Setting up signing

You can expedite the signing process and optimize your results by making the following preparations in advance.

Note: Some situations require using particular digital IDs for signing. For example, a corporation or government agency can require individuals to use only digital IDs issued by that agency to sign official documents. Inquire about the digital signature policies of your organization to determine the appropriate source of your digital ID.
  • Get a digital ID from your own organization, buy a digital ID (see the Adobe website for security partners), or create a self-signed one. See Create a self-signed digital ID. You can’t sign a PDF without a digital id.
    Note: You cannot create self-signed digital IDs from within FIPS mode.
  • Set the default signing method.

  • Create an appearance for your digital signature. (See Create the signature appearance.)

  • Use Preview Document mode to suppress any dynamic content that can alter the appearance of the document and mislead you into signing an unsuitable document. For information about using the Preview Document mode, see Sign in Preview Document mode.

  • Review all the pages in a document before you sign. Documents can contain signature fields on multiple pages.

  • Configure the signing application. Both authors and signers should configure their application environment. (See Set signing preferences.)

    For details on the full range of configuration options in enterprise settings, see the Digital Signature Guide (PDF) at learn.adobe.com/wiki/display/security/Document+Library.

  • Choose a signature type. Learn about approval and certification signatures to determine the type you should choose to sign your document. (See Signature types.)

Set signing preferences

Signing workflow preferences control what you can see and do when the signing dialog box opens. You can allow certain actions, hide and display data fields, and change how content affects the signing process. Setting signing preferences impacts your ability to see what you are signing. For information on the available signing preferences, see “Signing Workflow Preferences” in the Digital Signature Guide (PDF) at www.adobe.com/go/learn_acr_security_en.

Customizing signature workflows using seed values

Seed values offer additional control to document authors by letting them specify which choices signers can make when signing a document. By applying seed values to signature fields in unsigned PDFs, authors can customize options and automate tasks. They can also specify signature requirements for items such as certificates and timestamp servers. For more information about customizing signatures using seed values, see the Digital Signature Guide (PDF) at www.adobe.com/go/learn_acr_security_en.

Create the signature appearance

You determine the look of your digital signature by selecting options in the Security section of the Preferences dialog box. For example, you can include an image of your handwritten signature, a company logo, or a photograph. You can also create different signatures for different purposes. For some, you can provide a greater level of detail.

A signature can also include information that helps others verify your signature, such as reason for signing, contact information, and more.

View full size graphic
Signature formats
A.
Text signature

B.
Graphic signature

  1. (Optional) If you want to include an image of your handwritten signature in the digital signature, scan your signature, and save it as an image file. Place the image in a document by itself, and convert the document to PDF.
  2. Right-click the signature field, and select Sign Document or Certify With Visible Signature.
    You can also create an appearance using the Security section of the Preferences dialog box. In the Appearance section, select one of the available options or click New to create an appearance.
  3. From the Appearance menu in the Sign dialog box, select Create New Appearance.
  4. In the Configure Signature Appearance dialog box, type a name for the signature you’re creating. When you sign, you select the signature by this name. Therefore, use a short, descriptive title.
  5. For Configure Graphic, choose an option:
    No Graphic
    Displays only the default digital signature icon and other information specified in the Configure Text section.

    Imported Graphic
    Displays an image with your digital signature. Select this option to include an image of your handwritten signature. To import the image file, click File, click Browse, and then select the image file.

    Name
    Displays only the default digital signature icon and your name as it appears in your digital ID file.

  6. For Configure Text, select the options that you want to appear in the signature. Distinguished Name shows the user attributes defined in your digital ID, including your name, organization, and country.
  7. For Text Properties, specify the writing direction and type of digits used, and then click OK.
  8. (Optional) If the dialog box includes the Additional Signature Information section, specify the reason for signing the document, the location, and your contact information. These options are available only if you selected them using the Advanced Preferences section of the Preferences dialog box (Edit > Preferences > Security > Advanced Preferences > Creation tab).

Security settings

Security settings control document security by configuring digital IDs, passwords, certificates, and Adobe LiveCycle Rights Management (ALCRM) servers. Content security settings also control features that affect application behavior in signing and certificate security workflows.

Set up a roaming ID account

A roaming ID is a digital ID that is stored on a server and can be accessed by the subscriber. You must have an Internet connection to access a roaming ID and an account from an organization that supplies roaming digital IDs.

  1. Do one of the following:
    • In Acrobat, choose Tools > Sign & Certify > More Sign & Certify > Security Settings.

    • In Reader, choose Edit > Protection > Security Settings.

    Note: If you don’t see the Sign & Certify or Protection panel, see the instructions for adding panels at Task panes
  2. Expand Digital IDs on the left, select Roaming ID Accounts, and click Add Account.
  3. Type the name and URL for the roaming ID server, and click Next.
  4. Type your user name and password or follow the directions to create an account. Click Next, and then click Finish.

Once the roaming ID is added, it can be used for signing or encryption. When you perform a task that uses your roaming ID, you’re automatically logged in to the roaming ID server if your authentication assertion hasn’t expired.

