Just to clarify, we have Adobe Acrobat XI, version 11.0.12 installed. I have seen some old postings with recommendations to change some of the settings in Edit/Preferences, but the directions are for Version X and it seems that XI has a different appearance for Preferences (no tabs in some of the sections).
This is normal, by default. You can change settings in a way which makes the signatures not viable in the long term.
Preferences have changed little, and have identical tabs. The trick is that in Acrobat's preferences, the "tabs" is the list running down the left hand side.
Thanks for the response. I'm not sure if you fully read my first note. The increasing the file size is a recent occurrence. Prior to the past 6 weeks or so, we could sign a PDF document and it did not add 3 MB to the file size. The file size stayed fairly small. So this is not a "normal" result. I have PDF documents which are signed and the size did not increase. Now when I sign PDF documents, the file size increases dramatically.
Below is a screen shot of my Preferences Window, showing the Security & Security (Enhanced) options. As mentioned earlier, there does not appear to be any "tab" under these sections, as per the Adobe X help section. I don't see any setting to change that could reduce the information for each signature.
Any sound advice would be appreciated.
I actually found a possible solution:
Edit / Preferences / Signatures
- Creation & Appearance: Uncheck "Include signature's revocation status"
- Verification: Uncheck "Require certificate revocation checking to succeed......."
See screen shots below:
Note, this is from Adobe XI and am using certificates from a SmartBadge. It seems to keep the file size fairly consistent (not dramatically increasing the file size).,
Yes, it is normal. My guess is that this option was off for you but turned on, perhaps by an update. (Older versions of Reader didn't do it). Possibly something else changed causing the need to store a huge certificate chain.
Be sure you understand the consequences of turning this off. I can't explain them in sufficient detail.
You appear to not know what "normal" should be. If you read my first posting, the act of using a SmartBadge to electronically sign a PDF file did NOT increase the file size. This had been the case for several years. Very recently, such as in the past 6 weeks, this act caused the file size to increase by 3 MB for each signature. This is a change from normal. If your type of assistance is the the "normal" assistance to be expected on this support forum, I can see why I've never tried to use it before, because it is surely not normal assistance, maybe even sub-normal.
If you turn off "Include signature's revocation status" the recipients of your signed PDFs will lose ability to validate signatures after the signing certificate expires. If your signed PDFs have short lifespan than it is OK. If their lifespan is several years than you risk that the signatures cannot be validated in the future. This was the reason that in Acrobat 9.1 the default for this preference was changed from "off" to "on".
It is your decision as the document's signer to choose between smaller file size or ability to validate your signatures for along time.
There are two sources of revocation status: OCSP and CRL. Both are maintained by the Certificate Authority that issued the signing certificate and are transmitted on Internet. OCSPs are small in size, CRLs are big, and their size increases with time. One of the reasons that signed PDF size increases substantially is that Acrobat starts to use CRLs instead of OCSPs.
There could be several reasons why Acrobat uses CRLs instead of OCSPs.
1. Acrobat cashes CRLs in Acrobat installation. If it finds an applicable CRL in the cache it uses it and does not go online for OCSP. Check C:\Users\<your user id>\AppData\Roaming\Adobe\Acrobat\11.0\Security folder if it has CRLCache sub-folder. If it does, delete it. Somehow OCSP may not have been found during some signing, Acrobat went for CRL, cached it and then started to use for all subsequent signing.
2. The firewall settings have changed and the OCSP server is not reachable from behind the firewall but the CRL server is reachable. This is unlikely but possible.
3. There are preferences that control the OCSP/CRL use. They can turn off OCSP and/or CRL lookup. So, if OCSP lookup is turned off then Acrobat does not look for OCSP and uses only CRL. These preferences are not accessible with UI. They can only be changed in the registry by system administrator, so in general cases this does not happen. This is a very unlikely case.
like I said in my first explanation, my company uses certificates from everyone's Smart Badge, we don't use a server such as Adobe or MS or other such system. Our certificates do not come via the internet.......