Digital Id Windows Certificate Store

Posted on by

A digital ID is like an electronic driver’s license or passport that proves your identity. A digital ID usually contains your name and email address, the name of the organization that issued it, a serial number, and an expiration date. Digital IDs are used for certificate security and digital signatures.

Digital IDs contain two keys: the public key locks, or encrypts data; the private key unlocks, or decrypts that data. When you sign PDFs, you use the private key to apply your digital signature. The public key is in a certificate that you distribute to others. For example, you can send the certificate to those who want to validate your signature or identity. Store your digital ID in a safe place, because it contains your private key that others can use to decrypt your information.

The digital ID can be saved in one of several places. It can reside in a password protected file, it can be on a PIN protected smart card or token, it can be on a special server, or the operation system (OS) can manage it. For the OS it's either Mac Keychain Access, or the Windows Certificate Store. In the Certificate Import Wizard, on the File to Import page, click Next. On the Password page, type the password assigned to the PFX file and click Next. On the Certificate Store page, click Place All Certificates in the Following Store and click Next. You can click Browse to specify a different store. Windows Certificate Store (Windows only) Stores the digital ID to a common location from where other Windows applications can also retrieve it.

Digital IDs include a private key that you safeguard and a public key (certificate) that you share.

You don’t need a digitalID for most of the work you do in PDFs. For example, you don’t needa digital ID to create PDFs, comment on them, and edit them. You needa digital ID to sign a document or encrypt PDFs through a certificate.

Self-signed digital IDs can be adequate for personal use or small-to-medium businesses. Their use should be limited to parties that have established mutual trust.

Most business transactions require a digital ID from a trusted third-party provider, called a certificate authority. Because the certificate authority is responsible for verifying your identity to others, choose one that is trusted by major companies doing business on the Internet. The Adobe website gives the names of Adobe security partners that offer digital IDs and other security solutions. See Adobe Approved Trust List members.

Unfortunately, you cannot recover or reset the password if you’ve forgotten it. If you created the ID yourself, you can create a new one with the same information that you used for the ID. If you got the ID from a certificate authority, contact the authority for help.

Sensitive transactions between businesses generally requirean ID from a certificate authority rather than a self-signed one.

  1. In Acrobat, click the Edit menu and choose Preferences > Signatures.

  2. On the right, click More for Identities & Trusted Certificates.

  3. Select Digital IDs on the left, and then click the Add ID button .

  4. Select the option A New Digital ID I Want To CreateNow, and click Next.

  5. Specify where to store the digital ID, and click Next.

    Stores the digital ID information in a file, which has theextension .pfx in Windows and .p12 in Mac OS.You can use the files interchangeably between operating systems.If you move a file from one operating system to another, Acrobatstill recognizes it.

To use your digital ID, register your ID withAcrobat or Reader.

To avoid being prompted toselect a digital ID each time your sign or certify a PDF, you canselect a default digital ID.

Digital Id Windows Certificate Store

Change the password and timeout for a digital ID

Passwords and timeoutscan be set for PKCS #12 IDs. If the PKCS #12 ID contains multipleIDs, configure the password and timeout at the file level.

Note:

Self-signeddigital IDs expire in five years. After the expiration date, youcan use the ID to open, but not sign or encrypt, a document.

Note:

Be sure to back up your password ina secure place. If you lose your password, either create a new self-signeddigital ID and delete the old one, or purchase one from a third-partyprovider.

Whenyou delete a digital ID in Acrobat, youdelete the actual PKCS #12 file that contains both the private keyand the certificate. Before you delete your digital ID, ensure thatit isn’t in use by other programs or required by any documents fordecrypting.

Note:

You can delete only self-signed digital IDsthat you created in Acrobat. A digitalID obtained from another provider cannot be deleted.

By protecting your digital IDs, you can prevent unauthorizeduse of your private keys for signing or decrypting confidentialdocuments. Ensure that you have a procedure in place in the eventyour digital ID is lost or stolen.

