Before you begin
Acrobat now has an improved interface, as shown. If you see a different experience, refer to help for your current experience.
Before you begin
Acrobat now has an improved interface, as shown. If you see a different experience, refer to help for your current experience.
For a full list of articles about security, see Overview of security in Acrobat and PDF content.
Use certificates to encrypt documents and to verify a digital signature. A digital signature assures recipients that the document came from you. Encryption ensures that only the intended recipient can view the contents. A certificate stores the public key component of a digital ID.
When you secure a PDF using a certificate, you specify the recipients and define the file access level for each recipient or group. For example, you can allow one group to sign and fill forms and another to edit text or remove pages. You can choose certificates from your list of trusted identities, files on disk, LDAP server, or the Windows certificate store. Always include your certificate in the recipient list so that you can open the document later.
If possible, encrypt documents using certificates from third-party digital IDs. If the certificate is lost or stolen, the issuing authority can replace it. If a self-signed digital ID is deleted, all PDFs that were encrypted using the certificate from that ID are inaccessible forever.
Try it in the app
Secure PDFs using digital certificates in a few simple steps.
Open a PDF, and choose All tools > Protect a PDF > Encrypt with Certificate.
When prompted, select Yes.
In the Certificate Security Settings dialog, select the document components to encrypt.
From the Encryption Algorithm menu, choose the rate of encryption, and then select Next.
The encryption algorithm and key size are version-specific. Recipients must have the corresponding version (or later) of Acrobat or Acrobat Reader to decrypt and read the document.
If you select 128-bit AES, recipients must have Acrobat 7 or later or Acrobat Reader 7 or later to open the document.
If you select 256-bit AES, either Adobe Acrobat 9 or later or Adobe Reader 9 or later is required to open the document.
Create a recipient list for the encrypted PDF. Include your certificate in the recipient list so you can open the document later.
Select Search to locate identities in a directory server or in your list of trusted identities.
Select Browse to locate the file that contains certificates of trusted identities.
To set printing and editing restrictions for the document, select recipients from the list, and then select Permissions.
Select Next to review your settings, and then select Finish.
When a recipient opens the PDF the security settings you specified for that person are used.
Open a PDF, and choose All tools > Protect a PDF > Set security properties.
Select Change Settings.
Do any of the following, and then select Next.
To encrypt different document components, select that option.
To change the encryption algorithm, choose it from the menu.
To check a trusted identity, select the recipient and then select Details.
To remove recipients, select one or more recipients, and then select Remove. Only remove your certificate if you want access to the file using that certificate.
To change the permissions of recipients, select one or more recipients and then select Permissions.
Select Next, and then select Finish. Select OK to close the Document Properties dialog and apply your changes.
Open a PDF, and choose All tools > Protect a PDF > Remove security.
Businesses that use certificates for secure workflows often store certificates on a directory server that participants can search to expand their list of trusted identities.
When you receive a certificate from someone, you can add it to your list of trusted identities. You can set your trust settings to trust all digital signatures and certified documents created with a specific certificate. You can also import certificates from a certificate store, such as the Windows certificate store. A certificate store often contains certificates issued by various certification authorities.
Third-party security providers usually validate identities by using proprietary methods. Or, they integrate their validation methods with Acrobat. If you use a third-party security provider, see the documentation for the third-party provider.
Certificates that you receive from others are stored in a list of trusted identities. This list resembles an address book and enables you to validate the signatures of these users on any documents you receive from them.
When a contact sends a certificate to you by email, it's displayed as an import/export methodology file attachment.
Open the email attachment, then select Set Contact Trust in the dialog box that appears.
Select the contact and then select Import.
Supply any password required, and select Next. Select OK to view the import details, and then select OK again.
Choose the location and select Next. Then select Finish.
Select Set Contact Trust again to see that the contact has been added to Certificates. Select the certificate to view Details and Trust information.
For Trust, select the options desired.
Use This Certificate As A Trusted Root only if it's required to validate a digital signature. Once you make a certificate a trust anchor, you prevent revocation by checking on it (or any certificate in the chain).
To allow actions that can be a security risk, select Certified Documents and then select the options you want to allow:
Dynamic Content
Includes FLV files, SWF files, and external links.
Embedded High Privilege JavaScript
Trusts embedded scripts.
Privileged System Operations
Includes networking, printing, and file access
You can safely add a certificate to your trusted identities from a signed PDF by first verifying the fingerprint with the originator or the certificate.
On the Options menu, select Show Signature Properties, and then select Show Signer’s Certificate.
Select the Trust tab, select Add To Trusted Certificates, and select OK.
In the Import Contact Settings dialog box, specify trust options, and select OK.
Trusting certificates from the Windows certificate store is not recommended.
If you use the Windows certificate store to organize your certificates, you can import certificates using a wizard in Windows Explorer. To import certificates, identify the file that contains the certificates, and determine the file location.
If you're prompted to validate the certificate before installing it, note the MD5 and SHA1 digest values (fingerprint). Contact the originator of the certificate to confirm that the values are correct before you trust the certificate. Select OK.
The Certificate Viewer dialog box provides user attributes and other information about a certificate. When others import your certificate, they often want to check your fingerprint information against the information they receive with the certificate. (The fingerprint refers to the MD5 digest and SHA1 digest values.) You can check certificate information for your digital ID files or the files you import.
For more information about verifying certificates, see the Digital Signatures User Guide (PDF) at www.adobe.com/go/learn_acr_security_en.
The Certificate Viewer dialog box provides the following information:
Certificate validation period
Intended use of the certificate
Certificate data, such as the serial number and public key method
You can also check if the certificate authority has revoked the certificate. Certificates are usually revoked when an employee leaves the company or when security is compromised in some way.
Navigate to Preferences > Signatures. In Identities & Trusted Certificates, and select More.
Select your digital ID, and then select Certificate Details .
Select the Signatures pane and choose the signature. In the Options menu, select Show Signature Properties.
Navigate to Preferences > Signatures. In Identities & Trusted Certificates, and select More.
Select the certificate, and select Remove ID.