What’s new in Adobe LiveCycle Digital Signatures ES

Adobe LiveCycle Digital Signatures ES (formerly Adobe LiveCycle Document Security) lets you use digital signatures to preserve the integrity and authenticity of a document as it is transferred among users within and beyond the firewall, when it is downloaded offline, and when it is submitted back to your organization.

With Digital Signatures ES, you can automate the process of bulk certifying and signing documents, as well as
validating signatures in documents that are submitted back to your organization.

Key features
Digital Signatures ES can apply security features to any PDF document whether it is generated by other Adobe server products, on a desktop by Acrobat, or even by a third-party solution. Because PDF documents can contain any type of information, such as text, audio, and video files, you can use Digital Signatures ES to secure any type of information that is saved in a PDF document.

Digital Signatures ES can apply the appropriate security features through automated business processes
or programmatically through the API:

Certification and Approval signatures: Specify digital signing of documents so that recipients can validate the authenticity and integrity of the content. Digital signatures can be applied individually or in batches by using digital certificates from third-party vendors. With digital signatures applied, documents maintain authenticity even when archived.

Signature validation: Specify signature validation so that your organization can verify the authenticity of returned documents it receives. When digitally signed documents are received, Digital Signatures ES can open the document and validate it based on its signature status.

How Digital Signatures ES secures a document
In a typical Digital Signatures ES process, a developer creates an application that retrieves a PDF document from a specified repository, applies a digital signature by using a credential (private key) in a specified keystore (including HSMs), encrypts the document with a password, and sends the document to several specified recipients by email. In another example, a custom application created by using the Java API may get a series of documents, apply a digital signature to all of them, and distribute them online through the web to a number of specified locations.

This new LiveCycle Digital Signatures ES release offers many new features, including:

Signing operation: The signing operation lets you control several aspects of digital signatures used in a document. When designing a PDF document, you can define the following items:
● The appearance of the digital signature when it displays on the document
● The signature algorithm used for signing
● The properties set in signature profiles used while signing
● Embedded revocation checks in the signature field property.

Signature field creation: Digital Signatures ES supports seed values through the Signature APIs that are defined in the PDF 1.7 specification. You can create these using LiveCycle Designer 8.0 or 8.1.

Signature validation: Digital Signatures ES supports several new signature validation features:
● Validation of XML digital signatures
● Configuration of revocation check failover from OCSP to CRL, and CRL to OSCP
● Enhanced Signatures Status information that can be used when developing business processes
● RFC3280-compliant validation, and support for specifying path validation options at runtime
● Per invocation control of the verification time and revocation check styles which are used for revocation checks (rather than a global setting).

TrustStore configuration: Digital Signatures ES now uses the TrustStore repository as the database in which security data is stored. Trust chains are dynamically added to the TrustStore repository without requiring a restart of the server.

New API functionality: The following new APIs enable granular control over signature processing:
ClearSignature(), ClearSignatureField, RemoveSignatureField. The Signing Profile can also be controlled using the API (seed values). You can also use the API to specify a policy OID for each trust anchor.

Added standards compliancy: Digital Signatures ES now supports the following standards:
● XML digital signature standards (http://www.w3.org/TR/xmldsig-core)
● SHA-2 family of encryption algorithms
● RFC3280 certificates and certificate revocation lists

Support for FIPS mode: You can enable the Federal Information Processing Standards (FIPS) option restricting data protection to FIPS 140-2 approved algorithms using the RSA BSAFE Crypto-J 3.5.2 encryption module with FIPS 140-2 validation certificate #590

Configure service attributes in a web-based interface: You can configure Signature service attributes in the Archive Administration area of the LiveCycle Administration Console. For example, you can set up watched folders and endpoints for service invocation, configure remote APIs and parameters for processing.