Share security certificates
A security certificate contains a private key and a public key stored in a Digital ID file, that can be self-generated or issued by a Certificate Authority (CA). Certificates allow digital signatures in documents to be verified, and encrypted files to be passed securely between designated people.
- Private keys
- Private keys are stored within a Digital ID that is retained by the person who signs a PDF file; it resides at a known location on the user’s computer. With CA certificates, the private key is also stored in the issuing authority’s database.
- Public keys
- Public keys are generated from the Digital ID with the command Export Certificate and held within a security certificate file with extension .p7b, .p7c or .cer that can be sent by the PDF file signer to anyone authorized to view or handle the file. The key has a numeric value, with characters that define the certificate owner, validity period and usage.
Signature verification or file decryption will succeed only if the public and private keys are found and match correctly. This implies that internet access must be available.
Digital IDs are managed by an industry standard called PKI: the Public Key Infrastructure. A PKI is the set of people, policies, procedures, hardware, and software used in creating, distributing, managing, revoking and using the digital IDs that contain the public/private key pairs used when signing a PDF.
Proceed with the following steps to share and use security certificates.
- Click Add ID in the resulting dialog box and browse for an existing ID (maybe from a CA) or create a self-signed one.
- Select the desired ID and click Export Certificate to generate a file containing a public key. Select to save the file to disk or email it to one or more recipients. In this case it is attached to an email message in the default mailing system, along with a text advising recipients how to utilize the certificate file.
- Someone receiving a public key should save it to disk, start the program, select Trusted Identities in the Security ribbon and browse for the file.
- Once the certificate file is added to trusted identities, digital signatures in documents received from the certificate sender can be opened and verified.
- The recipient can then encrypt other files destined for the sender as follows:
See About Securing PDF for an overview of all security options. See About PDF Versions for detail on encryption. See Verifying Digital Signatures for information on verification methods and options.