Did you know that you can digitally sign a PDF document using Adobe Reader? The PDF document requires some special preparation, but once it's prepared with Adobe LiveCycle Reader Extensions, you have the ability to add a digital signature to a document.
In Adobe Reader you can view PDF documents that are signed electronically by other users and you can create your own personal digital signature. In addition, you can export a public certificate from a Digital ID that you create. A PDF author can use your exported public certificate to encrypt files in such a way that the file can only be opened with the password you used when you created your Digital ID.
There are two parts to using Digital IDs. The Private part of an ID is used for creating a Digital ID and decrypting files. The Public part is used for verifying digital signatures and encrypting files. If you don't have a PDF opened in Reader that has been enabled with usage rights using the Adobe LiveCycle Reader Extensions Server (ARES), you can only create a Digital ID, decrypt a document, and verify signatures. You need to open a document with usage rights enabled using ARES to electronically sign documents.
Digital IDs are used to electronically sign PDF documents. Although you can create a Digital ID in Adobe Reader, to digitally sign a document, you need to use a PDF file prepared with special usage rights from authors using Adobe LiveCycle Reader Extensions. When you create a Digital ID, there are two parts to the ID, as explained earlier in this chapter.
When you create a Digital ID, the signature appearance is a façade that hides a unique “fingerprint” customized with encryption to prevent someone from duplicating your signature.
When you electronically sign a document or open documents signed by other users, you need to confirm the authenticity of the PDF document, and validate the signatures against a public certificate. You might think of a public certificate as a being like driver's license or identification card carrying your signature. When you write a check, a retail clerk looks at your license or ID card and compares that signature to the one on your signed check. Anyone can view your identification, but only you are legally authorized to sign a document. In Adobe Reader, when you create a Digital ID, you have a means of exporting your public certificate and sharing it with other users who can then electronically compare your certificate to documents you digitally sign. In addition, you can collect public certificates from other users when you want to authenticate their signatures. Collecting public certificates from other users is referred to as building a list of trusted identities.
Adobe Reader lets you create Digital IDs, export public certificates, and build a list of trusted identities by acquiring public certificates from other users.
The first order of business when working with Digital IDs is to create your own personal Digital ID. You may or may not use the ID to sign documents, depending on the kind of files you work with. However, creating a Digital ID is important if you want to share a public certificate with other users. When a PDF author has your public certificate, the author can encrypt a PDF document specifically for you using your certificate. No special requirements are needed to create a Digital ID, to share your public certificate, or to open files encrypted with your certificate.
When you create a Digital ID, you have the option of creating a signature appearance. Appearances are only an option—they're not required when using Digital IDs. If you create an appearance, the appearance is shown on a document each time you sign it. You can use a scanned image of your analog signature, an icon or logo, a photo, or any kind of PDF document for an appearance. You can create multiple appearances and choose which appearance you want to use when signing a document. You can create an appearance either before or after you create a Digital ID.
You can create Digital IDs with or without a custom appearance. If you want to use an analog signature as part of your signature appearance, you need to scan your signature and save the file as a PDF document. If you use Adobe Photoshop or Adobe Photoshop Elements, you can save to a PDF file from either application. If you choose not to use a graphic image as part of your signature appearance, you can choose from different options Adobe Reader provides for appearances.
To create an appearance for your Digital ID:
Press Ctrl/Command+K to open the Preferences dialog.
Click Security in the left pane, and the right pane changes (Figure 17.1).
The right pane in the Preferences dialog offers appearance settings choices. Click the New button to create a new Digital ID appearance. The Configure Signature Appearance dialog opens (Figure 17.2).
Type a title for your appearance in the Title text box. The text can be any text you want to use to describe the appearance.
The Configure Text section by default enables all text options for the signature appearance. You can choose which text items you want to include by checking the boxes on or off. In the Preview box, you see the text as it will appear on your signature.
If you have a graphic image you want to use for your appearance, click the Imported graphic radio button, and then select File.
The Select Picture dialog opens. Click the Browse button, and the Open dialog appears. Navigate your hard drive to find the PDF file you want to use as an appearance, select the file in the Open dialog, and click Select.
You are returned to the Select Picture dialog, and the preview box shows you an image preview for the selected image (Figure 17.3). Click OK, and you are returned to the Configure Signature Appearance dialog.
Click OK in the Configure Signature Appearance dialog, and you are returned to the Security preferences. The name you used for the Title appears in the Appearance window.
If you frequently sign documents for different purposes and want to use different appearances when signing documents of various types, you can add additional appearances. Click the New button in the Digital Signatures preferences to add another appearance. Be certain to provide different descriptive titles for each new appearance you create.
Click the Advanced Preferences button and the Digital Signatures Advanced Preferences dialog opens (Figure 17.4). The three tabs in the dialog offer options for signature verification, for security methods to use, and for Windows integration (for Windows users).
