Home » Adobe Manuals » Computer Software » Adobe 22002484 » Manual Viewer

Adobe 22002484 Security Guide - Page 25

Managing Windows Digital IDs, 2.4.1 Finding a Digital ID in a Windows Certificate Store File

View all Adobe 22002484 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 25 highlights

Acrobat Family of Products Security Feature User Guide Getting and Using Your Digital ID Managing Windows Digital IDs 25 2.4 Managing Windows Digital IDs For the Acrobat family of products, a "Windows digital ID" is an ID that resides in the Windows certificate store rather than the Acrobat store. Windows supports several formats listed in Table 2. These IDs are protected by your Windows login, are easy to use, and do require file-level password protection. However, they are not portable and are less secure when a file-level password is not specified. The Windows store makes these IDs available to other Windows applications such as Acrobat and Adobe Reader. When an ID in the Windows store is registered with the application, it appears in the Security Settings Console. IDs in the Windows store are subject to the same operations as described in "Generic ID Operations" on page 14 Figure 16 Windows digital ID menu 2.4.1 Finding a Digital ID in a Windows Certificate Store File If a required digital ID file does not appear in the digital ID list, search for it and add it. You can browse to PKCS#12 files (.pfx or .p12) and Windows Certificate Store compatible files (.cer and .p7b). For details, see "Finding an Existing Digital ID in a PKCS#12 File" on page 18. 2.4.2 Deleting a Digital ID from the Windows Certificate Store IDs that have been added to the Windows certificate store can only be deleted from the Security Settings Console if they are self-signed IDs created in Acrobat or Reader version 8.0 or later. Other IDs must be removed from the Windows store by using an application such as Internet Explorer. The store's location in Internet Explorer may vary by version, but is typically found under Tools > Internet Options > Content tab > Certificates button. 2.5 Managing Roaming ID Accounts and IDs A roaming ID is a digital ID that is stored on a server. The private key always remains on the server, but the certificate and its public key can be downloaded at the subscriber's request to any location. Roaming IDs require an Internet connection. Roaming IDs enable remote ID access as well as Web-based user self-registration and ID issuance from a roaming ID server and central ID management. When IDs expire, new ones can be issued and placed on a

