UNDERSTANDING SECURITY AND DIGITAL IDS

Acrobat provides you with a way to verify that a peer has indeed read a document and approved it. This is especially important when confidentiality is an issue.

Using Passwords

To add security to a PDF file, Acrobat enables you to add two types of passwords so that only authorized persons can view and/or edit its contents. Passwords are stored inside the PDF itself and encoded with 128-bit encryption. Files protected with a Open Password prompt a dialog asking for the password to be typed. If the correct password is not entered, the document is not opened. Documents protected with a Permissions password can't be edited or printed unless the password is entered. There are several levels of Permissions password protection. You may choose to lock the entire document or to allow unauthorized users to view it but not to save attached files. You can make a document unprintable. Or you can make a document viewable but unchangeable, meaning no editing is allowed, including comments. You decide the level of protection you want in your file.

To apply a password to your PDF choose Document, Security, Secure This Document. The Select a Policy to Apply dialog shows you two default security policies that you can apply to your document, but you can also create your own. To do that, click on the New button in that dialog and a wizard guides you through the security-creation process. Select Use Passwords and click on Next. Select the options you want, enter the password(s), and click Next again (see Figure 42.24). After verifying the passwords, you're presented with a Summary of the security policy. Clicking on Finish ends the session and your document is protected. Remember to have a written-down copy of your password in a safe place for reference; if you forget the password you won't be able to open your own document.

Figure 42.24. The New Security Policy dialog guides you through the required steps to set up password-based security in your document.

If you want to remove a password from a secured document choose Document, Security, Show Security for This Document to display the Security tab of the Document Properties dialog. Click the Change button. You'll need to enter the current password to make changes to security policies.

Certifying Options

There are situations where many users are opening a PDF file, as in the case of electronic forms, for example. You may need to have a form available for download with users being able to fill in data but not able to change the contents of the form itself. In a situation like that, posting a password defeats the purpose of securing the document.

Acrobat includes a Certification feature for this purpose. When you certify a document you add a signature to it locking those parts you don't want edited. If the document is modified in any way other than what you have allowed, the certification gets voided.

In addition to passwords, Acrobat has also implemented a verification method by means of ID signatures. The purpose of this security implementation is not only to restrict access to a document but to certify that a document has been reviewed or approved by an authorized person.

Digital signatures are electronic certificates stored in your computer that verify your identity. You can use your digital ID as a verification in a document or to secure it so that only you and persons authorized by you can view it.

To certify a PDF file in Acrobat you need to make sure that you have the final version of it, all revisions and editing done, and the file saved. Choose Edit, Preferences and select the Security panel in the Preferences dialog to select or create a new certification option. Then choose File, Save As Certified Document. You are prompted to obtain a Digital ID from a third-party vendor. If you already have a Digital ID click on OK. In the next dialog you're prompted to select the level of security you want to add (see Figure 42.25). In the next dialog you may get a warning if you have backgrounds, markups, or comments in the document. Next, if you want the certification to be visible in the document (it shows as a stamp) select that option. If you choose to make it invisible, that choice does not affect the certification itself. Next select the signature you want to use from those available and hit OK. You can also change the appearance of your signature and enter a reason for signing the document. When you're done, click on Sign and Save As to give the document a new name. This prevents the original unsaved version from being overwritten in case you need to do changes to it in the future.

To verify that a digital signature in a document actually belongs to an authorized person, you can request that person to send you a copy of his or her signature. Acrobat stores this signature file in a repository called Trusted Identities. To request a peer to send you a digital signature for this purpose, use the Advanced, Trusted Identities menu option. This command opens the Manage Trusted Identities dialog, which is a sort of address book for trusted people. Clicking the Request Contact button opens the Email a Request dialog. Enter your name, email address, and contact information (such as a phone number that people can use to contact you and verify that the email they got was from you). In this same dialog, enable the Include My Certificates check box if you want to send your certificate along with the request. You can also select whether you want to send the request as an email or to save it as a file to be sent later.

After clicking Next, a new Select Digital IDs to Export dialog opens (if you chose to send your certificate along with the request). Select a certificate from the list and click OK. This step is skipped if you don't choose to send a digital signature with the request. After clicking OK, a new Compose Email dialog opens. This dialog displays a standard request message that is sent to your peer. You can edit it at will. Enter your peer's email address in the To field and click the Email button to send the request. If you choose to save the request as a file, when you click Next in the Manage Trusted Identities dialog, a new Export Data As dialog appears, prompting you for a name and location to save the request, which is saved in FDF format. After saving it, you can send it to your peer as a regular email attachment.