Validating Digital Signatures in a Do Be
Transcript of Validating Digital Signatures in a Do Be
-
7/24/2019 Validating Digital Signatures in a Do Be
1/27
Validating Digital Signatures in Adobe
Table of Contents
Validating Digital Signatures in Adobe......................................................................................................11. Validate the Signature using Windows Integration...........................................................................32. Add the Root Certificate on Adobe Trusted Identities......................................................................3. !"#ort$I%#ort the &D& 'Acrobat &or%s Data &or%at(...................................................................12). Validate Adobe Ti%esta%#s............................................................................................................1*+. ,ther Validation Settings.................................................................................................................23
-suall/ the digital certificates are issued b a Root CA 'Certification Authorit(.
If the Root CA that issued the signing certificate is not included in Adobe Trusted Identities/ the digitalsignature is considered 0not trusted0 'but ,T inalid( when the docu%ent is o#ened in Adobe Reader
'see e"a%#le below(.
This behavior has nothing to do with the signing engine (e.g. PDF Signer, Adobe Reader) but withthe Adobe certificate validation procedure.
The user can alidate the signature if the Root CA is alread installed on icrosoft Certificate Store'see the section Validate the Signature using Windows Integration(.
As an alternatie/ the reci#ient %ust %anuall add the Root Certificate of the signing certificate onAdobe Trusted Identities because onl a few Root CA4s are considered trusted b default b the Adobecertificate alidation engine 'See this article5htt#5$$www.adobe.co%$securit$#artners6cds.ht%l (.
Page 1 - Validating Digital Signatures in Adobe
The digital signature in not trusted
http://www.adobe.com/security/partners_cds.htmlhttp://www.adobe.com/security/partners_cds.htmlhttp://www.adobe.com/security/partners_cds.html -
7/24/2019 Validating Digital Signatures in a Do Be
2/27
Page 2 - Validating Digital Signatures in Adobe
The digital signature is not trusted
-
7/24/2019 Validating Digital Signatures in a Do Be
3/27
1. Validate the Signature using Windows Integration
7ou can use this %ethod if our digital certificate is issued b a Root CA alread installed on icrosoftCertificate Store. icrosoft and Adobe use different Certificate Stores and different certificatealidation #rocedures.
To see if our Root CA is installed on icrosoft Certificate Store/ go to Start 8 Run 8 cert%gr.%sc
Page 3 - Validating Digital Signatures in Adobe
-
7/24/2019 Validating Digital Signatures in a Do Be
4/27
7ou can also i%#ort our Root Certificate here.
Page 4 - Validating Digital Signatures in Adobe
-
7/24/2019 Validating Digital Signatures in a Do Be
5/27
After ou chec9 that our Roor Certificate is installed/ in Adobe Reader go toEdit menu Preferencesoption Security tab click on Adanced Preferences button Windows Integration taband chec9 allchec9bo"es.
Page 5 - Validating Digital Signatures in Adobe
-
7/24/2019 Validating Digital Signatures in a Do Be
6/27
When the docu%ent is re:o#ened/ the digital signature is considered alid.
Page 6 - Validating Digital Signatures in Adobe
Valid Signature
-
7/24/2019 Validating Digital Signatures in a Do Be
7/27
2. Add the Root Certificate on Adobe Trusted Identities
So%e of the Root CA4s are included b default in Windows Certificate Store 'Trusted RootCertification Authorities( and onl a few are included in Adobe Trusted Identities.
;ecause the Root CA of the signing certificate is not included on Adobe Trusted Identities/ the
signature is considered
-
7/24/2019 Validating Digital Signatures in a Do Be
8/27
To %anuall add the Root Certificate on the Adobe Trusted Identities/ o#en the signature #ro#erties andclic9 Show !ertificate and select Trust tab.
;e sure that ou hae selected the to#%ost Root Certificate.
Page 8 - Validating Digital Signatures in Adobe
Trust a !A certificate
-
7/24/2019 Validating Digital Signatures in a Do Be
9/27
>ressAdd to Trusted Identities taband be sure ou hae chec9ed all chec9bo"es/ as below.
Page 9 - Validating Digital Signatures in Adobe
Trust a !A certificate
-
7/24/2019 Validating Digital Signatures in a Do Be
10/27
After all dialog bo"es are closed and the docu%ent is re:o#ened/ the signature is considered Valid.
