Adobe Acrobat/ Reader: How to create Self Signed Digital IDs - Step by Step Guide

Problem:

1. Please fill out the following form. You cannot save data typed into this form. Please print the completed form if you would like to copy of your records
2. No Tools option available on the top right pane
3. When you click on the signature field in the form and nothing happens

Solution:
It happens if Reader Extension is not enabled in PDF(PDF file has to be enable before signature will work). So in order Enable PDF file:

• File menu-->Save as-->Reader Extened PDF-->Enable Additional Features. Now the above warning message will go away and will say: Please fill out the data and you can save this form. You will be able to click on the signature fill and it will come with option to add a signature 

Problem: At least one data signature is invalid. I have created a PDF using Adobe Livecycle with signature field. If I open created pdf with acrobat pro then it shows signature is valid but if I open the same file with Adobe Reader it gives error: at least one signature is invalid.

Solution:
The behaviour you are experiencing is due to the configuration (or misconfiguration) of the "Trusted Identities" in Reader.  For a signature to show a green check mark, the signer must be valid, and the signer must be trusted.

For Acrobat or Reader to "trust" a signers certificate you need to configure a "trusted identity" by importing the signers public key. 

• Right click on the signed signature field
• Click "Signature Properties" button

• Select the "signer" tab (see screen shot)
• Click "Show Certificate" button
• Select the "Trust" tab
• Click the "Add to Trusted Identities" button
• Set the desired "trust" settings
• Click OK

• Right click on the signed signature field again and -->Select "Validate Signature" - you should now get the green check mark.
• Process complete

For Adobe Reader in order to make the signer signature valid:

1. Open the file in Reader
2. Click on Signature Panel available on the Top pane
3. Click on the Signature opened in the left pane
4. Right click and Select validate signature and you find the same option as arobat

Problem:
I have created a PDF file with signature and when I open the file in the same computer I have used to create the form it says all signature is valid. If I open the same file from any other computer it says signature is not valid. Even if I login in the same with someone else it says signature is invalid.

Solution:
It happens when you sign a PDF with signature stored in Windows Certificate Store. It means trusted identities in Acrobat\Reader are tied to the Windows account profile, this explains why when logged onto the system as user1, the signature shows a green check mark (the trusted identity is configured), and when  logged onto the system as user2, the signature shows a a different status, because the signers certificate has not been trusted under this profile.  If you were to look at the details about the signature (in the signatures pane) you will see that is will say the signature is trusted, but the signer is unknown (not trusted).

In order to find this:

• Click on the Tools menu--> More sign & certify-->Security settings-->Digital IDs and select your ID. If the look at the Store Mechanism of your ID then you will see it is store in Windows Certificate Store. 
• In case you want to delete it. Delete Adobe Digital IDs from Windows store certificate: Start button , typing certmgr.msc into the Search box-->Select-->Current user->Personal->Certificate->Select the Certificate and delete it.

***********************************************
Knowledge base: 

You can use the Acrobat to create a "security settings” file that contains all the trusted identities, place it on a server and then set the preferences of Reader\Acrobat 9.x or 10 to download the file, thereby automatically configuring security, including trusted identities.  (see screen shots).

There is one built-in cert that is trusted by Reader and Acrobat, this is Adobe's root certificate.  It is used to "sign" the root certificate of credentials issued by our Certified Document Service partners.  For more info on CDS please see:http://www.adobe.com/security/partners_cds.html

You will need to configure the trust for any root certificates issued by certificate authorities where the credentials were used to simply sign the document.

Choosing which type of security to use

Security features range from relatively simple measures to sophisticated systems adopted by corporations and agencies. Which feature you choose depends on what you want to achieve. Here are some examples:

• You want only certain people to view your PDF. The easiest solution is to add a password to the PDF and send it to your intended recipients. (See Add password security.)
• You don’t want anyone to print or edit your PDF. You can block printing and editing from the same dialog box that you use to add a password. (See Add password security.)
• You want to assure your recipients that the PDF is really from you. The best way is to purchase a digital ID from a certificate authority. Alternatively, you can create a self-signed digital ID if you are communicating with a group that you trust. (See About digital IDs and Securing documents with certificates.)
• You want an organization-wide security solution for PDFs. You can devise a solution specifically for a company handling sensitive data. Some organizations use Adobe LiveCycle Rights Management ES to apply a policy to documents. The policy contains the list of recipients and their individual set of permissions. Individuals can use a policy to apply the same security settings to numerous documents. (See Securing documents with Adobe LiveCycle Rights Management ES.)
  
  
  
  

Create a self-signed digital ID

Sensitive transactions between businesses generally require an ID from a certificate authority rather than a self-signed one.

1. Do one of the following:
   • In Acrobat, choose Tools > Sign & Certify > More Sign & Certify > Security Settings.
   • In Reader, choose Edit > Protection > Security Settings.
   Note: If you don’t see the Sign & Certify or Protection panel, see the instructions for adding panels at Task panes.
2. Select Digital IDs on the left, and then click the Add ID button .
3. Select the option A New Digital ID I Want To Create Now, and click Next.
4. Specify where to store the digital ID, and click Next.

   New PKCS#12 Digital ID File

    

   Stores the digital ID information in a file, which has the extension .pfx in Windows and .p12 in Mac OS. You can use the files interchangeably between operating systems. If you move a file from one operating system to another, Acrobat still recognizes it.

   Windows Certificate Store (Windows only)

    

   Stores the digital ID to a common location from where other Windows applications can also retrieve it.

5. Type a name, email address, and other personal information for your digital ID. When you certify or sign a document, the name appears in the Signatures panel and in the Signature field.
6. (Optional) To use Unicode values for extended characters, select Enable Unicode Support, and then specify Unicode values in the appropriate boxes.
7. Choose an option from the Key Algorithm menu. The 2048-bit RSA option offers more security than 1024-bit RSA, but 1024-bit RSA is more universally compatible.
8. From the Use Digital ID For menu, choose whether you want to use the digital ID for signatures, data encryption, or both.
9. Type a password for the digital ID file. For each keystroke, the password strength meter evaluates your password and indicates the password strength using color patterns. Reconfirm your password.
   You can export and send your certificate file to contacts who can use it to validate your signature.
   Important: Make a backup copy of your digital ID file. If your digital ID file is lost or corrupted, or if you forget your password, you cannot use that profile to add signatures.

Delete your digital ID

When you delete a digital ID in Acrobat, you delete the actual PKCS #12 file that contains both the private key and the certificate. Before you delete your digital ID, ensure that it isn’t in use by other programs or required by any documents for decrypting.

Note: You can delete only self-signed digital IDs that you created in Acrobat. A digital ID obtained from another provider cannot be deleted.

1. Do one of the following:
   • In Acrobat, choose Tools > Protection > More Protection > Security Settings.
     
   • In Reader, choose Edit > Protection > Security Settings.
   Note: If you don’t see the Protection panel, see the instructions for adding panels at Task panes.
2. Select Digital IDs on the left, and then select the digital ID to remove.
3. Click Remove ID, and then click OK.  

How to Import or Register a Digital IDs:



Hope this clears things up.

Steve