For greater security than the standard password protection measures can provide for keeping PDF files safe, you may set up a Signing certificate and/or an Encryption certificate. You may also sign PDF/A documents. Digitally signed documents may be Time-stamped and given authorization protection too, if required.
To access the digital security options
1. | Select PDF document or PDF/A document format from the File|Export dialog (Ctrl E) – see PDF or PDF/A document file export. |
2. | Click PDF options... to open the PDF configuration dialog. |
3. | Click Security options to display the digital security page. |
When a document has been digitally 'signed', recipients trying to open a PDF or PDF/A file may check whether it has been altered since it was signed and also how trustworthy the signature is.
The signature consists of a 'digest' of the document and a 'Signing certificate' file or profile. The signing certificate requires an associated 'Private key' and the authority of the signature.
Private keys (.PFX files) are installed on the PC and Windows keeps them safe for you in its own certificate-store.
A trustworthy signature is a chain of referees linking back to a 'Root Signature': self-signed documents must be treated with caution!
See also your Email Tools Options Security settings.
Font note: When exporting to PDF format, there are options to use Adobe fonts rather than downloading the original fonts used when the document was created (as PDF/A does). These are useful for reducing the size of a PDF file, but if your document contains uncommon characters it may be best to deselect them. This forces the document to include your original font, so you can be sure that the characters in the exported document are always the same as those in the original. (For example, currency and maths symbols – if present at all – may not conform to a standard symbolset.)
|
1. | Display the digital security options page as above. |
3. | Click OK to close the 'Configuration' dialog or
click Apply to return to 'PDF options' page. |
The digest will be created and the resulting signature applied to the whole PDF document when it is exported.
PDF (but not PDF/A) files may be 'encrypted' so that only specified recipients may view the document.
To encrypt a PDF document you use a .CER, .P7B or Security profile 'Encrypting certificate'. Encrypting certificates employ the 'Public keys' of one or more recipients.
|
1. | Display the digital security options page as above. |
2. | Select a suitable 'Encryption' option: |
o | 40-bit (RC4 encryption, used before 1999) |
o | 128-bit (RC4 encryption, superseding '40-bit') |
o | 128-bit AES (more secure than RC4 encryption but not as fast). |
o | Select from the drop-down list. |
4. | Click OK to close the 'Configuration' dialog or
click Apply to return to 'PDF options' page. |
About Security profiles
Certificates are organized very securely by your PC and it is usually inconvenient to enter simply a filename and full path. This is often the case when encrypting a document containing many Public keys so that the same PDF may be exported to a number of recipients. User-friendly RedTitan 'Security Profiles', however, may be constructed to contain all the certificate information and keys necessary – just select one from the drop-down list.
• | To set up a Signing certificate profile or Recipient list, click Manage certificates on the digital security page. The RedTitan EEcerts Certificate management program will open. See EEcerts Help for more details. |
About Time-stamping
"Time-stamps" are used to pin-down documents and their contents to a precise and verifiable moment. A digest of the time-stamped document is created for you by a 'Time Stamping Authority' via a 'Trusted Third Party'.
• | To Time-stamp a document, click Manage certificates on the digital security page. The RedTitan EEcerts Certificate management program will open. See EEcerts Help for more details. |