adobe Reader) > Security Settings. 2. Select Digital IDs in the left-hand tree. 3. Highlight
  • Adobe 22002484 | Security Guide - Page 123
    Acrobat Family of Products Security Feature User Guide Figure 102 Emailing your certificate Migrating and to a File To save a digital ID certificate to a file: 1. Choose Advanced (Acrobat) or Document (Adobe Reader) > Security Settings. 2. Select Digital IDs in the left-hand tree. 3. Highlight an
  • Adobe 22002484 | Security Guide - Page 124
    Acrobat Family of Products Security Feature User Guide Migrating and Sharing Security Settings Exporting Application Settings certificate. To request a certificate from someone: 1. Choose Advanced (Acrobat) or Document (Adobe Reader) > Manage Trusted Identities. 2. Choose Request Contact. Figure 103
  • Adobe 22002484 | Security Guide - Page 125
    Acrobat Family of Products Security Feature User Guide Migrating and Sharing Security Settings Exporting FDF file. To send directory server details in an email: 1. Choose Advanced (Acrobat) or Document (Adobe Reader) > Security Settings. 2. Select a server category from the left-hand list.
  • Adobe 22002484 | Security Guide - Page 126
    Acrobat Family of Products Security Feature User Guide Migrating and Sharing Security Settings Exporting 11. Review the export details. 12. Choose Finish. 9.2.2.8 Exporting Server Details Adobe LiveCycle Rights Management Server, directory server, roaming ID, and timestamp server details
  • Adobe 22002484 | Security Guide - Page 127
    Family of Products Security Feature User Guide Migrating and Sharing Security Settings Importing Application Settings with FDF Files 127 1. Choose Advanced (Acrobat) or Document (Adobe Reader) > Security Settings. 2. Select a server category from the left-hand list. Note: For roaming ID server
  • Adobe 22002484 | Security Guide - Page 128
    Acrobat Family of Products Security Feature User Guide To respond to an email digital ID request: 1. Double click the attached FDF file. 2. Choose Email your Certificate. Figure 109 Emailing your certificate Migrating and
  • Adobe 22002484 | Security Guide - Page 129
    Acrobat Family of Products Security Feature User Guide Figure 111 Emailing your certificate Migrating and Sharing : 1. Click on the FDF file or from Acrobat or Adobe Reader choose File > Open. The digital ID certificate may be sent directly from Acrobat as an email attachment or may reside in
  • Adobe 22002484 | Security Guide - Page 130
    Acrobat Family of Products Security Feature User Guide Migrating and Sharing Security Settings Importing Application Settings with FDF Files 130 list all at once: 1. Click on the FDF file or from Acrobat or Adobe Reader choose File > Open. The digital ID certificate may be sent directly from
  • Adobe 22002484 | Security Guide - Page 131
    Acrobat Family of Products Security Feature User Guide Figure 113 Importing multiple certificates Migrating and Sharing Security Settings Importing Application Settings with FDF Files 131 2. If the FDF file is signed, the signature
  • Adobe 22002484 | Security Guide - Page 132
    Guide Figure 114 Making a contact a trusted identity Migrating and Sharing Security Settings Importing Application Settings with FDF Files 132 9.2.3.4 Importing Timestamp Server Settings In enterprise settings, servers do not usually have to be manually (Acrobat) or Document (Adobe Reader)
  • Adobe 22002484 | Security Guide - Page 133
    Acrobat Family of Products Security Feature User Guide Migrating and Sharing Security Settings Importing before timestamps can be used. To set a default timestamp server, Choose Advanced (Acrobat) or Document (Adobe Reader) > Security Settings > Time Stamp Servers, select a server, and choose Set
  • Adobe 22002484 | Security Guide - Page 134
    Acrobat Family of Products Security Feature User Guide Migrating and Sharing Security Settings Importing FDF can also be imported through the Security Settings Console by choosing Advanced (Acrobat) or Document (Adobe Reader) > Security Settings, selecting Directory Servers in the left-hand list,
  • Adobe 22002484 | Security Guide - Page 135
    Acrobat Family of Products Security Feature User Guide Migrating and Sharing Security Settings Importing Application Settings with FDF Files 135 9.2.3.6 Importing Adobe by choosing Advanced (Acrobat) or Document (Adobe Reader) > Security Settings, selecting Adobe LiveCycle Rights Management Servers
  • Adobe 22002484 | Security Guide - Page 136
    file system and double click on it. The FDF can also be imported through the Security Settings Console by choosing Advanced (Acrobat) or Document (Adobe Reader) > Security Settings, selecting Roaming ID Accounts in the left-hand list, and choosing Import. 2. Review the sender's details. Note the
