Managing Certificate Trust And Trusted Identities; What Is Trust; What Is A Trusted Identity - Adobe 22002486 User Manual

3

Managing Certificate Trust and Trusted Identities

As described in
a public key and a private key. Participants in signing and certificate security workflows need to exchange
the public part (the certificate) of their digital ID. Once you obtain someone's certificate and add it to your
trusted identities list, you can encrypt documents for them. If their certificate does not already chain up to
a trust anchor that you have specified, you can set the certificate's trust level so that you can validate the
owner's signature.
Understanding what a trusted identity is and how trust levels are set can help you set up streamlined
workflows and troubleshoot problems. For example, you can add trusted identities ahead of time and
individually set each certificate's trust settings. In enterprise settings where certificates are stored on a
directory server, you may also be able to search for certificates to expand your list of trusted identities.
For more information, refer to the following:
"What is a Trusted Identity?" on page 30

"Using Directory Servers to Add Trusted Identities" on page 38

"Adding Someone to Your Trusted Identity List" on page 32

"Managing Contacts" on page 42


3.1 What is Trust?

The concept of "trust" is complex, and it may mean different things in different contexts. In Acrobat
security workflows, trust can mean the following:
Trusting participants in your workflows: In both document security and signature workflows, you

will need to trust those with whom you are sharing your documents. "Trusting an identity" means that
you accept that someone's certificate actually represents a particular person or organization. It is
official recognition on your part of the ownership and origin of the digital ID; that is, that the digital ID
represents a specific entity.
Setting certificate trust levels: For those in your list of trusted identities, you will likely need to allow

and disallow certain operations. You do this by associating (setting) trust levels with trusted identity's
certificate. These trust levels define privileges that allow documents signed or certified by that identity
to execute privileged operations on YOUR machine--things that cannot otherwise be done by
documents you otherwise just open and display--for example, playing multimedia or executing
JavaScript. Providing trust to a certificate should only be done if it is necessary and you want
documents created and signed by the trusted identity to have higher levels of access to your machine.

3.2 What is a Trusted Identity?

Digital signature and certificate security workflows both rely on certificates. Participants in signing
workflows share their certificates ahead of time or embed them in a document. Participants in certificate
"What is a Digital ID?" on page 11, a digital ID consists of two main parts: a certificate with
30