67
266
ADOBE ACROBAT 8 PROFESSIONAL
User Guide
Note:
If you forget a password, there is no way to recover it from the document. It’s a good idea to store passwords in a
separate secure location in case you forget them.
Use A Password To Restrict Editing And Printing Of The Document
Restricts access to the PDF file’s security settings.
If the file is opened in Adobe Acrobat, the user can view the file but must enter the specified Permissions password
in order to change the file’s Security and Permissions settings. If the file is opened in Illustrator, Photoshop, or
InDesign, the user must enter the Permissions password, since it is not possible to open the file in a view-only mode.
Permissions Password
Specify a password that is required to change the permissions settings. This option is
available only if the previous option is selected.
Printing Allowed
Specifies the level of printing that users are allowed for the PDF document.
•
None
Prevents users from printing the document.
•
Low Resolution (150 dpi)
Lets users print at no higher than 150-dpi resolution. Printing may be slower because
each page is printed as a bitmap image. This option is available only if the Compatibility option is set to Acrobat 5
(PDF 1.4) or later.
•
High Resolution
Lets users print at any resolution, directing high-quality vector output to PostScript and other
printers that support advanced high-quality printing features.
Changes Allowed
Defines which editing actions are allowed in the PDF document.
•
None
Prevents users from making any changes to the document that are listed in the Changes Allowed menu,
such as filling in form fields and adding comments.
•
Inserting, Deleting, And Rotating Pages
Lets users insert, delete, and rotate pages, and create bookmarks and
thumbnails. This option is only available for high (128-bit RC4 or AES) encryption.
•
Filling In Form Fields And Signing Existing Signature Fields
Lets users fill in forms and add digital signatures.
This option doesn’t allow them to add comments or create form fields. This option is only available for high (128-bit
RC4 or AES) encryption.
•
Commenting, Filling In Form Fields, And Signing Existing Signature Fields
Lets users add comments and digital
signatures, and fill in forms. This option doesn’t allow users to move page objects or create form fields.
•
Page Layout, Filling In Form Fields, And Signing
Lets users insert, rotate, or delete pages and create bookmarks or
thumbnail images, fill out forms, and add digital signatures. This option doesn’t allow them to create form fields. This
option is only available for low (40-bit RC4) encryption.
•
Any Except Extracting Pages
Lets users edit the document, create and fill in form fields, and add comments and
digital signatures.
Enable Copying Of Text, Images, And Other Content
Lets users select and copy the contents of a PDF.
Enable Text Access For Screen Reader Devices For The Visually Impaired
Lets visually impaired users read the
document with screen readers, but doesn’t allow users to copy or extract the document’s contents. This option is
available only for high (128-bit RC4 or AES) encryption.
Encrypt a PDF and create a recipient list
To encrypt PDFs, you use public-key cryptography. Public-key cryptography uses two keys: a public key, which is
stored inside a certificate that can be shared with other users, and a private key, which you don’t share with others.
The public key (certificate) is used to encrypt documents or to verify digital signatures, and the private key is used
to decrypt documents or to create digital signatures. Both keys are included in a digital ID.
45
267
ADOBE ACROBAT 8 PROFESSIONAL
User Guide
The advantage of securing documents with certificates is that authorscan specify unique permissions for each group
in their company. For example, authors can permit employees to sign and fill forms, and permit managers to edit text
or remove pages. When you encrypt a PDF using a certificate, you specify a list of recipients and define each
recipient’s level of access to the file—for example, whether the recipient can edit, copy, or print the file. You can
specify certificates from your list of trusted identities, from files on disk, from an LDAP server, or from the Windows
certificate store (Windows only). Be sure to include your own certificate in the list so that you are later able to open
the document.
Note:
If possible, encrypt documents using certificates from third-party digital IDs. If the certificate is lost or stolen, the
issuing authority can replace it. If a self-signed digital ID is deleted, all PDFs that were encrypted using the certificate
from that ID are forever inaccessible.
If you need to encrypt a large number of PDFs, use the Batch Processing command to apply a predefined sequence,
or edit an existing sequence to add the security features you want. You can also save your certificate settings as a
security policy and reuse it to encrypt PDFs.
1 Do one of the following:
• Click the Secure button
in the Tasks toolbar, choose Show Security Properties, and then choose Certificate
Security from the Security Method menu. (Use this method if you want to save your settings as a security policy.)
