Adobe Acrobat - Digital Signatures Security

Similar Messages

• Adobe Reader Digital Signature Plugin

  Hello All,
  We had developed a adobe plugin for digital signature through smart card. The plugin works fine for Adobe Professional. I would like to know the procedure how to make it work for Adobe Reader. I found a URL http://www.adobe.com/devnet/reader/ikla.html which says to buy a license. I'm confused over DRM and non-DRM agreement.
  To make it clear, our company shall be distributing the smart card and the plugin in the enterprise market for digital signatures that need to work with both Adobe Professional and Adobe Reader. Our customers shall be probably using Adobe reader.
  Can any one let me know the procedure to make reader plugin?
  Regards,
  Madhukar

  Hi Gatis,
  Check out the Security and Digital Signature Admin Guide athttp://learn.adobe.com/wiki/download/attachments/52658564/acrobat_reader_security_9x.pdf?v ersion=1
  http://learn.adobe.com/wiki/download/attachments/52658564/acrobat_reader_security_9x.pdf?v ersion=1
  Once you get the file open look at section 5.3.4.4
  The folder path has to exist, but Acrobat will create the file if it's missing. For example, if you want to save the file to C:\LogFile\digSigLog.txt the folder LogFile would have to exist on the C drive, but the log file itself will get created if it's not there already.
  When you type in the file path and name in the Edit Binary Value dialog in regedit, make sure you null terminate the string by typing a zero at the end of the hex data on the left side of the dialog. It will look like a dot on the right side, but it's not really a dot (a dot is 2E in hex).
  Steve

• Adobe Acrobat 9 Signatures

  I have set up a signature in Adobe Acrobat 9 and when you draw the box for placing your signature everything behind it is "whited" out.  Is there a way to change the settings so you can see where you are placing your signature?  I have to sign a lot of documents (i.e. contracts) where I have limited place to place it and I need to not cover up the wording where I placing my signature.  Is there any way to do this?  Any offered suggestions to solving my problem??
  Thanks

  Hi Amy,
  I'm a bit surprised you are seeing this because it is not the default behavior. Normally, when you add a signature field to the document both the fill and border are turned off. But, since it is looks like fill is enabled what you could do is:
  Select the View > Toolbars > Advanced Editing menu item
  Click on the Select Object tool  (it's the arrow that points to the upper left on the Advanced Editing toolbar)
  Right mouse click on the signature field that is obscuring the underlying text or image
  Select Properties from the pop-up menu
  Select the Appearance tab on the Digital Signature Properties dialog
  Click the button next to Fill Color and then select No Color from the pop-up pallet
  Click the Close button on the Digital Signature Properties dialog
  That should get you fixed up. I hope this helps,
  Steve

• Adobe Form Digital Signature using WDA

  Hi,
  I have implemented Interactive Adobe Form using WDA, with one Signature Field.
  I need to set and verify the status of the Digital Signature.
  1) Is it possible to sign the Adobe form without the user selecting the Digital Id, basically what is needed to implement automatic signatures (setting and verifying)?
  2) Once the data is filled online, the form is to be distributed or downloaded. How to apply security parameters to Form in this case (like pass protected etc). From SAP documentation, I understand we need to use Adobe Policy Server. Can we install this server on the Java stack of SAP WAS. Are there any other alternatives to implement such features?
  Thanks & Regards,
  Chitrali Shah

  I realize there is quite a bit of crossover between the two topics, but becuase you want to know about digital signature and specifically offline security; this question would probably be better asked in the Adobe Interactive Forms forum:
  SAP Interactive Forms by Adobe
  However I'm not going to lock the thread, as the WDA forum you will find many Forms experts as well and might find a solution.  I just think you might have better luck in the other forum. This is perhas a rare case where double posting would be appropriate as long as you go back and update both threads with any solutions.
  It sounds like you may have already found it, but about all I can offer on the subject is the link to the latest version of the online help on the subject:
  http://help.sap.com/saphelp_nw70ehp1/helpdata/en/48/a0677efb696bb9e10000000a42189d/frameset.htm

• Adobe Acrobat Reader Signature Field not Accessible

  I created a form using Adobe Acrobat Pro XI. It has a signature field. The security settings are off, and according to Pro, all abilities including adding a signature are allowed. When I open the document in Reader XI, I cannot sign it. The Sign tab is available, but all options in that tab are grayed out. I cannot double click on the field or click the signature icon. What settings am I missing?

