Adobe 22002486 Digital Signature User Guide - Page 179

Acrobat 9 Family of Products, Glossary of Security Terms

Get Adobe 22002486 PDF manuals and user guides View all Adobe 22002486 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 179 highlights

Acrobat 9 Family of Products Security Feature User Guide Glossary of Security Terms 179 Table 5 Security Terms Certificate Revocation List (CRL) CRL is a method that public key infrastructures use to maintain access to cached or networked lists of unexpired but revoked certificates. The list specifies revoked certificates, the reasons for revocation (optional), and the certificate issue date and issuing entities. Each list contains a proposed date for the next release. Acrobat's CRL revocation checker adheres to RFC 3280 and NIST PKITS except for delta CRLs. CSP See Cryptographic Service Provider Cryptographic Service Provider Application software that allows it to use MSCAPI to communicate with cryptographic module APIs such as PKCS#11 modules, PFX files, and so on digital ID An electronic representation of data based on the ITU-T X.509 v3 standard, associated with a person or entity. It is often stored in a password-protected file on a computer or network, a USB token, a smart card, or other security hardware device. It can be used for digital signatures and certificate security. "Digital ID" is sometimes used interchangeably with "certificate"; however, a certificate is only one part of a digital ID which also contains a private key and other data. digital signature digitally sign document integrity EE electronic signatures An electronic signature that can be used to verify the identity of the signer through the use of public key infrastructure (PKI) technology. Signers need a digital ID and an application capable of creating a signature. To apply a digital signature using a digital ID. In signing workflows, document integrity refers to whether or not what was signed has changed after signing. That is, what the signer signed should be reproducible and viewable on the document recipient's end. For the document recipient to validate a signature, its important to determine to what document or what document version that signature applies. See message digest. See end entity certificate. A digital signature. embedded JavaScript embedded validation response end entity certificate (EE) JavaScript that exists within a document rather than that which is executed from the JavaScript Console or through a batch process. Information from the digital ID issuer that was used to apply the digital signature and that indicates if the digital ID was valid when the signature was applied. If the digital ID was valid and no one has tampered with the document, the signature will have a status of VALID. Once the digital ID expires or is cancelled (revoked), it won't be possible to determine if the signature was valid at the time it was applied unless there is an embedded revocation response. The bottom-most and end user certificate in a certificate chain is called an "end entity" (EE) certificate. It is the certificate that the holder uses for signing and others use for certificate encryption. GeoTrust ICA individual digital ID intermediate certificate authority (ICA) An Adobe security partner that has joined the Adobe CDS program to provide CDS digital IDs to end users and organizations. As of Acrobat 6, Adobe Reader and Acrobat trust CDS digital IDs and are able to validate signatures that use GeoTrust digital IDs, without requiring any special application configuration. See intermediate certificate authority. A digital ID issued to an individual to digitally sign as them self (e.g. John Smith) as opposed to an organization or other non-human entity. Certificates in between the end entity and root certificates are sometimes called "intermediate certificates" (ICAs) and are issued by the CA or ICAs underneath the CA. Message digest Before Acrobat or Adobe Reader can verify if a document the signed version of the document has changed or not (has integrity), it must first have a way to uniquely identify what was signed. To do this, it uses a message digest. A message digest is a number which is created algorithmically from a file and which uniquely represents that file. If the file changes, the message digest changes. Sometimes referred to as a checksum or hash, a message digest is simply a unique number created at signing time that identifies what was signed and is then embedded in the signature and the document for later verification.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
Acrobat 9 Family of Products
Glossary of Security Terms
Security Feature User Guide
179
Certificate Revocation List (CRL)
CRL is a method that public key infrastructures use to maintain access to cached or networked lists of
unexpired but revoked certificates. The list specifies revoked certificates, the reasons for revocation
(optional), and the certificate issue date and issuing entities. Each list contains a proposed date for the
next release. Acrobat’s CRL revocation checker adheres to RFC 3280 and NIST PKITS except for delta
CRLs.
CSP
See Cryptographic Service Provider
Cryptographic Service Provider
Application software that allows it to use MSCAPI to communicate with cryptographic module APIs such
as PKCS#11 modules, PFX files, and so on
digital ID
An electronic representation of data based on the ITU-T X.509 v3 standard, associated with a person or
entity. It is often stored in a password-protected file on a computer or network, a USB token, a smart
card, or other security hardware device. It can be used for digital signatures and certificate security.
“Digital ID” is sometimes used interchangeably with “certificate”; however, a certificate is only one part
of a digital ID which also contains a private key and other data.
digital signature
An electronic signature that can be used to verify the identity of the signer through the use of public key
infrastructure (PKI) technology. Signers need a digital ID and an application capable of creating a
signature.
digitally sign
To apply a digital signature using a digital ID.
document integrity
In signing workflows, document integrity refers to whether or not what was signed has changed after
signing. That is, what the signer signed should be reproducible and viewable on the document
recipient’s end. For the document recipient to validate a signature, its important to determine to what
document or what document version that signature applies. See message digest.
EE
See end entity certificate.
electronic signatures
A digital signature.
embedded JavaScript
JavaScript that exists within a document rather than that which is executed from the JavaScript Console
or through a batch process.
embedded validation response
Information from the digital ID issuer that was used to apply the digital signature and that indicates if
the digital ID was valid when the signature was applied. If the digital ID was valid and no one has
tampered with the document, the signature will have a status of VALID.
Once the digital ID expires or is cancelled (revoked), it won’t be possible to determine if the signature
was valid at the time it was applied unless there is an embedded revocation response.
end entity certificate (EE)
The bottom-most and end user certificate in a certificate chain is called an “end entity” (EE) certificate. It
is the certificate that the holder uses for signing and others use for certificate encryption.
GeoTrust
An Adobe security partner that has joined the Adobe CDS program to provide CDS digital IDs to end
users and organizations. As of Acrobat 6, Adobe Reader and Acrobat trust CDS digital IDs and are able to
validate signatures that use GeoTrust digital IDs, without requiring any special application configuration.
ICA
See intermediate certificate authority.
individual digital ID
A digital ID issued to an individual to digitally sign as them self (e.g. John Smith) as opposed to an
organization or other non-human entity.
intermediate certificate
authority (ICA)
Certificates in between the end entity and root certificates are sometimes called “intermediate
certificates” (ICAs) and are issued by the CA or ICAs underneath the CA.
Message digest
Before Acrobat or Adobe Reader can verify if a document the signed version of the document has
changed or not (has integrity), it must first have a way to uniquely identify what was signed. To do this, it
uses a message digest. A message digest is a number which is created algorithmically from a file and
which uniquely represents that file. If the file changes, the message digest changes. Sometimes referred
to as a checksum or hash, a message digest is simply a unique number created at signing time that
identifies what was signed and is then embedded in the signature and the document for later
verification.
Table 5
Security Terms