Table of Contents
Advertisement
236
USING ACROBAT 9 STANDARD
Security
More Help topics
"Delete a certificate from trusted
identities" on page 224
Protecting digital IDs
By protecting your digital IDs, you can prevent unauthorized use of your private keys for signing or decrypting
confidential documents. Make sure that you have a procedure in place in the event your digital ID is lost or stolen.
How to protect your digital IDs
When private keys are stored on hardware tokens, smart cards, and other hardware devices that are password- or PIN-
protected, use a strong password or PIN. Never divulge your password to others. If you must write down your
password, store it in a secure location. Contact your system administrator for guidelines on choosing a strong
password. Keep your password strong by following these rules: use eight or more characters; mix uppercase and
lowercase letters with numbers and special characters; choose a password that is difficult to guess or hack, but that you
can remember without having to write it down; do not use a correctly spelled word in any language, as they are subject
to "dictionary attacks" that can crack these passwords in minutes; change your password on a regular basis; contact
your system administrator for guidelines on choosing a strong password.
To protect private keys stored in P12/PFX files, use a strong password and set your password timeout options
appropriately. If using a P12 file to store private keys that you use for signing, use the default setting for password
timeout option so that your password is always required. If using your P12 file to store private keys that are used to
decrypt documents, make a backup copy of your private key or P12 file so that you can open encrypted documents if
you lose your keys.
The mechanisms used to protect private keys stored in the Windows certificate store vary depending on what company
has provided the storage. Contact the provider to determine how to back up and protect these keys from unauthorized
access. In general, use the strongest authentication mechanism available and create a strong password or PIN when
possible.
What to do if a digital ID is lost or stolen
If your digital ID was issued by a certificate authority, immediately notify the certificate authority and request the
revocation of your certificate. You should also stop using your private key.
If your digital ID was self-issued, destroy the private key and notify anyone to whom you sent the corresponding public
key (certificate).
Removing sensitive content
Preparing PDFs for distribution
Before you distribute a PDF, you may want to examine the document for sensitive content or private information that
can trace the document to you. Such information may be hidden or not immediately apparent. For example, if you
created the PDF, the document metadata likely lists your name as the author.
You may also want to remove content that can inadvertently change and modify the document's appearance.
JavaScript, actions, and form fields are types of content that are subject to change. If your document doesn't require
these items, remove them before you distribute the document. You can use the Examine Document command to find
and remove hidden content from a PDF.
Last updated 9/30/2011
Advertisement
Table of Contents
