Introduction

Adobe Acrobat Pro enables users to create, control, and secure Portable Document Format (PDF) documents. Users can also collectively review and edit documents, and convert documents from other formats to PDF.

The integration of Adobe Acrobat Pro with Entrust nShield Time Stamp Server (TSS) performs signing and time-stamping to provide authenticity, integrity and non-repudiation of the document.

TSS is a time-stamp appliance. It uses the industry-standard IETF RFC 3161 protocol to provide time-stamps. TSS also provides a secure auditable trail of time for the purposes of non-repudiation. Adobe Acrobat Pro natively supports the RFC 3161 time-stamp service provided by TSS. Time-stamp a PDF document to validate that document’s authenticity at the time it was time-stamped.

nShield Hardware Security Modules (HSMs) integrate with Adobe Acrobat Pro to enable a customer the ability to identify the publisher of a document and to verify that no one has altered the contents or any other aspect of the original document after it has been signed. Digital signatures, such as those used to sign for example Adobe PDF documents, rely on proven cryptographic techniques and the use of one or more private keys to sign and time-stamp the published software. It is important to maintain the confidentiality of these keys.

The benefits of using an HSM with Adobe Acrobat Pro include:

  • Protection for the organizational credentials of the software publisher.

  • Secure storage of the private key.

  • FIPS 140 Level 3 validated hardware.

  • Provision of a trusted time-stamp to RFC 1631.

The benefits of TSS include:

  • Centrally managed and secured time-stamp appliance.

  • FIPS secure and audited link to a master time source.

Product configurations

Entrust has successfully tested the integration between TSOP - Time Stamp Option Pack (TSS) and Adobe Acrobat Pro in the following configurations:

Software Version

Operating System

Windows Server 2022

Adobe Acrobat

2024.003.20112

TSOP version (TSS)

8.1.0

Supported nShield hardware and software versions

We have successfully tested with the following nShield hardware and software versions:

Connect XC

Security World Software Firmware Image OCS FIPS 140 Level 3

13.6.3

12.72.1 (FIPS 140-2 certified)

12.80.5

Throughout this guide, the term HSM refers to the nShield Connect XC. Other product configurations might work, but not all possible combinations have not been tested by Entrust.

Requirements

Before setting up the time-stamping functionality, ensure that:

  • nShield software and hardware are installed and operational - the server URL of TSS will be needed during the integration process.

  • Security World has been created and usable.

  • The nShield Time Stamp Option Pack (TSOP) has been installed.

  • Required certificates have been imported into the trusted Root CA on the local machine:

    • Signing root certificate.

    • If a third party is used to sign TSA certificates, subordinate certificate(s).

  • Adobe Acrobat Pro has been installed.

  • Appropriate Administrator rights are available to edit Adobe Acrobat settings options.

This document assumes that:

  • Familiar with documentation supplied with TSOP and have installed TSS.

  • Familiar with Adobe Acrobat Pro documentation and have installed Adobe Acrobat Pro.

Entrust recommends that you allow only unprivileged connections unless you are performing administrative tasks.