A private key, which you do not share with others.
Documents
are encrypted by using the public keys (certificates) of the users who
will receive the document. When users receive an encrypted document, they
use their private keys to decrypt it.
Certificates are typically
issued and digitally signed by a certificate authority (CA). A CA is
a recognized entity that provides a measure of confidence in the validity
of the certificate. Certificates have an expiration date, after
which they are no longer valid. In addition, certificate revocation
lists (CRLs) provide information about certificates that were revoked
prior to their expiration date. Certificate authorities publish
CRLs periodically. The revocation status of a certificate can also
be retrieved through Online Certificate Status Protocol (OCSP) over
the network.
When you use certificates to encrypt a PDF document,
you can add permissions that specify tasks that individual users
can do with the document. For example, you can specify whether they
can sign and fill, edit, or print the PDF document.
Before
you can encrypt a PDF document with a certificate, you must use Administration
Console to add the certificate to LiveCycle.
Note: It
is recommended that you do not encrypt a document prior to uploading it
to the repository. If you upload an encrypted PDF document to the
repository, it cannot decrypt the PDF document and extract the XDP
content.
A password-encrypted PDF document must be unlocked
before another LiveCycle operation, such as digitally signing the
PDF document, can be performed on it. (See Unlocking encrypted PDF documents.)
