Macromedia live cycle 7.2 Manual
Adobe LiveCycle
Before You Install
Installing and Configuring LiveCycle Security Products for JBoss
Signing and validating trust.xml 18
If you are upgrading from Document Security Server 6.0 or later, you can use your existing trust directory
and trust.xml file; you can specify the existing trust directory with Configuration Manager.
and trust.xml file; you can specify the existing trust directory with Configuration Manager.
This table describes the trust or security components required to run LiveCycle Document Security.
Signing and validating trust.xml
After the installation program creates the trust.xml file and populates it with all of the trust information
that references certificates (trustAnchors), credentials, and CRLs, it signs it to ensure that it is valid and
protected. Any time you add credentials to your system, you must update the trust.xml file and re-sign it.
The private key is used for signing, and the public key is for validation (or verification). Each time you
modify the content of the trust.xml file, you must re-sign the file.
that references certificates (trustAnchors), credentials, and CRLs, it signs it to ensure that it is valid and
protected. Any time you add credentials to your system, you must update the trust.xml file and re-sign it.
The private key is used for signing, and the public key is for validation (or verification). Each time you
modify the content of the trust.xml file, you must re-sign the file.
You update the trust.xml file automatically using Configuration Manager. (See
Updated LiveCycle product information
Adobe Systems has posted a Knowledge Center article to communicate any updated LiveCycle product
information with customers. You can access the article at:
information with customers. You can access the article at:
Trust component
Description
trust.xml
The trust.xml file contains mapping information for the certificates, credentials, and
CRLs used by the PDF Manipulation Module. This file references the contents of the
credentials, certificates, and CRL directories.
CRLs used by the PDF Manipulation Module. This file references the contents of the
credentials, certificates, and CRL directories.
credentials
Credentials are the private keys used to establish identity in encryption operations.
Credential files used with the Trust Manager Module must be stored in the
credentials directory and referenced in the trust.xml file.
Credential files used with the Trust Manager Module must be stored in the
credentials directory and referenced in the trust.xml file.
certificates
Certificates are the public keys that correspond to credentials. Certificates used
with the Trust Manager Module must be stored in the certificates directory and
referenced in the trust.xml file. Certificates are called trustAnchors in the trust.xml
file.
with the Trust Manager Module must be stored in the certificates directory and
referenced in the trust.xml file. Certificates are called trustAnchors in the trust.xml
file.
CRLs
CRLs contain a list of all of the certificates that are no longer valid. The CRLs
directory can be located anywhere on your system, but it is convenient to maintain
it in the same location as your other trust security resources. CRLs used with the
Trust Manager Module must be stored in the CRLs directory and referenced in the
trust.xml file. CRL files must also be imported into the Trust Manager Module.
directory can be located anywhere on your system, but it is convenient to maintain
it in the same location as your other trust security resources. CRLs used with the
Trust Manager Module must be stored in the CRLs directory and referenced in the
trust.xml file. CRL files must also be imported into the Trust Manager Module.
keystore file
The keystore file stores private keys and their associated public key certificates. You
create the keystore, which is used for validating the trust.xml file against the
trust.sig file. It can be located anywhere on your system, but its properties are
configured and maintained within the Trust Manager Module.
create the keystore, which is used for validating the trust.xml file against the
trust.sig file. It can be located anywhere on your system, but its properties are
configured and maintained within the Trust Manager Module.
key pair
The private and public key generated and stored in the keystore is used for signing
and validating the trust.xml file. This key pair is separate from the credentials and
certificates described above. It is used to protect the integrity of the trust data and
is used only during the product startup to verify the data integrity.
and validating the trust.xml file. This key pair is separate from the credentials and
certificates described above. It is used to protect the integrity of the trust data and
is used only during the product startup to verify the data integrity.