Page 10 - Validating Digital Signatures in Adobe
Valid digital signature
-
7/24/2019 Validating Digital Signatures in a Do Be
11/27
The Root Certificate is now Trusted and all signatures generated with this Root Certificate will be alsoTrusted.
Page 11 - Validating Digital Signatures in Adobe
Trusted "oot !ertificate
-
7/24/2019 Validating Digital Signatures in a Do Be
12/27
3. !"ort#I$"ort the %D% &Acrobat %or$s Data %or$at'
In order to aoid to %anuall add the Root Certificate on eer client %achine/ the Root Certificate can
be e"#orted as Adobe &D& file. ,nce the file is e"#orted/ it can be installed on eer %achine where
the digital signatures %ust be erifed.
The &D& file can be e"#orted fro% the D igital signature properties !ertificate section. ;e sure the
Root Certificate is selected and not the signing certificate.
Page 12 - Validating Digital Signatures in Adobe
-
7/24/2019 Validating Digital Signatures in a Do Be
13/27
,n the ne"t window select Acrobat &D& data !"change/ as below5
Page 13 - Validating Digital Signatures in Adobe
-
7/24/2019 Validating Digital Signatures in a Do Be
14/27
Sae the &D& file.
Page 14 - Validating Digital Signatures in Adobe
-
7/24/2019 Validating Digital Signatures in a Do Be
15/27
The signature before i%#orting the &D& file is considered
-
7/24/2019 Validating Digital Signatures in a Do Be
16/27
I%#ort the &D& file.
Page 16 - Validating Digital Signatures in Adobe
-
7/24/2019 Validating Digital Signatures in a Do Be
17/27
After the &D& file is i%#orted/ the signature is considered Trusted.
Page 17 - Validating Digital Signatures in Adobe
-
7/24/2019 Validating Digital Signatures in a Do Be
18/27
(. Validate Adobe Ti$esta$"s
An Adobe Ti%esta%# is in fact a subse?uent signature added to the >D& signature so to alidate anAdobe Ti%esta%# si%#l follow the instructions fro% the section aboe.
Page 18 - Validating Digital Signatures in Adobe
Timestamp in not trusted
-
7/24/2019 Validating Digital Signatures in a Do Be
19/27
@o to Date$Ti%e Tab and dis#la the Ti%esta%# Authorit certificate.
Page 19 - Validating Digital Signatures in Adobe
-
7/24/2019 Validating Digital Signatures in a Do Be
20/27
>ress Add to Trusted Identities button
Page 20 - Validating Digital Signatures in Adobe
-
7/24/2019 Validating Digital Signatures in a Do Be
21/27
;e sure ou hae chec9ed all chec9bo"es/ as below.
Page 21 - Validating Digital Signatures in Adobe
-
7/24/2019 Validating Digital Signatures in a Do Be
22/27
After all dialog bo"es are closed and the docu%ent is re:o#ened/ the ti%esta%# is considered Valid.
Page 22 - Validating Digital Signatures in Adobe
-
7/24/2019 Validating Digital Signatures in a Do Be
23/27
). *ther Validation Settings
In so%e cases/ the digital signature cannot be correctl alidated because of so%e reasons li9e5: Internet Conenction is not aailabe: >ro" Settings cannot be set on Adobe: CR$,CS> reocation infor%ation cannot be downloaded or are not aailable.
,n this case/ een if the digital signature is trusted and alid/ Adobe will consider this signature
-
7/24/2019 Validating Digital Signatures in a Do Be
24/27
CR reocation list is not aailable.
Page 24 - Validating Digital Signatures in Adobe
-
7/24/2019 Validating Digital Signatures in a Do Be
25/27
The digital signature is considered not trusted een if the signature is not altered.
Page 25 - Validating Digital Signatures in Adobe
-
7/24/2019 Validating Digital Signatures in a Do Be
26/27
To aoid this behaior/ Adobe %ust be configured to b#ass this additional reocation chec9ing.
@o to Edit menu Preferences option Security tab click on Adanced Preferences button Verification tab and set the interface as below5
Page 26 - Validating Digital Signatures in Adobe
-
7/24/2019 Validating Digital Signatures in a Do Be
27/27
After this settings was saed/ the docu%ent is considered alid b Adobe.
P 27 V lid ti Di it l Si t i Ad b