Share security certificates

A security certificate contains a private key and a public key stored in a Digital ID file, that can be self-generated or issued by a Certificate Authority (CA). Certificates allow digital signatures in documents to be verified, and encrypted files to be passed securely between designated people.

Private keys
Private keys are stored within a Digital ID that is retained by the person who signs a PDF file; it resides at a known location on the user’s computer. With CA certificates, the private key is also stored in the issuing authority’s database.
Public keys
Public keys are generated from the Digital ID with the command Export Certificate and held within a security certificate file with extension .p7b, .p7c or .cer that can be sent by the PDF file signer to anyone authorized to view or handle the file. The key has a numeric value, with characters that define the certificate owner, validity period and usage.

Signature verification or file decryption will succeed only if the public and private keys are found and match correctly. This implies that internet access must be available.

Digital IDs are managed by an industry standard called PKI: the Public Key Infrastructure. A PKI is the set of people, policies, procedures, hardware, and software used in creating, distributing, managing, revoking and using the digital IDs that contain the public/private key pairs used when signing a PDF.

Proceed with the following steps to share and use security certificates.

  1. Manage Digital Identities Select Security > IDs and Certificates > Manage Digital Identities.

    The Security Settings dialog box appears.

  2. Click Add ID in the resulting dialog box and browse for an existing ID (maybe from a CA) or create a self-signed one.
  3. Select the desired ID and click Export Certificate to generate a file containing a public key. Select to save the file to disk or e-mail it to one or more recipients. In this case it is attached to an e-mail message in the default mailing system, along with a text advising recipients how to utilize the certificate file.
  4. Someone receiving a public key should save it to disk, start the program, select Trusted Identities in the Security ribbon and browse for the file.
  5. Once the certificate file is added to trusted identities, digital signatures in documents received from the certificate sender can be opened and verified.
  6. The recipient can then encrypt other files destined for the sender, as follows:
    1. Open a file and the Security panel from the Panel bar.
    2. Under Certificate Security select a security scheme or Interactive to create one.
    3. Interactive opens a Wizard; name and describe the scheme and define encryption level.
    4. The Wizard presents all trusted contacts (those whose public keys have been identified to the program). Select the desired ones. Add yourself, so you can later re-open the file.
    5. Click the key icon if you want to specify restrictions for the selected recipient. Repeat as necessary.
    6. Send the document to the trusted contacts defined in the scheme; they can then open the document. In some cases they must provide the password set when their Digital ID was created.

See About Securing PDF for an overview of all security options. See About PDF Versions for detail on encryption. See Verifying Digital Signatures for information on verification methods and preferences.