At my company, we are currently using digital certificates in Acrobat 8.0 to electronically sign documents. Recently, we began piloting a different type of certificate which will be used strictly for authentication.
We were surprised to discover that Acrobat allowed us to use this authentication certificate to apply a signature. This is bad, because the auth certificate doesn't feature passphrase protection of the private key.
We issue eSignature certificates which contain both the digital signing and non-repudiation key usages. Our authentication certs have digital signing capability (because that's how certificate authentication works), but they do NOT have the non-repudiation key usage.
So, my question is this - Is there any way to configure Acrobat 8 to only allow the usage of certificates that have both the digital signing and non-repudiation key usages for the application of electronic signatures?
The short answer is yes. Of course that leads to the next question, how to do it? You apply the restriction using a Seed Value. A Seed Value is nothing more that a restriction placed on a signature field by using JavaScript. In this case you would require that the signature field be signed with a digital ID that had both digital signing and non-repudiation key usage values.
The first place I think you should look is in the Acrobat 8 Digital Signature User Guide located at [url=http://learn.adobe.com/wiki/download/attachments/52658564/acrobat_digsig_userguide_8x.pdf?version=1]Dig Sig User Guide[/url] and specifically, section 7.8.2.
Another good reference is [url=http://www.adobe.com/devnet/acrobat/pdfs/js_api_reference.pdf]JavaScript Reference[/url] and look for signatureSetSeedValue in the PDF document.
I hope this helps,
Steve
Steven Madwin
Software QA Engineer
Adobe Systems Incorporated
345 Park Avenue, MS-W15
San Jose, CA 95110-2704 USA
408.536.4343 p, 408.537.4053 f
Steven [dot] Madwin [at] adobe [dot] com