Choosing security methods within FIPS mode (Windows)

Acrobat and Reader provide a FIPS mode to restrict data protection to Federal Information Processing Standard (FIPS). FIPS mode uses FIPS 140-2 approved algorithms using the RSA BSAFE Crypto Micro Edition (ME) 2.1.0.3 cryptographic module.

The following security options aren’t available in FIPS mode:

• Applying password-based security policies to documents. You can use public key certificates or Adobe LiveCycle Rights Management ES to secure the document, but you cannot use password encryption to secure the document.

• Creating self-signed certificates. To create a self-signed digital ID, it must be saved to the Windows certificate store. You cannot create a self-signed digital ID that is saved to a file.

• RC4 encryption. A PDF file can only be encrypted by using the AES encryption algorithm when in FIPS mode.

• MD5 or RIPEMD160 digest methods. In FIPS mode, only the SHA-1 and SHA-2 families of digest algorithms can be used when creating a digital signature.

In FIPS mode, you can open and view documents that are protected with algorithms that are not FIPS compliant. However, you can’t save any changes to the document using password security. To apply security policies to the document, use either public key certificates or Adobe LiveCycle Rights Management ES.

FIPS mode is configured in the Windows registry by a system administrator. For more information, see Document Security User Guide For Adobe Acrobat and Adobe Reader (PDF) at www.adobe.com/go/learn_acr_security_en.