To learn more information about the options in the Digital Signatures Advanced Preferences dialog, click the Help button. The Adobe Reader Help document opens and takes you to the page where definitions for setting options in Advanced Preferences are explained.
Before you can sign a document or work with public certificates, you need to create your personal Digital ID. This ID can use any of the appearance settings you create in the Security preferences dialog or you can choose not to use a custom appearance.
To create a Digital ID:
Select Document > Security Settings. The Security Settings dialog opens (Figure 17.5).
Click Add ID. The Add Digital ID window opens (Figure 17.6). You can choose from three options: finding an existing ID, creating a new Self-Signed ID, and using a third-party ID.
Select Create a Self-Signed Digital ID.
Click Next. An informational window informs you that you are about to create a Self-Signed Digital ID. Read the information and click Next to choose how to store your ID (Figure 17.7).
In Windows, you have two options for how to store your ID. You can choose to use the ID exclusively with Adobe Reader by selecting the first radio button, or you can select Windows Certificate Store so that other Windows applications can use the ID. On the Macintosh, you have a single selection for using the New PCKS#12 Digital ID file option. On the Macintosh, click Next. In Windows, select the option you prefer and click Next.
The next pane shows you identifying information derived from your Identity preferences. If the Identity preferences are not filled in, the text boxes are empty. Fill in the identifying information for any empty fields (Figure 17.8).
Click Next, and the last pane in the Add Digital ID window opens (Figure 17.9). You must enter a password of at least 6 characters in the Password text box. Type the same text in the Confirm Password text box.
Click Finish and your Digital ID is created. You are returned to the Security Settings dialog.
Once you create a Digital ID, you can export a public certificate. Your private ID should not be shared with others. This is the portion of your digital ID that's protected by your password. From the Security Settings dialog, you can export a public certificate that can be distributed to other users. PDF authors can use your public certificate to encrypt files according to your personal identity, and also to authenticate your signature.
To export a public certificate:
If the Security Settings dialog is not open, select Document > Security Settings.
The Security Settings dialog opens.
At the top of the dialog (Figure 17.11), you see the Digital ID created in the last series of steps. Click the ID in the list to select it.
Click Export Certificate at the top of the Security Settings dialog.
The Data Exchange File – Export Options dialog opens (Figure 17.12). You have two options for exporting your certificate. If you want to email the certificate to another user, select Email the data to someone. If you want to save the certificate to your hard drive, select Save the data to a file. Choose the option you want to use and click Next.
If you select Email the data to someone, the Compose Email dialog opens (Figure 17.13). Add the recipient's address in the To text box and click Email. The message window alerts the recipient that a data file is attached to the mail, and instructions are added to your email message. When you click Email, your default email program launches and the message and file attachment are added to a new message window.
Public certificates are exchanged freely among users and will not compromise your private ID. You can collect certificates from other users and send your certificate to members of your workgroup and anyone you choose. Certificates you collect can be used to create a list of trusted identities you can then use to verify digital signatures. And PDF authors can use your certificate to encrypt PDF documents for your use.
Use the public certificate JohnSmith.fdf file, which you can download from www.peachpit.com/adobereader7.
To build a list of trusted identities:
Select Document > Trusted Identities. The Manage Trusted Identities dialog opens (Figure 17.14).
Click Add Contacts. The Choose Contacts to Import dialog opens.
Click Browse, and the Locate Certificate File dialog opens. Navigate your hard drive to locate public certificates you've received from others. For this step, use the JohnSmith.fdf file you downloaded. Be certain the file is selected and click Open.
Continue adding as many certificates as needed by clicking the Browse button. You return to the Choose Contacts to Import dialog after opening each certificate. All added certificates are listed in a window. In this example, a single certificate is added (Figure 17.15).
Selecting Search will initiate a search, via a preconfigured path through your directories, to locate public certificates you can place in your trusted identities list. For example, a system administrator can configure your search to look in your company's LDAP server to locate certificates from other employees if you need to verify their digital signatures.
When you're finished collecting certificates, click the Import button and you are returned to the Manage Trusted Certificates dialog. All the new contacts are added in the list window (Figure 17.16).
Click Close. Your trusted identities are ready to use for validating signatures.
You can sign PDF files only when those files are assigned usage rights with the Adobe LiveCycle Reader Extensions software. Adobe LiveCycle Reader Extensions is a server-based utility that allows organizations to extend the functionality of PDF documents within Adobe Reader. Among the usage rights that can be applied to PDF files is the ability to digitally sign PDF documents and save form data from within Adobe Reader.
To learn more about Adobe LiveCycle Reader Extensions, visit www.adobe.com/products/server/readerextensions/main.html.