When private keys are stored on hardware tokens, smartcards, and other hardware devices that are password- or PIN-protected,use a strong password or PIN. Never divulge your password to others.If you must write down your password, store it in a secure location.Contact your system administrator for guidelines on choosing a strongpassword. Keep your password strong by following these rules:

To protect private keys stored in P12/PFX files, use a strongpassword and set your password timeout options appropriately. Ifusing a P12 file to store private keys that you use for signing,use the default setting for password timeout option. This settingensures that your password is always required. If using your P12file to store private keys that are used to decrypt documents, makea backup copy of your private key or P12 file. You can use the backedup private key of P12 file to open encrypted documents if you loseyour keys.

The mechanisms used to protect private keys stored in the Windowscertificate store vary depending on the company that has providedthe storage. Contact the provider to determine how to back up andprotect these keys from unauthorized access. In general, use thestrongest authentication mechanism available and create a strongpassword or PIN when possible.

If your digital ID was issued by a certificate authority,immediately notify the certificate authority and request the revocationof your certificate. In addition, you should not use your privatekey.

If your digital ID was self-issued, destroy the private key andnotify anyone to whom you sent the corresponding public key (certificate).

A smart card lookslike a credit card and stores your digital ID on an embedded microprocessorchip. Use the digital ID on a smart card to sign and decrypt documentson computers that can be connected to a smart card reader. Some smartcard readers include a keypad for typing a personal identificationnumber (PIN).

Similarly, a security hardware token is a small,keychain-sized device that you can use to store digital IDs andauthentication data. You can access your digital ID by connectingthe token to a USB port on your computer or mobile device.

If you store your digital ID on a smart card or hardware token,connect it to your device to use it for signing documents.

Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices | Online Privacy Policy

Revu supports digital certification of PDFs and digitally signing PDFs. These two actions have some similarities, and can be done at the same time, but they are distinct. Before beginning, it is important to understand both concepts:

  • Digital Certification is the act of certifying the accuracy of a document. When a document is digitally certified, its page content is locked to prevent changes. The certifier can opt to allow limited changes that do not affect this content (for example, adding markups, completing form fields or applying digital signatures).
  • Digital Signatures are independently validated signatures placed on a document by somebody to approve the document in its current state. If changes are made to the document after the digital signature is placed, the status of the signature changes accordingly.
    • An important distinction between digital signatures and electronic signatures is that the latter are not validated for authenticity. An electronic signature is simply an electronic representation of somebody's autograph; a digital signature contains a unique digital ID to verify its authenticity.

Revu supports both adding digital signature fields to PDFs and applying digital signatures to those fields. You can create and validate signatures from self-signed certificates, which is ideal for certification that occurs within organizations or among trusted parties. Revu also supports commercially available certificates purchased from trusted third-party Certificate Authorities.

Revu validates and signs documents based on the Windows Certificate Store and the PKCS #12 standards. Revu also supports Adobe CDS signatures.

Before you can digitally sign or certify a document, you need a digital ID in Revu. If you don't have one already installed on your computer, you can purchase one from a trusted Certificate Authority (consult the documentation that accompanies it to install the digital ID; Revu will automatically detect digital IDs installed in eTokens, USB dongles, or in your Windows Certificate Store) or you can create one in Revu (also known as 'self-signed'). You will only need to do this once.

If you are not sure which option is right for you, consider the following:

Download

Self-Signed:

  • Usually adequate for personal use or for small-to-mid-sized companies, but it is generally recommended that their usage be limited to parties that have established mutual trust. When using a self-signed digital ID, you are essentially vouching for yourself.
  • You will need to provide digital certificates to parties that will receive your signed and/or certified documents and they must install them in order to validate your digital signature.

