TIP 142: Creating a Digital ID Profile
The key to document security (pun intended) is a key encryption process. In order for you to share secure documents with others, and for others to share secure documents with you, you need to use digital signatures. A digital signature is based on a digital ID, just as your handwritten signature represents you. A digital signature, digital ID, and digital profile are the same thing.
How a Digital Signature Works
A digital signature is composed of two parts: a public key and a private key. The private key is yours alone, and you share the public key with others. Your colleague's signature also contains a pair of keys; the private key is hers alone, and she shares the public key with you. If your colleague has your public key listed in her document, she can share the information with you; if you have her public key listed in a document, you can share with her. Acrobat lets you use a number of keys for the same document and share the document and keys with a group. When creating a new ID, you can choose from two options: A PKCS#12 Digital ID file, which uses a standard format that is supported by Web browsers and most security software; the IDs have .pfx or .p12 extensions. A Windows Certificate Store ID, which is available to other Windows applications and protected by a Windows login. This option is available only for Windows users.
|
The visual signature applied to a document, either a default or custom signature, is referred to as an appearance. The appearance can be composed of a combination of information fields (such as dates or text), the Acrobat logo, or imported graphics. You can either create default signatures or design custom signatures. To create a new signature:
1. | Choose Advanced > Security Settings to open the Security Settings dialog. Click to open the Digital IDs list in the left frame of the dialog; existing ID files display in the upper-right frame of the dialog (Figure 142a).
Figure 142a. The Security Settings dialog contains lists of Digital IDs and security servers.
[View full size image]
| 2. | To build a new signature, click Add ID on the dialog's toolbar. The Add Digital ID dialog opens. You can choose three options: find an existing ID on your system, create a new one, or retrieve one from a third-party source. Click Create a Self-Signed Digital ID and then click Next at the bottom of the dialog. | 3. | A disclaimer dialog appears telling you that with this type of security, you have to exchange certificates with others. Click Next at the bottom of the dialog.
Signature Preferences
There are many ways to customize signatures. Click Advanced Preferences on the Security pane of the Preferences dialog, shown in Figure 142c, to open the Advanced Preferences dialog. Select verification methods and time options, and whether to use Windows Certificate Store root certificates. Verification can be document-specific, or based on a default method. Time options include the current time, the time the stamp was created, or a secure timestamp from a server.
Figure 142c. You can select and create appearances for Digital IDs in the Security pane of the Preferences dialog.
[View full size image]
|
| 4. | The next dialog asks where you want to store the Digital ID. You have two choices: create a new PKCS#12 Digital ID file, which is the default selection, or add the Digital ID to your Windows Certificate Store (Windows). Click an option, and then click Next. The sample certificate creates a new PKCS#12 Digital ID file. | 5. | In the next dialog, add the information you want to include in the certificate (Figure 142b). Add a name for the certificate as well as other identifying information. Choose a Key Algorithm from the pull-down list, and define how you want to use the Digital ID. As shown in the figure, you can use it for either digital signatures, data encryption, or both. Click Next.
Figure 142b. Type the information for your new certificate, and specify how you want to use the Digital ID.
[View full size image]
| 6. | In the final pane of the dialog, click Browse to set a storage location for the certificate. It's safer to use the default location in the Security subfolder of the Acrobat program's installation folders so you don't lose track of your certificates. Type a password and a confirmation of the password and click Finish. |
You can sparkle up the appearance of a Digital ID using an image rather than using the default appearance:
1. | Choose Edit > Preferences (on the Mac, Acrobat > Preferences) to open the Preferences dialog; then choose Security from the list on the left. The Appearance window lists existing signature appearances (Figure 142c). Click New.
Which System Is For You?
If you are designing digital signatures to use for sharing secure material with a workgroup, for instance, a self-sign security system is appropriate. Each person who wants to access a secure document using a self-sign security option has to contact you directly for permission to use the document. If you want to share material at an enterprise or public level, use a third-party security system. |
Note If you want to modify a signature's appearance, select it in the list and click Edit; click Delete to remove a particular signature appearance; click Duplicate to create another copy you can use with alternate information blocks or security settings. | 2. | The Configure Signature dialog opens (Figure 142d). Enter the new signature's description and information: Type a name for the appearance. Use a descriptive name so you can easily identify the signature appearance. In Figure 142c, a number of custom appearances have been createdit is much simpler to identify a signature with an actual name than one that uses a default creation date and time name. Select a Configure Graphic option. You can choose to use no graphic, an image from a file, or your default name. To use an image, click Imported Graphic and then File to open a Select Picture dialog. Locate the file and click OK to close the dialog. You'll return to the Configure Signature Appearance dialog. Specify the text options you want to display in the Configure Text section of the dialog. All options are selected by default.
Figure 142d. Name a custom signature appearance, and choose its text and image characteristics.
| 3. | Click OK to close the Configure Signature Appearance dialog. The new signature appearance is added to the Appearance list. Click OK to close the Preferences dialog. |
When you apply a digital signature (coming up in Tip 144), you can specify a particular appearance, or create a new one. |
![[View full size image]](/image/library/english/13831_18fig07_alt.gif;382543){kind=link}
![[View full size image]](/image/library/english/13831_18fig09_alt.gif;382543){kind=link}
![[View full size image]](/image/library/english/13831_18fig08_alt.gif;382543){kind=link}