• Choose Advanced > Security > Certificate Encryption.
• Click the Secure button
in the Tasks toolbar, and choose Certificate Encryption.
2 In the Certificate Security Settings dialog box, specify whether to save your settings as a policy or discard them
after applying (if available).
3 Select which document components to encrypt.
4 From the Encryption Algorithm menu, choose 128-bit AES or 128-bit RC4. If you select 128-bit AES, Adobe
Acrobat 7.0 or later or Adobe Reader 7.0 or later is required to open the document. Click Next.
5 Select the digital ID you want to use.
6 Create a recipient list for the encrypted PDF: Click Search to locate identities in a directory server or in your list
of trusted identities, or click Browse to locate the file that contains certificates.
7 In the Recipients list, select the recipient(s) for whom you wish to set levels of access, click Permissions, and click
OK in the Acrobat Security dialog box. Then select the levels of access. If you don’t set permissions, recipients have
full access by default.
8 Click OK to implement your settings, and then click Next. Review your settings and then click Finish.
When a recipient opens the PDF, the security settings you specified for that person are used.
See also
“About digital IDs” on page 253
“Get certificates from other users” on page 258
Change or remove encryption from a PDF
You can change or remove security settings from PDF files that you’ve encrypted.
Change encryption settings
1 Click the Secure button
in the Tasks toolbar, and choose Show Security Properties.
36
268
ADOBE ACROBAT 8 PROFESSIONAL
User Guide
2 Click Change Settings.
3 Do any of the following, and then click Next.
• To encrypt different document components, select that option.
• To change the encryption algorithm, choose it from the menu.
4 Do any of the following:
• To check a recipient’s trusted identity, select the recipient, and then click Details.
• To remove recipients, select one or more recipients, and then click Remove. Do not remove your own certificate
from this list, or you won’t have access to the file using that certificate.
• To change recipients’ permissions, select one or more recipients, and then click Permissions.
5 Click Next, and then click Finish. Click OK to close the Document Properties dialog box, and save the document
to apply your changes.
Remove encryption settings
1 Click the Secure button
in the Tasks toolbar, and choose Remove Security.
2 If prompted, type the Permissions password. If you don’t know the Permissions password, contact the author of
the PDF.
Create secure attachments
You can add security to any document by embedding it in an encrypted envelope, called a security envelope (or
eEnvelope, in earlier versions) and sending it as an email attachment. This method is especially useful if you want to
send a secure file attachment without modifying the attached file. When other users open the security envelope, they
can extract the file attachments and save them to disk. The saved files are identical to the original file attachments
and are no longer encrypted when saved.
For example, suppose that you want to send several documents, including non-PDF documents, to your accountant,
but you don’t want anyone else to view the documents. You can embed these documents as file attachments in a
security envelope, encrypt the security envelope so that only your accountant can open the attachments, and then
email the envelope. Anyone can open the envelope, view its cover page, and even view a list of the contents of that
envelope, but only your accountant can view the embedded attachments and extract them to the computer.
When you create a secure attachment, you’re prompted to select or create a security policy.
Embed file attachments in security envelopes for secure transit.
1 Click the Secure button
in the Tasks toolbar, and choose Create Security Envelope.
2 Click Add File To Send, select the documents you want to attach, and then click Open. Select any PDFs in the list
that you don’t want to include and click Remove Selected Files.
31
269
ADOBE ACROBAT 8 PROFESSIONAL
User Guide
3 Click Next.
4 Select an envelope template, and click Next.
5 Select a delivery method, and click Next.
6 Select Show All Policies, and then select a security policy from the list of available policies (or create a new policy
if needed). Click Next.
7 Follow the on-screen instructions to complete the security envelope. If prompted, provide your identity infor
mation.
8 Type an email address in the message that appears and click Send, or save the security envelope to send later.
See also
“Secure PDFs using policies” on page 273
Security policies
About security policies
If you often apply the same security settings to multiple PDFs, you can save your settings as a policy that you can
reuse. Security policies include the type of security encryption, the permission settings, and information about who
can open the PDFs or change security settings. There are two kinds of security policies:
• A user policy is developed and applied by an individual user. If you apply the same security settings to various
documents, you can save time by creating a user policy and then reapplying the user policy to documents without
having to specify the security settings each time. User policies for passwords and public key certificates are stored
on your local computer. If you have access to Adobe LiveCycle Policy Server, you can create a user policy that’s
stored on a policy server and is available only to you.
