3 Replies Latest reply on Jan 21, 2013 12:50 PM by Steven.Madwin

    Encryption with certificates and Acrobat XI


      Hi All,


      I have added 2 self-signed certificates and the CA in the Windows Certificate Store. Then I encrypt a PDF with the first certificate. After saving I see „SECURED" at the Titel of the document and everything is fine.

      Than I encrypt an another PDF with the second certificate. After saving I see also „SECURED" at the Titel. Now I close all documents and I will reopen the second encrypted PDF. But I get following Message:


      " A digital ID was used to encrypt this document but no digital ID is present to decrypt it.Make sure your digital ID is properly installed or contact the document author. "



      The First encrypted PDF I can open without problems.


      I can open the second encrypted PDF if I delete the first self signed certificate from the Windows Certificate Store.


      What doing I wrong?


      I use Acrobat XI and Windows 8. Sorry for my bad english…

        • 1. Re: Encryption with certificates and Acrobat XI
          JP Hackworth

          Since no-one else has replied yet, do the certificates share the same identifying information (e.g. do they both have the same subject field)?


          A simple explanation might be that Acrobat is trying to open the second document with the wrong, perhaps because it is unable to tell the difference between the two certificates.

          1 person found this helpful
          • 2. Re: Encryption with certificates and Acrobat XI
            MTGAlberts Level 1

            Hi Hackworth,


            thanks for your answer.


            My certificates had the same serial number and that was the problem. I thought that is irrelevant because the thumbprint is different.

            With Acrobat X i don't have this problem.


            And why Adobe don't trust root certificates from the Windows Store in the default settings!?

            • 3. Re: Encryption with certificates and Acrobat XI
              Steven.Madwin Adobe Employee



              With regard to the trust issue, there are a couple of items to touch on. First, trust isn't required to either encrypt or decrypt a PDF file using Certificate Security. Trust is only required in order to validate a digital signature. Acrobat does have access to all digital IDs loaded into the Personal Certificates section of the Windows Certificate Store regardless of the trust settings.


              The second item is why doesn't Acrobat (and Reader) trust the certificates in the Windows Certificate Store by default? One thing to understand is without trust nothing happens and it's incumbent upon the recipient of the signed PDF file to explicitly trust the signer. Trust isn't something imbued in the PDF file by the signer, but only granted by the recipient. Because Adobe doesn't know what certificates have been added to the Trusted Certificates section of the Windows Certificate Store we leave it to the individual to give away trust to all certificates that reside in there.