  • Adobe 22002484 | Security Guide - Page 137
    Acrobat Family of Products Security Feature User Guide Migrating and Sharing Security Settings Importing Application a roaming ID server 7. Choose Next. 8. After the confirmation that you have downloaded the roaming ID(s) appears, choose Finish. The server settings and associated certificates are
  • Adobe 22002484 | Security Guide - Page 138
    Acrobat Family of Products Security Feature User Guide Migrating and Sharing Security Settings Importing Application Settings with FDF Files 138 Figure 123 Downloaded or a file on a network or your local system.  In Acrobat or Adobe Reader choose File > Open, browse to the FDF file, and choose
  • Adobe 22002484 | Security Guide - Page 139
    Acrobat Family of Products Security Feature User Guide Migrating and Sharing Security Settings Importing Application Settings with FDF Files 139 Note: During an import action, recipients of the distributed trust anchor may be
  • Adobe 22002484 | Security Guide - Page 140
    Acrobat Family of Products Security Feature User Guide Migrating and Sharing Security Settings Importing Application Settings with .: Some operations represent a security risk more serious than others. Acrobat considers the following operations potential threats to a secure application operating
  • Adobe 22002484 | Security Guide - Page 141
    assurance of the author's identity while also showing that the PDF document has not been modified. CDS is the only security solution that provides automatic validation of these attributes in Adobe Reader or Acrobat without also requiring additional software or configuration changes by the recipients
  • Adobe 22002484 | Security Guide - Page 142
    Acrobat 9.0 Acrobat Security Administration Guide Glossary of Security Terms 142 Table 5 Security Terms Cryptographic Service Provider Adobe security partner that has joined the Adobe CDS program to provide CDS digital IDs to end users and organizations. As of Acrobat 6, Adobe Reader and Acrobat
  • Adobe 22002484 | Security Guide - Page 143
    Acrobat 9.0 Acrobat Security Administration Guide viewed by a Windows application. As of Acrobat 9, Adobe Policy Server is renamed to Adobe LiveCycle Rights Management Server A context in but the certificate and its public key can be downloaded at the subscriber's request to any location. Roaming
  • Adobe 22002484 | Security Guide - Page 144
    Index . .ade 105 .adp 105 .apf 141 .apf Digital IDs no longer supported 13 .app 105 .asp 105 .bas 105 .bat 105 .bz 105 .bz2 105 .cer 105, 141 .chm 105 .class 105 .cmd 105 .com 105 .command
  • Adobe 22002484 | Security Guide - Page 145
    User Guide 9 Acrobat Document Security User Guide 9 Acrobat Security Administration Guide 9 Acrobat Security FDF User Guide 9 Acrobat 3.0 and later 67, 69 Acrobat 5.0 and later 67, 69 Acrobat 6.0 and later 67, 69 Acrobat 7.0 and later 67, 69 Acrobat 9.0 and later 67, 69 Acrobat and PDF Library
  • Adobe 22002484 | Security Guide - Page 146
    Acrobat Family of Products Security Feature User Guide Index 146 69, 79, 83 Configuring ALCRMS Settings Manually in Acrobat 9 Digital Signatures in the PDF Language Acrobat security 9 DOS CP/M Command file, Command file for Windows NT 105 Downloaded Acrobat 9 and Adobe Reader 9 9 Envelopes
  • Adobe 22002484 | Security Guide - Page 147
    Acrobat on Windows 9 Gzip Compressed Archive 105 H High Privilege JavaScript Defined 101 How Should You Use This Guide? 8 Hypertext Application 105 I Identity preferences 14 IIS Internet Communications Settings (Microsoft) 105 IIS Internet Service in to an Adobe LiveCycle Rights Management Manually
  • Adobe 22002484 | Security Guide - Page 148
    Acrobat Family of Products Security Feature User Guide privileged context 143 Program file 106 Providing Instructions to the Trusted Root Recipients 121 Public key server name and URL 137 root certificate 143 Rules for opening a PDF via FDF 97, 117 S Saving Certificate or Contact Details to
  • Adobe 22002484 | Security Guide - Page 149
    Acrobat Family of Products Security Feature User Guide Selecting a digital ID 128 Self-expanding archive ( What is a Digital ID? 10 What is a Trusted Identity? 30 What's in this Guide? 7 Who Should Read This Guide? 7 Why Attach a File that's on the Black List? 104 Windows Control Panel Extension (
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
PDF Creation Date:
August 4, 2008
b
c
Document Security User Guide
for Acrobat 9.0 and Adobe Reader 9.0
Acrobat® and Adobe® Reader®
Version 9.0