Foxit PhantomPDF provides a FIPS mode to make data protection compliant with Federal Information Processing Standard (FIPS). FIPS mode uses FIPS 140-2 approved algorithms to establish requirements for various purposes including the cryptographic modules of software and hardware.
Whenever you enable FIPS mode, end-users will be restricted from the following:
- Applying password-based security policies to documents, RMS encryption and ConnectedPDF protection.
- Creating self-signed certificates. To create a self-signed digital ID, it must be saved to the Windows certificate store. You cannot create a self-signed digital ID that is saved to a file.
- RC4 encryption. A PDF file can only be encrypted using the AES encryption algorithm when in FIPS mode.
- MD5 or RIPEMD160 digest methods. In FIPS mode, only the SHA-1 and SHA-2 families of digest algorithms can be used when you create a digital signature.
Note: In FIPS mode, you can open and view documents that are protected with algorithms that are not FIPS compliant. However, you can’t save any changes to the document protected with password, RMS and ConnectedPDF Protection
This means that you can only use Certificates to protect the document. Under the "Protect Tab" select 'Certificate Protect'
Here you can either:
a) Create a New ID using the Windows Certificate Store or one that you have stored in your computer. (Note: PhantomPDF only supports .PFX or .P12 certificates); OR,
b) Import a previously trusted certificate.
To enable FIPS mode in Windows:
1. Open the Registry Editor and navigate to the registry:
HKEY_CURRENT_USER\SOFTWARE\Foxit Software\Foxit PhantomPDF 9.0
2. Right-click Foxit PhantomPDF 9.0, and choose New > DWORD (32-bit) Value.
3. Name the new value “bFIPSMode” and set the value data to 1.