  Here are three documents that i down loaded, there are others
  John Buckley
  5 Sunmead Walk
  Cherry Hinton
  Cambridge
  CB1 9YB
  07411142946
  0845 3881751
  [email protected]
  www.cambridgeriskmanagement.com
  Cambridge Risk Management Limited is a trading name of Comply UK Cambridge

• Adobe form Digital Signatures

  Hello SDN,
  I have to implement Digital signatures in my Webdynpro interactive forms. In sdn I found one example related to online Interactive form security but for offline I couldnt find.
  In offline  scenario, a user will send pdf form to customer or employee etc to fill the form and send it back.
  1) Here how a receiver will know that he got the form, from an authorized person? 
  2) Once the form is filled and send it back, how receiver can validate whether the filled form came from an authorized person?
  3) Also how exactly I can use digital signatures? what are the technical requirements for implementing digital signatures?
  4) For implementing digital certificates do I need to have SSL configured for my j2ee?
  Can some one guide me on this?
  Appreciate your help.
  With regards,
  Ravi.D
  Edited by: Ravi Devarasetty on Oct 21, 2008 4:48 AM

  Hi Ravi,
  I am impleting a similar scenario.
  Can you please let me know the link to the example of an Online Interactive form with digital signatures.
  Thanks,
  Vivek

• Digital signature : security toolkit error

  Hello,
  I have a problem in digital signature, when I use the function module SSF_VERSION,
  I get an error message
  “SSFRFC V1.46.3 No security toolkit version information found”.
  1. I have tested the destination conncetion,Workingfine.
  2. Security Product is SAPSECULIB.
  Could some one help me in solving this issue?
  Regards,
  Prabhu Rajesh.

  Hi,
  It seems that your settings are all right but there is a problem in the way you are using SSF01. The problem is that neither the program and nor the FMs are documented. So its a hit and try. Here is how it goes:
  1. Run SSF01
  2. Select Signing radio button
  3. Clear RFC Destination field
  4. In the user profile section, input your SSF Profile ID that you have generated using trn. PSEMAINT. (If you do not know it, run PSEMAINT and press the Certificate List button. Copy contents of Own Certif. field. This is your SSF Profile ID).
  5. In the SSF Profile field, enter SAPSYS.pse
  6. Select the paths for your input and output files
  7. Select SAPSECULIB in the Security Product (only AS) field
  8. Run the program.
  This will sign your data and output it to the file you mentioned.
  To verify this file, choose Verify radio button, select the path of the output (signed) file in the input path section. Clear output path field. The system will verify the file.
  To use Add Signature option, pass the same signed file as input file. Clear out output file path. Run the program. You will see the results.
  Hope this helps.
  Let me know about the outcome.
  Regards
  Message was edited by: Shehryar Khan
  Message was edited by: Shehryar Khan

• Adobe Acrobat Professional/LiveCycle Security

  I am shopping for a good form tool, and have tried using Adobe Acrobat and LiveCycle.  However I ran into one critical failure: you can't password protect a document from content editing while still leaving it open for document assembly.  So if people need to assemble custom form packages from a pre-set group of forms, they must be given access to also change the form content.  My company is far too large for this model to work. 
  Is there any possibility of increasing the level of security customization within the next two years?   Alternately, is there any other recommended form software that succeeds where Adobe fails?  Or did I just miss something?

  The key problem is that assembling secure documents can't be permitted.
  Consider the problem, you'd have two documents, let's say they have passwords A and B. The assembled document could only have one password -- so one would have to be discarded. By assembling a file with known password with one with unknown password, an end user could potentially remove the security.
  In any case, I wouldn't put much store in password security. As Acrobat warns you, third party tools may ignore it altogether.
  Another and serious problem with assembling forms is how to deal with name clashes.
  By the way, Adobe's solution to assembling secure documents is to use portfolios. I mention it though it's unlikely to be what you want in this case.

• Provide un-editable predefined action in Adobe Acrobat X for secure scan process?