• An organizational policy is created by an Adobe LiveCycle Policy Server administrator and is stored on a policy
server to be shared by a group of users. Adobe LiveCycle Policy Server controls access to PDFs and auditing events
as defined by the security policy. You can use Adobe LiveCycle Policy Server if your company has licensed the
software and made it available to you.
How organizational policies are authenticated
In addition to allowing the reuse of the same security settings, policies stored on Adobe LiveCycle Policy Server have
the added benefit of letting you expire and revoke documents (no matter how many copies were created or
distributed), and maintain accountability by auditing users who open protected documents.
46
270
ADOBE ACROBAT 8 PROFESSIONAL
User Guide
A
B
C
Security policies
A.
Policies are stored on server. B.
Policies are applied to PDF. C.
Users can open, edit, and print document only if permitted by policy.
The process of using server-based security policies involves four main stages:
Configure the policy server
The system administrator of your company or group usually configures Adobe
LiveCycle Policy Server, manages accounts, and sets up organizational policies. For more information on configuring
the policy server, see the Adobe website.
Publish a document with a security policy
An author creates a PDF and applies a policy stored on Adobe LiveCycle
Policy Server to the PDF. The policy server generates a license and unique encryption key for the PDF. Acrobat
embeds the license in the PDF and encrypts it using the encryption key. The author or administrator can use this
license to track and audit the PDF.
View a document with a policy applied
When users try to open the secure PDF in Acrobat 8.0 (or Reader 8.0), they
must authenticate their identities. If the user is granted access to the PDF, the PDF is decrypted and opens with
whatever permissions are specified in the policy.
Administer events and modifying access
By logging in to an Adobe LiveCycle Policy Server account, the author or
administrator can track events and change access to policy-secured PDFs. Administrators can view all PDF and
system events, modify configuration settings, and change access to policy-secured PDFs. Users may be required to
check in the PDF periodically to continue to have access to it.
Adobe LiveCycle Policy Server
Adobe LiveCycle Policy Server is a server-based security system that provides dynamic control over PDFs. Adobe
LiveCycle Policy Server can be configured to run with LDAP, ADS, and other enterprise systems. Policies provided
by Adobe LiveCycle Policy Server are stored on the server and can be refreshed from the server. You must connect
to Adobe LiveCycle Policy Server to use these server policies.
While security policies are stored on a policy server, the PDFs aren’t. However, users may be required to connect to
the policy server so that they can open or continue to use PDFs to which a security policy has been applied. For infor
mation on configuring an Adobe LiveCycle Policy Server, click Help on the Adobe LiveCycle Policy Server website
after you log in to your account.
Connect to an Adobe LiveCycle Policy Server
1 Choose Advanced > Security Settings.
2 Click Adobe LiveCycle Policy Servers on the left.
3 Click the New button
4 Type a name in the Name box and the URL in the Server Name box. Add the port number and click Connect To
This Server.
.
39
271
ADOBE ACROBAT 8 PROFESSIONAL
User Guide
5 Type the user name and password for your account, and click OK.
View Adobe LiveCycle Policy Server policies
1 Click the Secure button
in the Tasks toolbar, and choose Adobe Policy Server > Manage My Account.
The Adobe LiveCycle Policy Server page opens in your web browser.
2 If prompted, type your user name and password, and click Login.
3 Click the Policies link on the page.
For more information on using Adobe LiveCycle Policy Server, click the Help link in the upper right corner.
Create a user security policy
You can create three types of security policies: password security (to password-protect documents), certificate
security (to encrypt documents for a list of recipients), and Adobe LiveCycle Policy Server policies. Creating policies
for password and certificate security lets you reuse the same security settings for a set of PDFs without having to
change security settings for each. The policies for password and certificate security are stored on the local computer.
When you create a user security policy using Adobe LiveCycle Policy Server, the policy is stored on a server, letting
you audit actions and change security settings dynamically. You can use Adobe LiveCycle Policy Server if your
company has licensed the software and made it available to you.
See also
“Encrypt a PDF and create a recipient list” on page 266
Create a password policy
1 Choose Advanced > Security > Manage Security Policies.
2 Click New.
3 Select Use Passwords, and then click Next.
4 Type a name and description for the policy, do one of the following, and then click Next:
• If you want to specify passwords and restrictions whenever you apply this policy to a document, deselect Save
Passwords With The Policy.