Section	Page
Getting Started	7
1.1 What’s in this Guide?	7
1.2 Who Should Read This Guide?	7
1.3 How Should You Use This Guide?	8
1.4 Roadmap to Security Documentation	8
Getting and Using Your Digital ID	10
2.1 Digital ID Basics	10
2.1.1 What is a Digital ID?	10
2.1.2 Digital ID Storage Mechanisms	11
2.1.3 Registering a Digital ID for Use in Acrobat	12
2.1.4 Digital ID Management and the Security Settings Console	13
2.1.5 Setting Identity Information	13
2.2 Generic ID Operations	14
2.2.1 Specifying Digital ID Usage	14
2.2.2 Sharing (Exporting) a Digital ID Certificate	15
2.2.3 Viewing All of Your Digital IDs	15
2.2.4 Customizing a Digital ID Name	16
2.2.5 Viewing Digital ID Certificates in the Certificate Viewer	16
2.3 Managing PKCS#12 Digital ID Files	17
2.3.1 Logging in to a Digital ID File	18
2.3.2 Finding an Existing Digital ID in a PKCS#12 File	18
2.3.3 Adding and Removing Digital ID Files from the File List	19
2.3.4 Changing an ID File’s Password	19
2.3.5 Changing a PKCS#12 File’s Password Timeout	20
2.3.6 Logging in to PKCS#12 Files	21
2.3.7 Creating a Self-Signed Digital ID	21
2.3.8 Deleting a PKCS#12 Digital ID	24
2.4 Managing Windows Digital IDs	25
2.4.1 Finding a Digital ID in a Windows Certificate Store File	25
2.4.2 Deleting a Digital ID from the Windows Certificate Store	25
2.5 Managing Roaming ID Accounts and IDs	25
2.5.1 Adding a Roaming ID Account to Get a Roaming ID	26
2.5.2 Logging in to a Roaming ID Account	26
2.6 Managing IDs Accessible via PKCS#11 Devices	27
2.6.1 Adding an ID that Resides on External Hardware	27
2.6.2 Changing Passwords	28
2.6.3 Logging in to a Device	29
Managing Certificate Trust and Trusted Identities	30
3.1 What is a Trusted Identity?	30
3.2 Adding Someone to Your Trusted Identity List	32
3.2.1 Adding a Certificate From a Signature	32
3.2.2 Requesting a Digital ID via Email	33
3.2.3 Importing a Certificate From a File	33
3.2.4 Searching for Digital ID Certificates	34
3.3 Certificate Trust Settings	36
3.3.1 Setting Certificate Trust	37
3.3.2 Setting Certificate Policy Restrictions	39
3.3.3 Using Certificates for Certificate Security (Encryption)	40
3.4 Using Directory Servers to Add Trusted Identities	40
3.4.1 Manually Configuring a Directory Server	41
3.4.2 Editing Directory Servers Details	42
3.4.3 Deleting a Directory Server	42
3.4.4 Specifying a Default Directory Server	43
3.4.5 Importing and Exporting Directory Server Settings	43
3.5 Managing Contacts	43
3.5.1 Viewing and Editing Contact Details	43
3.5.2 Emailing Certificate or Contact Data	44
3.5.3 Saving Certificate or Contact Details to a File	44
3.5.4 Associating a Certificate with a Contact	45
3.5.5 Changing a Trusted Identity’s Certificate Association	45
3.5.6 Deleting Contacts and Certificates	46
Document Security Basics	48
4.1 Security Method Basics	48
4.1.1 Choosing a Security Method Type	49
4.1.2 Security Policies	50
4.1.3 Security Methods and Encryption	50
4.1.3.1 Encryption Workflow	50
4.1.3.2 Choosing What to Encrypt	51
4.1.3.3 Choosing an Algorithm	51
4.1.4 Security Methods and Permissions	52
4.1.4.1 Permissions Workflow	53
4.1.4.2 Permissions Options	53
4.1.5 Associating Batch Processing with a Security Method	54
4.2 Changing and Viewing Security Settings	55
4.2.1 Viewing Document Encryption and Permission Settings	55
4.2.2 Viewing Document Restrictions	56
4.2.3 Viewing Security Settings in a Browser	57
4.2.4 Changing the Security Method Type	57
4.2.5 Editing Security Method Settings	58
4.2.6 Removing Document Security	58
4.3 Security Policies: Reusable Security Settings	59
4.3.1 Creating Security Policies with Policy Manager	60
4.3.2 Applying a Security Policy to a Document	60
4.3.3 Viewing a Security Policy	61
4.3.4 Copying a Security Policy	61
4.3.5 Editing a Security Policy	61
4.3.6 Making a Security Policy Favorite	62
4.3.7 Refreshing the Security Policy List	62
4.3.8 Deleting a Security Policy	62
4.4 Envelopes	63
Password Security	65
5.1 Creating Password Security Settings	66
5.1.1 Creating a Reusable Password Security Policy	66
5.1.2 Creating Password Security for One-Time Use	69
5.2 Opening a Password-Protected Document	72
5.3 Removing Password Security	72
5.4 Changing Document Collection Passwords	72
5.5 Password Recovery	73
Certificate Security	74
6.1 Setting up the Certificate Security Environment	75
6.1.1 Accessing the Windows Certificate Store	75
6.1.2 Selecting a Certificate to Use for Encryption	76
6.2 Working with Groups of Contacts	77
6.2.1 Creating a Group	77
6.2.2 Adding or Removing Group Contacts	77
6.2.3 Deleting a Group	78
6.3 Creating Certificate Security Settings	78
6.3.1 Creating a Reusable Certificate Security Policy	78
6.3.2 Creating Certificate Security for the Current Document	82
6.3.3 Applying a Certificate Security Policy	87
6.3.4 Applying a Certificate Security to a Group	87
6.3.5 Opening a Certificate-Protected Document	88
LiveCycle Rights Management Server Security	90
7.1 Configuring Servers	90
7.1.1 Importing ALCRMS Settings from an FDF file	91
7.1.2 Importing ALCRMS Settings with a Security Settings Import	91
7.1.3 Configuring ALCRMS Settings Manually	91
7.1.4 Managing your ALCRMS Account	92
7.2 Working with Documents and ALCRMS Policies	92
7.2.1 Creating an ALCRMS Security Policy	92
7.2.2 Applying ALCRMS Security	93
7.2.3 Refreshing the Security Policy List	93
7.2.4 Synchronizing a Document for Offline Use	94
7.2.5 Revoking a Document	94
7.2.6 View a Document’s Audit History	94
External Content and Document Security	95
8.1 Enhanced Security	95
8.1.1 Enabling Enhanced Security	96
8.1.2 Changes in FDF Behavior	97
8.1.3 Interaction with Trust Manager	98
8.1.4 Make Privileged Folder Locations Recursive	98
8.2 Controlling Multimedia	98
8.2.1 Configuring Multimedia Trust Preferences	99
8.2.2 Controlling Multimedia in Certified Documents	100
8.3 Setting JavaScript Options	101
8.3.1 High Privilege JavaScript Defined	101
8.3.2 Javascript and Certified Documents	102
8.4 Adobe Trusted Identity Updates	103
8.5 Working with Attachments	103
8.5.1 Default Behavior: Black and White Lists	103
8.5.2 Adding Files to the Black and White Lists	107
8.5.3 Resetting the Black and White Lists	108
8.5.4 Allowing Attachments to Launch Applications	108
8.6 Controlling Access to Referenced Files and XObjects	109
8.7 Internet URL Access	109
8.7.1 Turning Internet Access Off and On	110
8.7.2 Allowing and Blocking Specific Web Sites	111
Migrating and Sharing Security Settings	112
9.1 Security Setting Import and Export	112
9.1.1 Exporting Security Settings to a File	112
9.1.2 Importing Security Settings from a File	113
9.1.3 Importing Security Settings from a Server	115
9.2 Sharing Settings & Certificates with FDF	115
9.2.1 FDF Files and Security	117
9.2.2 Exporting Application Settings with FDF Files	118
9.2.2.1 Distributing a Trust Anchor or Trust Root	118
9.2.2.2 Setting the Certificate Trust Level	121
9.2.2.3 Exporting Your Certificate	121
9.2.2.4 Emailing Your Certificate	122
9.2.2.5 Saving Your Digital ID Certificate to a File	123
9.2.2.6 Requesting a Certificate via Email	124
9.2.2.7 Emailing Server Details	125
9.2.2.8 Exporting Server Details	126
9.2.3 Importing Application Settings with FDF Files	127
9.2.3.1 Responding to an Email Request for a Digital ID	127
9.2.3.2 Importing Someone’s Certificate	129
9.2.3.3 Importing Multiple Certificates	130
9.2.3.4 Importing Timestamp Server Settings	132
9.2.3.5 Importing Directory Server Settings	134
9.2.3.6 Importing Adobe LiveCycle Rights Management Server Settings	135
9.2.3.7 Importing Roaming ID Account Settings	136
9.2.3.8 Importing a Trust Anchor and Setting Trust	138
Glossary of Security Terms	141

