Adobe 22002486 Digital Signature User Guide - Page 179
Acrobat 9 Family of Products, Glossary of Security Terms
View all Adobe 22002486 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 179 highlights
Acrobat 9 Family of Products Security Feature User Guide Glossary of Security Terms 179 Table 5 Security Terms Certificate Revocation List (CRL) CRL is a method that public key infrastructures use to maintain access to cached or networked lists of unexpired but revoked certificates. The list specifies revoked certificates, the reasons for revocation (optional), and the certificate issue date and issuing entities. Each list contains a proposed date for the next release. Acrobat's CRL revocation checker adheres to RFC 3280 and NIST PKITS except for delta CRLs. CSP See Cryptographic Service Provider Cryptographic Service Provider Application software that allows it to use MSCAPI to communicate with cryptographic module APIs such as PKCS#11 modules, PFX files, and so on digital ID An electronic representation of data based on the ITU-T X.509 v3 standard, associated with a person or entity. It is often stored in a password-protected file on a computer or network, a USB token, a smart card, or other security hardware device. It can be used for digital signatures and certificate security. "Digital ID" is sometimes used interchangeably with "certificate"; however, a certificate is only one part of a digital ID which also contains a private key and other data. digital signature digitally sign document integrity EE electronic signatures An electronic signature that can be used to verify the identity of the signer through the use of public key infrastructure (PKI) technology. Signers need a digital ID and an application capable of creating a signature. To apply a digital signature using a digital ID. In signing workflows, document integrity refers to whether or not what was signed has changed after signing. That is, what the signer signed should be reproducible and viewable on the document recipient's end. For the document recipient to validate a signature, its important to determine to what document or what document version that signature applies. See message digest. See end entity certificate. A digital signature. embedded JavaScript embedded validation response end entity certificate (EE) JavaScript that exists within a document rather than that which is executed from the JavaScript Console or through a batch process. Information from the digital ID issuer that was used to apply the digital signature and that indicates if the digital ID was valid when the signature was applied. If the digital ID was valid and no one has tampered with the document, the signature will have a status of VALID. Once the digital ID expires or is cancelled (revoked), it won't be possible to determine if the signature was valid at the time it was applied unless there is an embedded revocation response. The bottom-most and end user certificate in a certificate chain is called an "end entity" (EE) certificate. It is the certificate that the holder uses for signing and others use for certificate encryption. GeoTrust ICA individual digital ID intermediate certificate authority (ICA) An Adobe security partner that has joined the Adobe CDS program to provide CDS digital IDs to end users and organizations. As of Acrobat 6, Adobe Reader and Acrobat trust CDS digital IDs and are able to validate signatures that use GeoTrust digital IDs, without requiring any special application configuration. See intermediate certificate authority. A digital ID issued to an individual to digitally sign as them self (e.g. John Smith) as opposed to an organization or other non-human entity. Certificates in between the end entity and root certificates are sometimes called "intermediate certificates" (ICAs) and are issued by the CA or ICAs underneath the CA. Message digest Before Acrobat or Adobe Reader can verify if a document the signed version of the document has changed or not (has integrity), it must first have a way to uniquely identify what was signed. To do this, it uses a message digest. A message digest is a number which is created algorithmically from a file and which uniquely represents that file. If the file changes, the message digest changes. Sometimes referred to as a checksum or hash, a message digest is simply a unique number created at signing time that identifies what was signed and is then embedded in the signature and the document for later verification.