Saturday, September 26, 2009

Adding certificates to your Trusted Certificates list


The way that you add the certificates that you receive to your Trusted Certificates list depends upon how you receive them. If you receive an e-mail message with a certificate attached, you can launch Acrobat, validate the certificate, and add the certificate to your Trusted Certificates list all by simply opening the certificate file attached to the message in your e-mail program (in most programs, you open an attachment by double-clicking the file attachment icon).
When Acrobat launches, it displays the Data Exchange File - Import Contact dialog box. To add the certificate to your list, click the Set Contact Trust button to open the Import Contact Settings dialog box. The Trust Signatures Created with this Certificate check box is selected by default. Click the Import button to import the certificate data and create a Digital ID certificate that will appear in your Trusted Identities list. If you have access to someone’s Self-Sign Security certificate file on your computer system, you can add it to your Trusted Certificates list by clicking the Import from File button in the Trusted Certificates portion of your User Settings dialog box. To do this, follow these steps:
  1. Choose Advanced➪Manage Digital IDs➪Trusted Identities to open the Manage Trusted Identities dialog box.
  2. Click the Add Contacts button to open the Select Contacts to Add dialog box, and then click the Browse for Certificates button.
  3. Locate the certificate exchange file you want to import in the LocateCertificate File dialog box, and then click the Open button. The selected certificate data file appears in the upper list box of the Select Contacts to Add dialog box.
  4. Click the Add to Contacts List button to display the certificate exchange file in the Contacts to Add list box below; then click OK.
  5. Click OK to close the alert dialog box and return to your Manage Trusted Identities dialog box, where you see the name of the person you just added to your Trusted Identities list.
  6. Click the Close button to close the Manage Trusted Identities dialog box.

Exchanging certificates with associates

You can simplify the process of validating signatures in the PDF files you review by having all the review team members exchange copies of their Self-Sign Security certificates. Acrobat makes this easy by adding an export function to the Manage Trusted Identities dialog box. To open this dialog box, choose Advanced➪Manage Digital IDs➪Trusted Identities. Select your Digital ID from the list box in the Manage Trusted Identities dialog box and click the Export button to open the Data Exchange File - Export Options dialog box. Two radio buttons appear in the Export options section. The first is the E-mail the Data to Someone radio button that you can select to send a copy of your certificate to team members in a new e-mail message. The second is the Save the Data to File radio button that you can use to make a copy of the certificate file that others can import into their Trusted Certificates list. (For example, you can use this option if you and your coworkers are on the same network and share access to certain folders.)
When you select the Save the Data to a File radio button, Acrobat opens an Export Data As dialog box, where you can designate the drive and folder on which the copy of your certificate is saved (saved in a special Acrobat Self-Sign key file format that uses a .fdf file extension) when you click the Save button. When you select the E-mail the Data to Someone radio button, Acrobat opens the Compose E-mail dialog box, To send the e-mail, fill in the recipient’s e-mail address in the To text box, make any necessary changes in the default text provided in the message window, and click the E-mail button. Acrobat transfers the information into your e-mail client in order to send your certificate data to someone else.

Validating PDF digital signatures

Whenever you add your own signature to a PDF document, Acrobat automatically uses your user Digital ID information to verify your signature as valid (indicated by the green check mark and the text Signature Valid underneath it). When you receive a document that has been signed by other people, their signatures will not automatically be recognized as valid when you open the PDF file.
You can then validate their signatures. As part of this process, you need to get in contact with the signatory and verify that one or both of the two socalled fingerprint numbers stored in the public key attached to the signature in your PDF document match the fingerprint numbers in the signatory’s public key stored as part of his or her certificate attributes on his or her hard drive. (The two fingerprints are made up of a combination of letters and numbers that make your software serial number look short; the first is called the MD5 Fingerprint, and the second is called the SHA-1 Fingerprint.) To validate a signature in a PDF document that you have open, follow these steps:
  1. Open the Signatures palette and select the name of the unknown signatory you want to validate (indicated by a blue question mark before the name), and then select Validate Signature on the Signature palette Options pop-up menu.
  2. If the unknown signatory has not been added to your list of trusted certificates, Acrobat next displays the Signature Validation Status dialog box.
  3. Click the Signature Properties button. The Signature Properties dialog box appears.
  4. Use the contact information (if listed) to get a hold of the signatory (preferably by telephone) to verify the MD5 and/or the SHA-1 Fingerprint numbers listed at the bottom of the Certificate Attributes dialog box. Click the Show Certificate button to view these numbers. To find these numbers to read off to you, the signatory must choose Advanced➪Manage Digital IDs➪My Digital ID, select their Digital ID in the Manage My Digital IDs dialog box, and click the Settings button to open the Set Digital ID Usage dialog box. The signatory then clicks the Show Certificate Details button to open the Certificate Attributes dialog box and view their MD5 and SHA-1 Fingerprint numbers.
  5. If the fingerprint numbers on your screen match the numbers given to you over the phone, click the Trust Identity button. The Certificate Security-Alert dialog box opens, telling you that Trusting Certificates directly from a document is unwise.
  6. Click OK to close the Alert box and open the Import Contact Settings dialog box.
  7. Click the Import button and then click OK in the Import Complete dialog box to add the person to your list of trusted certificates and to validate the selected signature in the PDF document.

You can quickly validate individual signatures for the people you’ve added to your Trusted Certificates list by simply double-clicking their signature fields. Acrobat will quickly search your list and, upon finding the person’s certificate, display a Signature Validation Status alert dialog box, informing you that the signature is valid. You can also use this technique on your own signatures in the event that they show up as unknown signatures when you reopen the PDF document, even when your Digital ID file is open. To update all the signatures in your PDF at one time, simply choose Document➪Digital Signatures➪ Validate All Signatures in Document, or select the Validate All Signatures in Document option on the Signatures palette Options pop-up menu.