Use the REeSupportForm.pdf document you can download from www.peachpit.com/adobereader7 for all steps in this chapter. This PDF document is provided courtesy of Adobe Systems and was prepared using Adobe LiveCycle Reader Extensions. Many thanks to Charles Myers and Lori DeFurio of Adobe Systems for adding usage rights to this document.
To digitally sign a PDF file:
Open the REeSupportForm.pdf file you downloaded.
Notice that the Sign tool is available in the Adobe Reader Toolbar Well (Figure 17.17).
Select Document > Digital Signatures > Sign this Document. Note: If you don't see this submenu, the document you're working with doesn't have the usage rights for adding a digital signature.
You will receive a warning dialog if the document is not certified. Click OK. A second dialog informs you that Reader has scrolled to the digital signature field on the form and highlighted the field for you. Move the cursor and click the signature field. A dialog informs you that you are about to sign a document. Click OK to dismiss the dialog. The next dialog appearing is the Apply Digital Signature dialog (Figure 17.18).
Select your Digital ID in the Apply Digital Signature dialog and click OK. The Apply Signature to Document dialog opens (Figure 17.19).
Click Show Options in the Apply Digital Signature dialog. The dialog expands to reveal more options and the button name changes to Hide Options.
Type your password in the Confirm Password text box.
Open the Reason for Signing Document pull-down menu. Make a selection that describes why you are signing the document.
From the Signature Appearance pull-down menu, select an appearance option you configured in the Security preferences. All the appearances you create appear in the pull-down menu.
Click Sign and Save As. This saves a copy of the file without overwriting the original.
Digital signatures are meaningless unless you can validate a signature and verify its authenticity. When you receive PDF files that carry certification or a digital signature, you can verify the signature using the public certificate from the signing party.
Use the eCertify.pdf file you can download from www.peachpit.com/adobereader7. In addition, you need to add the file JohnSmith.fdf to your trusted identities as described in the “Building a List of Trusted Identities” section earlier in this chapter.
To verify a digital signature:
Be certain the JohnSmith.fdf file is added to your trusted identities. If it is not, follow the steps in the section “Building a list of Trusted Identities” earlier in this chapter.
Click the Open tool and open the eCertify.pdf file. This document is a certified document.
When you open a certified document, a dialog like the one shown in Figure 17.20 opens informing you that the validity of the document is not confirmed unless you've added the certificate from the signing party to your trusted identities. Click Close and the dialog box disappears.
The certified document is shown in the Document pane. The digital signature on the document appears with a question mark (Figure 17.21). When you see a signature with a question mark, you know immediately that the signature is not validated.
Although the PDF author's certificate has been added to your trusted identities list, no settings are enabled for trusting the certificate. You need to inform Adobe Reader what kinds of signatures by this author you want to trust. To edit the trust settings, select Document > Trusted Identities.
The Manage Trusted Identities dialog opens. Select the name for John Smith and click Details.
The Edit Contact dialog opens (Figure 17.22).
Select the contact name.
Click Edit Trust.
The Import Contact Settings dialog opens (Figure 17.23). On the Trust Settings tab, check the boxes for Signatures and as a trusted root and Certified documents.
Click OK. Then click OK in the Edit Contact dialog and click Close in the Manage Trusted Identities dialog. The signature still appears with a question mark indicating that you have not yet validated the document.
Click the Signatures tab to open the Signatures pane.
Open the Options pull-down menu and select Validate All Signatures in Document (Figure 17.24).
The signature is validated and the Signature icon changes from a question mark to a Certified Document icon (Figure 17.25).
PDF authors can encrypt documents with selective permissions and distribute the files to a number of different Adobe Reader users. Using a user's public certificate, authors can encrypt a PDF document with password protection that allows only the intended party to view the file and denies all other users access to the document. PDF authors can protect the file against unauthorized access and prevent other users from accessing the document and any file attachments contained in the document.
To open files that have been encrypted with public certificates:
Open a file that has been encrypted using your public certificate. If you don't have such a file, contact a PDF author who can encrypt a document for you. You need to create your personal Digital ID and send the PDF author your public certificate. The PDF author then adds your certificate to his or her list of trusted identities, and, when preparing the PDF file for your use, and using your public certificate, selects permissions options that are saved with the file.
Click the Open tool in Adobe Reader and select a PDF document encrypted using your public certificate.
The first thing that opens is a dialog prompting you for your password (Figure 17.26). Type the password you used when you created your Digital ID and click OK.
If you type your password correctly, the document opens. PDF authors can assign different permissions to the file. Files can be protected against editing and printing. To determine what permissions are assigned to encrypted files, press Ctrl/Command+D to open the Document Properties dialog.
Click the Security tab. In the Document Restrictions Summary, you can review the permissions assigned to the document. In Figure 17.27, notice that printing the PDF document and filling in form fields are not allowed.
Click OK in the Document Properties to return to the file in the Document pane.
18.217.145.223