  Hi Adobe Community,
  we have a project where we want to use Adobe Acrobat X as Scan-Software for secure content. With the help of a predefined action, the scan gets directly encrypted.
  This approach is only valid, if the predefined action (that defines the encryption settings including an encryption password) cannot be changed afterwards by the enduser, after the central IT has provided the action configuration to special workstations in a secure area. Is there a way to do this?
  Since the password for the encryption is to be changed regularily, is there a way to rollout the the action configuration to the client PCs automatically (i.e. put the config file in a special directory on the client PC via network distribution, Acrobat automatically uses/detects this newly provided configuration). Is it possible?
  Thanks & Best Regards
  Kristian

  There's no way to hide the password stored inside an Action (a .sequ file), it's just a series of XML commands. The storage format for security policies (.acrodata) does hash the password but there's no system for import/export of those policies unless you use a rights management server.
  If you want to push a "read-only" Action to a deployed install of Acrobat, copy the .sequ file into the Program Files/Adobe/Acrobat XX.0/Acrobat/Sequences/ABC folder (where ABC is your language install, for example ENU). It will be read as a system level Action so the Edit/Rename/Remove buttons will be disabled, but they can still make a copy and edit that.

• Adobe Acrobat 8 - restore security policy

  I have accidentally deleted the Password Encrypt security policy in tasks. How can I restore it? Note - although I use this program constantly, my knowledge level is pretty basic.
  Please help! Many thanks.

  Thanks Geo!
  I tried "Enable Usage Rights" in Adobe Reader, but that didn't work either. Where can I find the "Extended Reader Forms Rights" option at?
  I was thinking I might need LiveCycle ES, but I'm still holding out that I won't. Thanks again for the assist!
  -Ken

• Fault in adobe digital signature revocation checking schema

  Hello,
  I have found some fault in adobe digital signature revocation checking schema. If OCSP response signing certificate contains CRL distribution point (in my case CDP (CRL) and AIA (OCSP)), online OCSP check executes, but after getting all chain certificate OCSP responses, validating signature against CRL (it’s looks from Local cache). It means you never get OCSP validation data in Adobe Acrobat or Reader signature revocation tab.
  Adobe Revocation Checking Quick Key schema is following:
  Check      Embedded revocation responses
  Check      local CRL cache C:\Documents and Settings\<user>\Application      Data\Adobe\Acrobat\9.0\Security\CRLCache
  Check      Online OCSP response
  Check      Online CRL response
  LAB environment:
  Certificate      chain E-ME SSI      (RCA) (Root Certificate) -> E-ME PSI (PCA) (Policy Certificate) -> E-ME IS (CA1) (Issuer certificate) -> User      certificate (Document signing certificate)
  Sign      PDF document (Ocsp-CHECK.pdf)      using Adobe Acrobat 9 with User certificate (Don’t add revocation information in signature)
  Test steps:
  Sign      PDF document using Adobe Acrobat 9 with User certificate (Don’t add revocation      information in signature)
  Clear      Local CRL cache under C:\Documents and Settings\<user>\Application      Data\Adobe\Acrobat\9.0\Security\CRLCache
  Open      signed file using Adobe Acrobat 9 or Reader 9
  Verify      signature. Verification process finishes successfully. Under signature      properties in certificate windows and user certificate revocation tab you      can see that revocation information data comes from CRL. The same for all      chain certificates. But if we look in chain and user certificate its holds      AIA record for OCSP service.
  After      a couple of tests I tried to disable access for Acrobat to local CRL cache      folder (Everyone – Full control deny).
  After      disabling access to local CRL cache folder - verify the same signed PDF      file. Opening document you can see OCSP checking progress and verification      process finishes successfully. Under signature properties in certificate      windows and user certificate revocation tab you can see that revocation      information data comes from OCSP. The same for all chain certificates.
  Resolution:
  Its looks when Adobe starts online OCSP checking and receives OCSP response they start parsing OCSP response signer certificate and check OCSP signer certificates revocation information. In this process CRL for OCSP signer certificate is downloaded and placed in Local CRL cache C:\Documents and Settings\<user>\Application Data\Adobe\Acrobat\9.0\Security\CRLCache
  Somehow when Adobe gets all chain certificate OCSP responses and have verified also all OCSP signer certificates, online OCSP check is no more continued and revocation information are taken from Local CRL cache.
  Can you please help me to clear how to deal with this problem, to make sure that procedure works correctly?
  Message was edited by: Gatis Žeiris

  Sorry i add corect link to Signed test file: http://www.dsistemas.lv/files/Ocsp-CHECK.pdf

• Digital Signatures with Adobe Reader

  So i created an adobe form with acrobat 9 and sent it out for all to digitally sign.  about half are getting an error when they try to sign it.  "The credential selected for signature is invalid"
  We are a government agency and use Common Access Cards (CAC) certificates to digitally sign with. 
  i was hoping someone out there could either point me to a good recource for adobe and digital signatures or to a possible fix. 
  now we have narrowed it down to the problem being with the specific machine.  the user can digitally sign the document on another machine, but not on thier own machine.  Also, no one else can sign the doc on thier machine either. 
  Thanks in advance!

  issue still exists.  ive been searching for some info on how adobe handles digital signatures, like what folders are created on the machine.  im thinking maybe i can clear out the app data for acrobat or something.  im at a loss at the moment.

• Support for using Digital Signatures

  I work in the legal department in a large company.  We are considering using Adobe's Digital Signature for our annual reports and financial documents.  However, I am unable to find how to get support on using such a feature.  Is using this feature pretty simple with Acrobat Pro v. 9?  I walked through the step-by-step features to initially set it up, but are there additional things I need to do to make sure the signature is completely secure? Do I need to purchase additional features or add-ons?  Is it possible to get someone to come to our company and provide a training on this feature?

  Using Acrobat Pro to digitally sign PDF documents is a very simple feature to use from an end user's perspective.  No extra plugins are required to have Acrobat generate a digital signature.  What you do need however is a digital certificate for each user, the certificate is used to create a user's digital signature.  Acrobat does not provide the ability to manage certificates, for this you require a Public Key Infrastructure (PKI) from a company such as VeriSign or Entrust.  Here are Adobe's security partners:
  http://www.adobe.com/security/partners/index.html
  Are you looking to have end users sign documents?  Based on the types of documents you described, you may want to look into "Certifying" documents using Adobe's Certified Document Services.  You can get some more information here:
  http://www.adobe.com/security/partners_cds.html
  Regards
  Steve

• Basic Doubts in Digital Signatures ES

  1) Revocation Checking : i read that the certifications will be checked(to see whether it has been cancelled) by checking the CRLs list. Where can i find this list?
  2) What is the concept behind Long Term Validity in Digital Signatures ES.
  Please help me in understanding Digital Signatures ES.

  Revocation Checking : i read that the certifications will be checked(to see whether it has been cancelled) by checking the CRLs list. Where can i find this list?
  ANSWER:  The CRL typically resides on a server somewhere, and is accessible with an http URL.  The URL is specified within the digital certificate itself.  From an Acrobat point of view, when a CRL is acceesed during a revocation check, it may be cached on the client side.  The cached CRLs are stored at:
  C:\Documents and Settings\enteruserproflehere\Application Data\Adobe\Acrobat\9.0\Security\CRLCache
  What is the concept behind Long Term Validity in Digital Signatures ES.
  Long Term validation has to do with how are signatures validated many years down the road...  When certificates expire (typically the validity period for a certificate is 1 year) the status of the signature can change.  It does not mean that the signature is invalid, it just means that based on the current time, the certificate has expired and therefore this is reflected in the signature status.  If the signature is validated in the future using "The time at which the signature was created" then it will report a Valid different status (assuming the document has not been tampered with.
  The "time" used to validate signatures is a Preference setting in Acrobat and Reader (Edit > Preferences... > Security > Advanced Preferences... > Verification)
  Regards
  Steve

• Digital Signature and Time Stamp Settings

  Would someone please tell me the location in which the Digital Signature and Time Stamp Settings from Adobe STD 10 are saved?

  They are saved in the registry on Windows and in the plist on Mac. In Windows you would go into HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\10.0\Security\ and look around there. On the Mac it in /Users/<user name>/Library/Preferences and then look for com.adobe.Acrobat.plist
  Steve