B: Supported Standards and RFCs

Standards

Standards support
Reference Feature
PDF Reference 1.7 (ISO 32000-1) . See also PDF for Archive (PDF/A) and PDF for Exchange (PDF/X). Representing signatures in the PDF language.
RFC 3280, Internet X.509v3 Public Key Infrastructure, Certificate and Certificate Revocation List (CRL) Profile. CRL revocation checking, chain building, path validation, cross certificates, multiple chains.
RFC 2560, X.509 Internet PKI Online Certificate Status Protocol-OCSP. OCSP revocation checking.
RFC 3161, Internet X.509 Public Key Infrastructure Time-Stamp Protocol Timestamping: signing and signature validation.
RFC 3281, Attribute Certificate Profile, S. Farrell, R. Housley April 2002. Attribute certificates.
RFC 2437, PKCS #1: RSA Cryptography Specifications Version 2.0 (1024, 2048, 4096). A format used for creating a digital signature object which is embedded in a document.
RFC 2898, PKCS #5: Password-Based Cryptography Specification Ver. 2.0. Password security.
RFC 2315, PKCS #7: Cryptographic Message Syntax, Version 1.5. A format used for creating a digital signature object which is embedded in a document.
PKCS #11: URI Scheme Cryptographic token interface (smart cards, tokens, etc.)
RFC 1321, The MD5 Message-Digest Algorithm Creating a document hash during signing.
RFC 3174, US Secure Hash Algorithm 1 (SHA1) Creating a document hash during signing. Deprecated with 11.0.
RFC 6234 US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF) Creating a document hash during signing.
FIPS PUB 186-2, Digital Signature Standard. Describes DSA signatures. Digital signatures. Deprecated with 11.0.
FIPS PUB 186-3, Digital Signature Standard. Describes DSA signatures. Digital signatures. 11.0 introduces support for 3 ECDSA named curves.
FIPS PUB 197, Advanced Encryption Standard (AES 128, 256). Certificate security.
ISIS-MTT Specification v.1.1 March 2004. Attribute certificates.
NIST PKITS “Public Key Interoperability Test Suite Certification Path Validation” Chain building and path validation, including cross certificates and multiple chains.
OIDS. ASN.1 Object identifiers (OIDs)
RFC 2396, Uniform Resource Identifiers (URI): Generic Syntax. All.
RFC 2595, Using TLS with IMAP, POP3 and ACAP. The PLAIN authentication mechanism used by the roaming ID feature.
RFC 3778, The application/pdf Media Type. Adobe Systems Incorporated. Describes PDF media type, digital signatures, and encryption.
ETSI 102 778 PDF Advanced Electronic Signatures (PAdES), Parts 1,2,3 and 4. Digital signature; especially LTV.
ETSI/ESI Technical Standard (TS) 102 778 Digital signatures.
JITC: Joint Interoperability Test Command PKI compliance test suite DoD-mandated PKI test suite. Compliant since 7.x. See http://blogs.adobe.com/security/tag/jitc.

APIs and miscellaneous

Support for APIs, organizations, etc.
Item Description
MSCAPI Microsoft’s CryptoAPI
Keychain Macintosh’s CryptoAPI
Esign A U.S. law conformed to by Acrobat and EchoSign signatures.

FIPS support

To comply with NIST requirements for data protection, Adobe products can provide encryption via the Federal Information Processing Standard (FIPS) 140-2 mode. FIPS 140 is a cryptographic security standard used by the federal government and others requiring higher degrees of security. Adobe utilizes certified and unmodified encryption modules licensed from RSA Security within desktop and server products. Therefore, Adobe will not show up in the NIST Cryptographic Module Validation Program vendor lists. The following documents list the specific, certified modules in use within the Adobe DRM Solution:

  • Adobe Acrobat and Reader (Windows only): When the FIPS mode is enabled via the registry, encryption uses FIPS-approved algorithms during the production of PDFs in digital signature workflows and not the consumption of PDF files as follows:

  • Adobe Experience Manager / LiveCycle ES3 and ES4 Rights Management server software:

    • RSA BSAFE Crypto-J Software Module 3.5 with FIPS certificate #590
  • Adobe Rights Management Extension for Microsoft Office client software:

    • RSA BSAFE Crypto-C Micro Edition 2.1 with FIPS Certificate #828

The NIST Cryptographic Module Validation Program (CMVP) is detailed at: http://csrc.nist.gov/groups/STM/cmvp/index.html.

The Adobe Public Sector contact for FIPS certification is John Landwehr (VP Government Solutions, Adobe Systems Federal)