Encrypt a PDF and create a recipient list

To encrypt PDFs, you use public-key cryptography. Public-key cryptography uses two keys: a public key, which is stored inside a certificate that can be shared with other users, and a private key, which you don’t share with others. The public key (certificate) is used to encrypt documents or to verify digital signatures, and the private key is used to decrypt documents or to create digital signatures. Both keys are included in a digital ID.

The advantage of securing documents with certificates is that authors can specify unique permissions for each group in their company. For example, authors can permit employees to sign and fill forms, and permit managers to edit text or remove pages. When you encrypt a PDF using a certificate, you specify a list of recipients and define each recipients’ level of access to the file—for example, whether the recipients can edit, copy, or print the file. You can specify certificates from your list of trusted identities, from files on disk, from an LDAP server, or from the Windows certificate store (Windows only). Be sure to include your own certificate in the list so that you are later able to open the document.

Note: If possible, encrypt documents using certificates from third-party digital IDs. If the certificate is lost or stolen, the issuing authority can replace it. If a self-signed digital ID is deleted, all PDFs that were encrypted using the certificate from that ID are forever inaccessible.

If you need to encrypt a large number of PDFs, use the Batch Processing command to apply a predefined sequence, or edit an existing sequence to add the security features you want. You can also save your certificate settings as a security policy and reuse it to encrypt PDFs.

  1. Do one of the following:

    • Click the Secure button  on the Tasks toolbar, choose Show Security Properties, and then choose Certificate Security from the Security Method menu. (Use this method if you want to save your settings as a security policy.)

    • Choose Advanced > Security > Certificate Encryption.

    • Click the Secure button on the Tasks toolbar, choose Certificate Encryption.

  2. In the Certificate Security Settings dialog box, specify whether to save your settings as a policy or discard them after applying (if available).
  3. Select which document components to encrypt.
  4. From the Encryption Algorithm menu, choose 128-bit AES or 128-bit RC4. If you select 128-bit AES, Acrobat 7.0 or later or Reader 7.0 or later is required to open the document. Click Next.
  5. Select the digital ID you want to use.
  6. Create a recipient list for the encrypted PDF: Click Search to locate identities in a directory server or in your list of trusted identities, or click Browse to locate the file that contains certificates.
  7. In the Recipients list, select the recipient(s) for whom you wish to set levels of access, click Permissions, and click OK in the Acrobat Security dialog box. Then select the levels of access. If you don’t set permissions, recipients have full access by default.
  8. Click OK to implement your settings, and then click Next. Review your settings and then click Finish.

    When a recipient opens the PDF, the security settings you specified for that person are used.

Related Information