• If you want to save passwords and restriction settings with the policy, select Save Passwords With The Policy.
5 Specify a compatibility setting and password options. If you selected Save Passwords With The Policy, specify the
password and restrictions. Click Next.
6 Review the policy details, and then click Finish.
Create a certificate policy
1 Choose Advanced > Security > Manage Security Policies.
2 Click New.
3 Select Use Public Key Certificates, and then click Next.
4 Type a name and description for the policy, and specify the document components to encrypt.
5 If you want to specify recipients whenever you apply this policy to a document, select Ask For Recipients When
Applying This Policy, and click Next.
40
272
ADOBE ACROBAT 8 PROFESSIONAL
User Guide
6 If Ask For Recipients When Applying This Policy is not selected, specify recipients by selecting the digital IDs you
want to use to encrypt the document (including your own digital ID), and click Next.
7 Click Finish.
Create a user policy with Adobe LiveCycle Policy Server
When you create a user policy using the Adobe LiveCycle Policy Server, you’re redirected to the Adobe LiveCycle
Policy Server web page.
1 Choose Advanced > Security > Manage Security Policies.
2 Click New.
3 Select Use The Adobe LiveCycle Policy Server, and click Next.
4 On the Adobe LiveCycle Policy Server web page, click Policies, and then click New.
5 Type a name and description, set the validity period, and any other options.
6 Select the users or groups, set permissions for them, and click OK.
7 Specify the document components you want to encrypt, and whether you want a watermark.
8 When you’re done, click Save at the top of the page.
Manage security policies
After you create security policies, you can manage them by copying, editing, and deleting them. You can also set up
a list of favorite policies so that they’re easy to access.
1 Choose Advanced > Security > Manage Security Policies.
2 From the Show menu, choose whether you want to display all policies that you have access to, user policies that
you’ve created, or organizational policies.
3 Select a policy and do one or more of the following:
Note:
Options to edit or delete organizational policies aren’t available unless you have administrator rights to the Adobe
LiveCycle Policy Server. Changes to these policies can be made only on the Adobe LiveCycle Policy Server, which opens
automatically when you select an option.
• To create a new policy, click New.
• Tocopy anexistingpolicy,click Copy.Thisoptionisusefulifyou wanttocreateanewpolicythat’sbasedonthe
settings of an existing policy.
• To edit a policy, click Edit. For password and certificate policies, which are stored on the local computer, editing
a policy affects only those documents to which the policy is applied after the policy is edited. For user policies
stored on a server, you can edit the permission settings and other options. This option isn’t available for organiza
tional policies.
• To delete the policy, click Delete. This option may not be available for organizational policies.
• To make the policy easier to get to, click Favorite. This option adds the selected policy to the Secure menu in the
Tasks toolbar, and to the Advanced > Security menu. You can apply the Favorite option to multiple policies.
A star appears next to a favorite policy. (To remove a policy from the favorites, click Favorite again.)
4 Click Close.
22
273
ADOBE ACROBAT 8 PROFESSIONAL
User Guide
Secure PDFs using policies
You can apply either an organization policy or a user policy to a PDF. You must be online with a connection to your
Adobe LiveCycle Policy Server host to apply an Adobe LiveCycle Policy Server policy to a document. Adobe
LiveCycle Policy Server security policies must be stored on a policy server, but PDFs to which the policies are applied
need not be. You can apply policies to PDFs using Acrobat, server-side batch sequences, or other applications, such
as Microsoft Outlook.
To remove a policy from a PDF, you must be the one who applied it. Similarly, only the person who created the user
policy can edit it. To edit organizational policies, you must be the policy administrator. For details on editing security
policies, click the Secure button in the Tasks toolbar, choose Adobe Policy Server > Manage My Account, and then
click Help in the upper right corner.
See also
“Adobe LiveCycle Policy Server” on page 270
Apply a security policy to a PDF
❖
Open a PDF, and do one of the following:
• Click the Secure button
in the Tasks toolbar and choose Adobe Policy Server > Refresh Security Policies to
ensure that you have access to the most up-to-date server policies. Then, click the Secure button in the Tasks
toolbar and choose a policy. Click OK to any warnings about changing the security for the document.
2
2 Choose Edit > Preferences (Windows) or Acrobat (Mac OS) > Preferences, and select Security.
3 Click New, and type a title.
Documents you may be interested
Documents you may be interested