PKCS#12 modules and tokens

You can have multiple digital IDs that you use for different purposes, particularly if you sign documents in different roles or using different certification methods. Digital IDs are usually password protected. They can be stored on your computer in PKCS #12 file format. Digital IDs can also be stored on a smart card, hardware token, or in the Windows certificate store. Roaming IDs can be stored on a server. Acrobat includes a default signature handler that can access digital IDs from various locations. Register the digital ID in Acrobat for it to be available for use.

Directory servers

Directory servers are commonly used as centralized repositories of identities within an organization. The server acts as an ideal location to store user certificates in enterprises that use certificate encryption. Directory servers let you locate certificates from network servers, including Lightweight Directory Access Protocol (LDAP) servers. After you locate a certificate, you can add it to your list of trusted identities so that you don’t have to look it up again. By developing a storage area for trusted certificates, you or a member of your workgroup can facilitate the use of encryption in the workgroup.

For more information about directory servers, see the Digital Signature Guide (PDF) at www.adobe.com/go/learn_acr_security_en.

Import directory server settings (Windows only)

You import directory server settings using security import/export methodology or a security settings file. Before, you import settings in a file using import/export methodology, ensure that you trust the file provider before opening it.

  1. To open the file, double-click it, or do one of the following:
    • In Acrobat, choose Tools > Protection > More Protection > Security Settings.

    • In Reader, choose Edit > Protection > Security Settings.

    Note: If you don’t see the Protection panel, see the instructions for adding panels at Task panes
  2. Select Directory Servers on the left, and then click Import. Select the import/export methodology file, and click Open.
  3. If the file is signed, click the Signature Properties button to check the current signature status.
  4. Click Import Search Directory Settings.
  5. Click OK, if prompted, to confirm your choice.

    The directory server appears in the Security Settings dialog box.

Export directory server settings (Windows only)

Although it is preferable to export security settings, you can export directory settings as an import/export methodology file. Use the file to configure the directory server on another computer.

  1. Open the Preferences dialog box, click Identity, and enter your name, organization, and e-mail address to create your profile.
  2. Do one of the following:
    • In Acrobat, choose Tools > Protection > More Protection > Security Settings.

    • In Reader, choose Edit > Protection > Security Settings.

    Note: If you don’t see the Protection panel, see the instructions for adding panels at Task panes
  3. Select Directory Servers on the left, and then select one or more servers on the right.
  4. Click Export, select a destination, and click Next.
  5. To prove that the file came from you, click Sign, add your signature, and then click Next.
  6. Do one of the following:
    • To save the file, specify its name and location, and click Save.

    • To send the file as an e-mail attachment, type an e-mail address in the To box, click Next, and then click Finish.

Add a timestamp to signatures

You can include the date and time you signed the document as part of your signature. Timestamps are easier to verify when they are associated with a trusted timestamp authority certificate. A timestamp helps to establish when you signed the document and reduces the chances of an invalid signature. You can obtain a timestamp from a third-party timestamp authority or the certificate authority that issued your digital ID.

Timestamps appear in the signature field and in the Signature Properties dialog box. If a timestamp server is configured, the timestamp appears in the Date/Time tab of the Signature Properties dialog box. If no timestamp server is configured, the signatures field displays the local time of the computer at the moment of signing.

Note: If you did not embed a timestamp when you signed the document, you can add one later to your signature. (See Establish long-term signature validation.) A timestamp applied after signing a document uses the time provided by the timestamp server.

Configure a timestamp server

To configure a timestamp server, you need the server name and the URL, which you can obtain from an administrator or a security settings file.

If you have a security settings file, install it and don’t use the following instructions for configuring a server. Ensure that you obtained the security settings file from a trusted source. Don’t install it without checking with your system administration or IT department.

  1. Do one of the following:
    • In Acrobat, choose Tools > Sign & Certify > More Sign & Certify > Security Settings.

    • In Reader, choose Edit > Protection > Security Settings.

    Note: If you don’t see the Sign & Certify or Protection panel, see the instructions for adding panels at Task panes
  2. Select Time Stamp Servers on the left.
  3. Do one of the following:
    • If you have an import/export methodology file with the timestamp server settings, click the Import button . Select the file, and click Open.

    • If you have a URL for the timestamp server, click the New button . Type a name, and then type the server URL. Specify whether the server requires a user name and password, and then click OK.

Set a timestamp server as the default

To be able to use a timestamp server to timestamp signatures, set it as the default server.

  1. Do one of the following:
    • In Acrobat, choose Tools > Sign & Certify > More Sign & Certify > Security Settings.

    • In Reader, choose Edit > Protection > Security Settings.

    Note: If you don’t see the Sign & Certify or Protection panel, see the instructions for adding panels at Task panes
  2. Select the timestamp server, and click the Set Default button .
  3. Click OK to confirm your selection.

Adobe LiveCycle Rights Management (ALCRM) servers

Adobe LiveCycle Rights Management (ALCRM) servers let you define centralized policies to control access to documents. The policies are stored on the ALCRM server. You require server access to use them.

ALCRM servers embed user access information in documents. Therefore, specify document recipients in ALCRM policies. Alternatively, let the ALCRM server retrieve the list of recipients from LDAP directories.

Use ALCRM servers to set permissions for separate document tasks, for example opening, editing, and printing. You can also define document auditing policies on ALCRM servers.