Protecting digital ids – Adobe Acrobat 9 PRO Extended User Manual
Page 260
254
USING ACROBAT 9 PRO EXTENDED
Security
Last updated 9/30/2011
Note: You can delete only self-signed digital IDs that you created in Acrobat.
1 Do one of the following:
•
In Acrobat, choose Advanced > Security Settings.
•
In Reader, choose Document > Security Settings.
2 Select Digital IDs on the left, and then select the digital ID to remove.
3 Click Remove ID, and then click OK.
More Help topics
Delete a certificate from trusted identities
Protecting digital IDs
By protecting your digital IDs, you can prevent unauthorized use of your private keys for signing or decrypting
confidential documents. Make sure that you have a procedure in place in the event your digital ID is lost or stolen.
How to protect your digital IDs
When private keys are stored on hardware tokens, smart cards, and other hardware devices that are password- or PIN-
protected, use a strong password or PIN. Never divulge your password to others. If you must write down your
password, store it in a secure location. Contact your system administrator for guidelines on choosing a strong
password. Keep your password strong by following these rules: use eight or more characters; mix uppercase and
lowercase letters with numbers and special characters; choose a password that is difficult to guess or hack, but that you
can remember without having to write it down; do not use a correctly spelled word in any language, as they are subject
to “dictionary attacks” that can crack these passwords in minutes; change your password on a regular basis; contact
your system administrator for guidelines on choosing a strong password.
To protect private keys stored in P12/PFX files, use a strong password and set your password timeout options
appropriately. If using a P12 file to store private keys that you use for signing, use the default setting for password
timeout option so that your password is always required. If using your P12 file to store private keys that are used to
decrypt documents, make a backup copy of your private key or P12 file so that you can open encrypted documents if
you lose your keys.
The mechanisms used to protect private keys stored in the Windows certificate store vary depending on what company
has provided the storage. Contact the provider to determine how to back up and protect these keys from unauthorized
access. In general, use the strongest authentication mechanism available and create a strong password or PIN when
possible.
What to do if a digital ID is lost or stolen
If your digital ID was issued by a certificate authority, immediately notify the certificate authority and request the
revocation of your certificate. You should also stop using your private key.
If your digital ID was self-issued, destroy the private key and notify anyone to whom you sent the corresponding public
key (certificate).