3 Replies Latest reply on Feb 5, 2015 5:00 PM by wellylee

    encrypt pdf with trusted certificates on acrobat pro xi


      Hi all,

      I'm supporting a user who used to encrypt documents with trusted identities (*.fdf) on Acrobat X.

      Now on Acrobat XI, when trying to encrypt a document, he can't used trusted identities. It seems like Acrobat XI only allow encryption from Digital ID (imported from *.pfx)

      Is this correct? Any way we can encrypt on Acrobat XI with trusted identities?




        • 2. Re: encrypt pdf with trusted certificates on acrobat pro xi
          Steven.Madwin Adobe Employee

          Hi Welly,


          A digital ID (a P12 or PFX file) consists of three parts; a Public-Key Certificate, the public key, and the private key. The Public-Key Certificate (PKC) is the textual portion that you see in a certificate viewer and contains stuff like the user's name (aka the Subject), the issuers name, validity dates, serial number. etc. The two keys (public and private) have a symbiotic relationship when what one key locks (encrypts) only the corresponding other key can unlock (decrypt). Either key can be used to lock (encrypt) data, but whichever is used the data has to be unlocked (decrypted) using the other key.


          If the file doesn't contain the private key, but just has the PKC and the public key then that is known as a certificate file. Certificate files can be shared with the world, where as a digital ID file is only for use by one person. A certificate file can be view by anyone, but a digital ID file is either password or PIN protected.


          That said, when it comes to encrypting a PDF file using Certificate Security the file is encrypted using one or more certificate files, and only the certificate file is used. However, during the encryption process Acrobat asks the user to select one of their own digital IDs to use in order to keep from locking them out of the file. In reality Acrobat only want access to the public-key portion of the file for the encryption process, but it asks the user to select their digital ID to start. You can elect not to use your own digital ID and skip to the portion where you select the public key certificate of the recipients, and if you know to do so you can select your own, but when it comes time to get back into the file you have to have the private key to decrypt the file and that means you have to have access to the digital ID file. It doesn't make a lot of sense that you would encrypt the file for yourself and not already have the digital ID loaded.


          As far and certificate files go, they can be shared in either the FDF format, the CER file format, or the P7B file format. The format of the file is just the transport mechanism to distribute the public key.