Security Setting Import-Export¶
The security setting export-import feature offers an alternative to pre-deployment installer tuning and post deployment configuration techniques such as GPO. For some enterprises, it can simplify the migration of existing security settings through version upgrades and across multiple machines. Settings can only be exported from Acrobat, but settings can be imported by both Acrobat and Adobe Reader. Introduced with 9.0, the ability to import and export digital signature settings via an``.acrobatsecuritysettings`` file allows you to secure, migrate, backup, restore, and distribute settings. Files can also be placed on a server, and client machines can be configured to automatically download such settings at required intervals.
How it works
The user interface allows users to export settings to a secure file. The settings are represented as XML containing elements that describe details for each supported security component, including encryption, digital signatures, usage rights, trusted identities, and so on. The format provides capabilities for different levels of the security settings management. The XML is embedded in an empty PDF document. The PDF has an
.acrobatsecuritysettings extension. On export, the file is certified with an invisible signature and optionally encrypted so that only authorized users can access it and verify its trustworthiness before installation. At import time, the certification signature status is displayed at the top of the Import Security Settings dialog box.
Some settings such as PKCS#11 modules require manual installation and cannot automatically be moved.
Export to a file¶
Settings can only be exported from Acrobat.
Choose Preferences > Security > Security Settings > Export.
Check or uncheck the settings you would like to export.
When the detailed Export Security Settings dialog appears, review the settings again.
If you would like to include or exclude any settings, highlight the setting and choose the Include/Exclude Setting button.
Choose an encryption method. Encrypting the file ensures that the settings can’t be viewed by anyone other than the intended recipients.
Follow the dialog instructions which will vary with your choice of the document security method (password security or certificate security).
You will be required to certify the file by signing it with a certification signature. When the certification workflow begins, choose OK.
Sign and save the file.
Import from a file¶
Settings can be imported by both Acrobat and Adobe Reader. To import security settings:
Open the Security Settings Console.
Browse to an .acrobatsecuritysettings file.
acrobatsecuritysettings files must be certified and are therefore signed. You can verify the signer’s identity by choosing the Signature Properties in the Document Message Bar and reviewing the signer’s details.
Review the settings carefully. The settings in the imported file will overwrite your current settings. Be sure to verify you’re getting the correct settings and that they are coming from a trusted source.
If the settings you imported included Digital IDs, you must log into each such ID to complete its installation. If there were Digital IDs then a dialog appears asking if you’d like to open the Security Settings Console and log in to the digital IDs you just imported. Choose Yes or No.
For security reasons,
acrobatsecuritysettings files do not carry the digital ID passwords. Before you can use any of the digital IDs you just imported, you must log in to each ID. You can do it now or later.
Manual server import setup¶
If your organization distributes security settings periodically, you can set up Acrobat to regularly check for updates to these policies. Server-based security is set up by an administrator who provides the URL from which to get security updates. Once the application is configured, Acrobat will periodically poll the server (the default time is every three months) via http or https.
Choose Preferences > Security.
Check Load security settings from a server.
Enter the server address in the URL field.
Select a signing certificate. if any. The .acrobatsecurity file will be signed with a certified signature. In order to install the file, you must validate the signature.
Specify how often you want to check for security updates.
Select Ask Before Installing to be notified prior to installing new settings.
When the file opens, complete the import workflow.
Registry and plist configuration¶
As described in the Preference Reference, the following settings are available: