A security certificate contains a private key and a public key stored in a Digital ID file, that can be self-generated or issued by a Certificate Authority (CA). Certificates allow digital signatures in documents to be verified, and encrypted files to be passed securely between designated people.
Private keys are stored within a Digital ID that is retained by the person who signs a PDF file; it resides at a known location on the user’s computer. With CA certificates, the private key is also stored in the issuing authority’s database.
Public keys are generated from the Digital ID with the command Export Certificate and held within a security certificate file with extension .p7b, .p7c or .cer that can be sent by the PDF file signer to anyone authorized to view or handle the file. The key has a numeric value, with characters that define the certificate owner, validity period and usage.
Signature verification or file decryption will succeed only if the public and private keys are found and match correctly. This implies that internet access must be available.
Digital IDs are managed by an industry standard called PKI: the public key infrastructure. A PKI is the set of people, policies, procedures, hardware, and software used in creating, distributing, managing, revoking and using the digital IDs that contain the public/private key pairs used when signing a PDF.
How to use security certificates
Create a digital ID by clicking Manage Digital IDs at Security > IDs and Certificates.
Click Add ID in the resulting dialog box and browse for an existing ID (maybe from a CA) or create a self-signed one.
Select the desired ID and click Export Certificate to generate a file containing a public key. Choose to save the file to disk or e-mail it to one or more recipients. In this case it is attached to an e-mail message in the default mailing system, along with a text advising recipients how to utilize the certificate file.
Someone receiving a public key should save it to disk, start the program, choose Trusted Identities in the Security ribbon and browse for the file.
Once the certificate file is added to trusted identities, digital signatures in documents received from the certificate sender can be opened and verified.
The recipient can then encrypt other files destined for the sender, as follows:
Open a file and the Security panel from the Panel bar.
Under Certificate Security choose a security scheme or Interactive to create one.
Interactive opens a Wizard; name and describe the scheme and define encryption level.
The Wizard presents all trusted contacts (those whose public keys have been identified to the program). Choose the desired ones. Add yourself, so you can later re-open the file.
Click the key icon if you want to specify restrictions for the selected recipient. Repeat as necessary.
Send the document to the trusted contacts defined in the scheme; they can then open the document. In some cases they must provide the password set when their Digital ID was created.
See About Securing PDF for an overview of all security options. See About PDF Versions for detail on encryption. See Verifying Digital Signatures for information on verification methods and preferences.