Managing certificates and credentials

A credential contains your private key information needed for signing or identifying documents. A certificate is public key information that you configure for trust. LiveCycle uses certificates and credentials for several purposes:

Reader Extensions uses a credential to enable Adobe Reader usage rights in PDF documents. (See Configuring credentials for use with Reader Extensions.)
You can configure Rights Management to display credentials for use in Acrobat only from trusted issuers. (See Configure Rights Management display settings.) The Common Name (CN) must be present in the certificate.
The Signature service accesses certificates and credentials. For details on the Signature service, see Services Reference.

Generating a pair key

LiveCycle uses its Trust Store to store and manage certificates, credentials, and certificate revocation lists (CRLs). Additionally, you can use an independent Hardware Security Module (HSM) device to store private keys.

LiveCycle does not provide any option to generate a key pair. However, you can generate it using tools, such as Java keytool, and import it in LiveCycle Trust Store. For more information on Java keytool, see the following:

http://docs.oracle.com/javase/tutorial/security/toolsign/step3.html

http://docs.oracle.com/cd/E19798-01/821-1841/gjrgy/index.html

http://blogs.adobe.com/livecycle/2010/01/creating_ssl_keys_and_certific.html

The following signature types are supported and can be imported in LiveCycle:

XML signature
XMLTimeStampToken
RFC 3161 TimeStampToken
PKCS#7
PKCS#1
DSA Signatures

Handling lost or compromised key

If you suspect that your key is lost or has been compromised, take the following actions:

Inform the certifying authority, so that they add the compromised key on the certificate revocation list to revoke the key.
Obtain a new key and its certificates from the certifying authority.
Sign the documents that were signed using the compromised key again using the new key.