Third-Party Certificate Authority:

  • The Certificate Authority takes responsibility for verifying your identity to other parties, bypassing the need for pre-established mutual trust.
  • The Certificate Authority is usually trusted by the Windows Certificate Store by default, eliminating the need to provide digital certificates to recipients ahead of time.

If you choose to purchase a digital ID from a third-party Certificate Authority, you should not need to create a digital ID in Revu and you should not need to export a digital ID to send to recipients. Skip ahead to Managing Signature Appearances to determine the appearance of your digital signature in Revu, if desired.

If you choose to use a self-signed digital ID, you will need to create it (described below) and then export your public certificate so you can send it to recipients of your signed and/or certified documents.

To create a new, self-signed digital ID:

  1. Go to Document> Signatures > Digital IDs. The Manage Digital IDs dialog box appears.

  2. Click Add Digital ID. The New Digital ID dialog box appears.

  3. Select one of the available Create Digital ID options:
    • Create Digital ID file: Creates a digital ID in the PKCS #12 format. It is protected by a separate password that is defined at the time of creation.
    • Create Digital ID in Windows Certificate Store: Creates a digital ID in the Windows Certificate Store. It is protected by the user's Windows login.

    Note: Since it relies on a user's Windows login credentials, Windows Certificate Store is not recommended for environments with shared login credentials. Additionally, the Windows Certificate Store is Windows-only while PKCS #12 is compatible with both Windows and Mac OS.

  4. Enter the Identity information, as desired.
    • Name and E-mail Address are required fields.

  5. If Create Digital ID file was selected, enter and confirm a Password under PKCS #12 Options. This password will be used to confirm the user as the signer of a document, so use a sufficiently secure password.

  6. Click OK.

When you create a self-signed digital ID, you need to send copies of your public certificate to anybody who will receive documents with your digital signature so they can validate it. This should be done before sending them documents that you have digitally signed. Fortunately, Revu makes it simple to export your public certificate.

To export your digital ID certificate:

  1. Go to Document> Signatures > Digital IDs. The Manage Digital IDs dialog box appears.

  2. Select the digital ID to be exported and click Export. If this digital ID is password-protected (for example, a PKCS #12 ID), a password prompt will appear. Provide the necessary password.
  3. The Windows Save As dialog box opens. Browse to a desired location and click Save to save the public certificate. This file can now be sent to other users, who can add it to their trusted repositories.

Revu allows you to customize the information supplied with your digital signature as well as its appearance. You can also create multiple appearances for your digital signature to suit any kind of signing need.

To create a signature appearance template:

  1. Go to Document> Signatures > Digital IDs. The Manage Digital IDs dialog box appears.

  2. Select the desired digital identity and click Manage Appearances. The <name> Appearances dialog box appears.

  3. Click the Add Appearance button. The Signature Appearance dialog box appears.

  4. Give this appearance template an easily recognizable name in the Title field. The title appears in the selection list when choosing which appearance template to use when signing the document.
  5. Choose a Graphic option:
    • None: Applies no graphic to the signature.
    • Name: Prints the signer's name as a graphic.
    • File: Applies the specified graphic to the signature. Click the navigate button to browse for a file (for example, a scan of the signer's 'wet' signature).

  6. Choose a Position option to determine where in the graphic appears in the signing box.

  7. Select any of the options in the Text list to enable them. These auto-generate certain information when a signature is applied. They are all optional.

  8. Choose the Alignment of these options. The boxes correspond to the regions of a signature field, such as 'top-left,' 'middle' or 'bottom-right' (as shown in the example below).

  9. To set the font size of the text options manually, uncheck Auto and select the desired Font Size. Otherwise, leave Auto checked.
  10. To prevent field names such as 'Digitally signed by' and 'DN' from appearing in the signature box, uncheck Labels.
  11. To remove the Bluebeam icon watermark, uncheck Logo.
  12. The Preview of the digital signature updates whenever any option is set. Use this to confirm that the appearance of this digital signature is satisfactory, and when it is, click OK.

To prepare a document for digital signing, add one or more digital signature fields (depending on how many signatures are needed).

  1. Go to Document > Signatures > Add Signature Field.
  2. Click and drag a rectangle to define the region where the signature will appear.
  3. If the PDF requires multiple signatures, drag similar rectangles over the other signing areas.
  4. To manage the properties of any signature field, right-click it and select Properties. Set any of the following options, as desired:
    • Name: Assign a name to this signature field (often the name or title of the person to sign here).
    • Tooltip: Enter text that will display when a user hovers their cursor over the field.
    • Field: Select whether the field will be Visible (default), Hidden, Visible but doesn't print or Hidden but printable.
    • Orientation: Select the orientation of the signature, in degrees: 0 (right-side up, default), 90, 180 (upside down) or 270.
    • Read-Only: Check to set the signature field as read-only so it cannot be altered. This will actually make it impossible to add a digital signature to the field, so it is not generally recommended.
    • Required: Check to set the signature field as being required. Required signatures are easily identified by a red border.
    • Lock: Check to lock the properties of the signature field so that they cannot be changed.

  5. Press Esc when all signature fields have been added and then save the PDF.

In the event that it becomes necessary to delete a digital signature field, do the following:

  1. Go to Document > Signatures > Add Signature Field.

  2. Right-click the digital signature field to be deleted and select Delete.

Documents can be certified, usually by the person who created it or by the first signer, as being authentic. Additionally, certifying a document prevents signers from making changes to its page content, though the certifier has the option to allow other limited changes to the document, including the addition of markups, the completion of form fields or the application of digital signatures. As such, documents should be certified only when they are complete, including after all digital signature fields have been added.

Digital Id Windows Certificate Store

Certified documents cannot be combined with other documents without breaking the certification. Combine documents before certifying or use Sets in Revu 11 or greater to view separate certified PDFs as a single collection. The only option after certifying a document that preserves the certification is to create a PDF package.

There are two ways to certify a PDF, depending on whether or not you are also a signer on the document. Please note that after the first signature is added to a PDF, its certification status cannot be changed; if a document needs to be certified, do so as the first signer or, if you are not a signer on the document, before sending it out for signatures.

Certified documents will show a certification statement on the document's Properties tab that can be reviewed at any time. Additionally, when opening a certified document a dialog box will appear prompting the reader to open the Properties tab in order to review the certification statement.

Using this process, you can certify the document and sign it at the same time.

  1. Click in the desired signature field. The Sign dialog box appears.

  2. Choose a Digital ID.
  3. For PKCS #12 IDs, enter the Password and click Log in.
    • Windows Certificate Store IDs do not require a separate password as they are protected by the user's Windows login.

  4. Select Document Certification and choose one of the Permitted changes after certifying options:

    • No changes allowed: No changes are permitted and no other signatures can be added.
    • Fill in forms and digital signatures: Form fields can be completed and signatures added, but no other changes are permitted.
    • Markups, fill in forms, and digital signatures: Markups can be added, form fields can be completed and signatures added, but no other changes are permitted.
  5. Complete any of the desired Options fields.
  6. Select an Appearance for your signature.
  7. Click OK. A Save As dialog box appears. Signed documents must be saved at the time of signature.
  8. Enter a file name and select the location for the signed file, then click Save to save the signed PDF.

The person who certifies a document need not necessarily be one of the signers. Remember, a PDF cannot be certified after it has been signed by any party, so if the document is to be certified, do so before sending it out for signatures.

To certify a document without signing it:

  1. Go to Document > Signatures > Certify Document. The Sign dialog box opens.

  2. Choose a Digital ID.
  3. For PKCS #12 IDs, enter the Password and click Log in.
    • Windows Certificate Store IDs do not require a separate password as they are protected by the user's Windows login.