Match case Limit results 1 per page

Acrobat Family of Products

Getting and Using Your Digital ID

Security Feature User Guide

Managing Windows Digital IDs

2.4

Managing Windows Digital IDs

For the Acrobat family of products, a “Windows digital ID” is an ID that resides in the Windows certificate

store rather than the Acrobat store. Windows supports several formats listed in

Table 2

. These IDs are

protected by your Windows login, are easy to use, and do require file-level password protection. However,

they are not portable and are less secure when a file-level password is not specified.

The Windows store makes these IDs available to other Windows applications such as Acrobat and Adobe

Reader. When an ID in the Windows store is registered with the application, it appears in the Security

Settings Console. IDs in the Windows store are subject to the same operations as described in

“Generic ID

Operations” on page 14

Figure 16

Windows digital ID menu

2.4.1

Finding a Digital ID in a Windows Certificate Store File

If a required digital ID file does not appear in the digital ID list, search for it and add it. You can browse to

PKCS#12 files (.pfx or .p12) and Windows Certificate Store compatible files (.cer and .p7b).

For details, see

“Finding an Existing Digital ID in a PKCS#12 File” on page 18

2.4.2

Deleting a Digital ID from the Windows Certificate Store

IDs that have been added to the Windows certificate store can only be deleted from the Security Settings

Console if they are self-signed IDs created in Acrobat or Reader version 8.0 or later. Other IDs must be

removed from the Windows store by using an application such as Internet Explorer. The store’s location in

Internet Explorer may vary by version, but is typically found under

Tools > Internet Options > Content

tab > Certificates button.

2.5

Managing Roaming ID Accounts and IDs

A roaming ID is a digital ID that is stored on a server. The private key always remains on the server, but the

certificate and its public key can be downloaded at the subscriber’s request to any location. Roaming IDs

require an Internet connection.

Roaming IDs enable remote ID access as well as Web-based user self-registration and ID issuance from a

roaming ID server and central ID management. When IDs expire, new ones can be issued and placed on a