Adobe Acrobat XI User Manual

386

Security

Last updated 1/14/2015

For more information on using security features, see these resources:

• Legal Professional:

blogs.adobe.com/acrolaw/

• Security Matters blog:

blogs.adobe.com/security

Choosing security methods within FIPS mode (Windows)

Acrobat and Reader provide a FIPS mode to restrict data protection to Federal Information Processing Standard (FIPS).
FIPS mode uses FIPS 140-2 approved algorithms using the RSA BSAFE Crypto-C Micro Edition (ME) 3.0.0.1
cryptographic module.

The following security options are not available in FIPS mode:

• Applying password-based security policies to documents. You can use public key certificates or Adobe

LiveCycleRights Management ES to secure the document. However, you cannot use password encryption to secure
the document.

• Creating self-signed certificates. To create a self-signed digital ID, it must be saved to the Windows certificate store.

You cannot create a self-signed digital ID that is saved to a file.

• RC4 encryption. A PDF file can only be encrypted by using the AES encryption algorithm when in FIPS mode.

• MD5 or RIPEMD160 digest methods. In FIPS mode, only the SHA-1 and SHA-2 families of digest algorithms can

be used when creating a digital signature.

In FIPS mode, you can open and view documents that are protected with algorithms that are not FIPS compliant.
However, you can’t save any changes to the document using password security. To apply security policies to the
document, use either public key certificates or Adobe LiveCycleRights Management ES.

FIPS mode is configured in the Windows registry by a system administrator. For more information, see Digital
Signatures Guide (PDF) at

www.adobe.com/go/learn_acr_security_en

.

More Help topics

Removing sensitive content

Setting up security policies

Modify form field properties (Acrobat Pro)

Run an action (Acrobat Pro)

Attachments as security risks in Reader and Acrobat

Note: For a full list of articles about security, see

Overview of security in Acrobat and PDF content

.

Attachments represent a potential security risk because they can contain malicious content, open other dangerous files,
or launch applications. Acrobat and Reader always let you open and save PDF and FDF file attachments. Acrobat and
Reader recognize certain files, such as those whose names end in .bin, .exe, and .bat, as threats. You can’t attach such
files. Acrobat does allow you to attach files that cannot be saved or opened from Acrobat, such as ZIP files. However,
this practice is not recommended.

Acrobat and Reader maintain a white list of file types that can be opened or saved, and a black list of file types that
cannot. You are allowed to attach file types that are not on either list. However, when you open or save a file of an
“unrecognized” type, you see a dialog box asking whether you trust the file type.