  4. Select Document Certification and choose one of the Permitted changes after certifying options:

    • No changes allowed: No changes are permitted, including the application of digital signatures. Select this option only if the document does not need to be signed.
    • Fill in forms and digital signatures: Form fields can be completed and signatures added, but no other changes are permitted.
    • Markups, fill in forms, and digital signatures: Markups can be added, form fields can be completed and signatures added, but no other changes are permitted.
  5. Complete any of the desired Options fields.
  6. Click OK.

How a PDF is digitally signed depends on how it was created. In most cases, a signature field will have already been added to the document in preparation for your signature. Such documents might also be certified. In some cases, however, you might need to add your own signature field before signing. Fortunately, Revu makes it simple to do this, too.

Digitally signed documents cannot be combined with other documents without invalidating the signatures. Combine documents before signing or use Sets in Revu 11 or greater to view separate signed PDFs as a single collection. The only option after signing a document that preserves the signature is to create a PDF package.

  1. Click in the desired signature field. The Sign dialog box appears.

  2. Choose a Digital ID.
  3. For PKCS #12 IDs, enter the Password and click Log in.
    • Windows Certificate Store IDs do not require a separate password as they are protected by the user's Windows login.
  4. Complete any of the desired Options fields.
  5. Select an Appearance for your signature.
  6. Click OK. A Save As dialog box appears. Signed documents must be saved at the time of signature placement.
  7. Enter a file name and select the location for the signed file, then click Save to save the signed PDF.
  1. Go to Document > Signatures > Sign Document.

  2. Click and drag a rectangle to define the region where the signature will appear. The Sign dialog box appears.

  3. Choose the Digital ID to sign with.
  4. For PKCS #12 IDs, enter the Password and click Log in.
    • Windows Certificate Store IDs do not require a separate password as they are protected by the user's Windows login.
  5. Under Signature Type, select Digital Signature.
  6. Complete any of the desired Options fields.
  7. Select an Appearance for the signature.
  8. Click OK. A Save As dialog box appears. Signed documents must be saved at the time of signature placement.
  9. Enter a file name and select the location for the signed file, then click Save to save the signed PDF.

In the event that you wish to clear your digital signature, either permanently or in order to make any needed changes and reapply it, you can do so easily. You can only clear your own digital signature.

To clear your digital signature, simply right-click the signature and select Clear Signature.

When a document that has been digitally signed is opened in Revu, signatures are automatically checked for validity. One of seven icons will be displayed to indicate the status of a signature's validity.

The document has been Certified and the Certification is valid.

The signer's identity is trusted and the document has not been changed. This is a valid signature.

The signer's identity is unknown. If the signer is known and trusted, see Importing a Trusted Identity Certificate to add the identity to your list of trusted identities.

The signature has not yet been validated and the document has not been updated since signed.

The signature is valid, but the document has been updated since being signed.

The signer's identity is unknown and the document has been updated since being signed.

The signature or certification is invalid and the document has been altered since being signed.

To attempt validation on a signature again (for example, if you've installed a certificate that wasn't installed when the file was first opened), right-click the signature and select Validate Signature.

Before a digital signature can be validated in Revu, the digital ID certificate of the signer must be imported in your trusted repository. The recommended best practice when it comes to importing digital ID certificates is to have signers send you their digital ID certificates (which can be easilyexported from Revu) directly and import them into your trusted repository ahead of time. This way, you already have their digital ID on file, ready to validate any digital signatures they place, and since you got it from them directly, you have more reason to trust it.

Digital Id Windows Certificate Store Location

To import a digital ID certificate from a file you've been sent:

  1. Save the .cer file that was sent to you somewhere on your computer or network.

  2. In Revu, go to Document > Signatures > Trusted Identities. The Manage Trusted Identities dialog box appears.

  3. Click Add Trusted Identity. The Windows Open dialog box appears.
  4. Browse to the location of the saved .cer file and open it. Revu automatically adds it to your list of trusted identities.

Digital Id Windows Certificate Store Digital Signature