Introduction
Adobe Acrobat Pro enables users to create, control, and secure Portable Document Format (PDF) documents. Users can also collectively review and edit documents, and convert documents from other formats to PDF.
The integration of Adobe Acrobat Pro with Entrust nShield Time Stamp Server (TSS) performs signing and time-stamping to provide authenticity, integrity and non-repudiation of the document.
TSS is a time-stamp appliance. It uses the industry-standard IETF RFC 3161 protocol to provide time-stamps. TSS also provides a secure auditable trail of time for the purposes of non-repudiation. Adobe Acrobat Pro natively supports the RFC 3161 time-stamp service provided by TSS. Time-stamp a PDF document to validate that document’s authenticity at the time it was time-stamped.
nShield Hardware Security Modules (HSMs) integrate with Adobe Acrobat Pro to enable a customer the ability to identify the publisher of a document and to verify that no one has altered the contents or any other aspect of the original document after it has been signed. Digital signatures, such as those used to sign for example Adobe PDF documents, rely on proven cryptographic techniques and the use of one or more private keys to sign and time-stamp the published software. It is important to maintain the confidentiality of these keys.
The benefits of using an HSM with Adobe Acrobat Pro include:
-
Protection for the organizational credentials of the software publisher.
-
Secure storage of the private key.
-
FIPS 140 Level 3 validated hardware.
-
Provision of a trusted time-stamp to RFC 1631.
The benefits of TSS include:
-
Centrally managed and secured time-stamp appliance.
-
FIPS secure and audited link to a master time source.
Product configurations
Entrust has successfully tested the integration between TSOP - Time Stamp Option Pack (TSS) and Adobe Acrobat Pro in the following configurations:
Software | Version |
---|---|
Operating System |
Windows Server 2022 |
Adobe Acrobat |
2024.003.20112 |
TSOP version (TSS) |
8.1.0 |
Supported nShield hardware and software versions
We have successfully tested with the following nShield hardware and software versions:
Requirements
Before setting up the time-stamping functionality, ensure that:
-
nShield software and hardware are installed and operational - the server URL of TSS will be needed during the integration process.
-
Security World has been created and usable.
-
The nShield Time Stamp Option Pack (TSOP) has been installed.
-
Required certificates have been imported into the trusted Root CA on the local machine:
-
Signing root certificate.
-
If a third party is used to sign TSA certificates, subordinate certificate(s).
-
-
Adobe Acrobat Pro has been installed.
-
Appropriate Administrator rights are available to edit Adobe Acrobat settings options.
This document assumes that:
-
Familiar with documentation supplied with TSOP and have installed TSS.
-
Familiar with Adobe Acrobat Pro documentation and have installed Adobe Acrobat Pro.
Entrust recommends that you allow only unprivileged connections unless you are performing administrative tasks. |