The FyTek Weblog

The PDF file structure allows for various types of encryption. The common forms use 40-bit encryption, which are compatible with Adobe Reader 4.x and earlier and 128-bit used in Adobe Reader 5.x and higher. The more bits, the more difficult to crack using a brute force approach so 128-bit is considered more secure. No encryption scheme is completely safe but some are safer than others. The encryption used in PDFs won’t stop a dedicated hacker but should be fine for most other situations. Having said that, unless you have a need to support older versions of Adobe Reader you should use 128-bit encryption.

A PDF is internally divided into logical groupings or objects and these objects are assigned a unique number. There are many types of objects but for an example they could be an embedded font file, the content for a given page, or an image. Each object within a PDF has its data encrypted – the contents of the object, not the object number or other non-data parts of the object – when you apply encryption. That is, those sections that don’t relate to potentially sensitive information such as metadata or pointers are intentionally left unencrypted. This is so other software, such as file content search routine, can find a description or title for the PDF. You can encrypt this metadata if desired but unless you really want it encrypted it’s best to leave it as plain text.

The typical use for encryption, other than making it difficult to extract data directly, is to place restrictions on what can be done with a PDF file. For example, you may want to prevent the end user from printing or copying text from the PDF. Perhaps you are a graphics shop and your images are considered an asset. You may provide full resolution images for viewing within the PDF but only allow low-res printing. Here’s a list of restrictions you can place on a PDF depending on level of encryption used:

40-bit encryption

• do not allow user to print
• do not allow user to make changes
• do not allow user to copy text/graphics
• do not allow user to add/update annotations

128-bit encryption

• do not allow user to print (even low quality)
• do not allow user to make changes
• do not allow user to copy text/graphics
• do not allow user to add/update annotations
• do not allow user to fill in interactive fields
• do not allow user to extract information
• do not allow assembly (insert, rotate, delete pages or create bookmarks)
• do not allow user to print at digital quality

Types of Passwords

You have the option of applying an owner password only or an owner and user password. A user password, or opening password, is used when you want Adobe Reader to prompt for a password before showing the PDF. In this case, you can enter either the owner or user password depending on which one you know or care to use. If you don’t know either one then you will not be able to open or view the PDF. Note that both the owner and user password will grant the same restricted access as defined by the author of the document. So what good is the owner password? It can be used to remove the encryption from the document using the full (paid) version of Adobe Acrobat or other free software such as PDF Un-Secure from FyTek.

Having just an owner password on a PDF is similar to having both an owner and user password except there is no prompt to enter a password when opening the PDF. In this case there is no need to supply users with a user password and whatever restrictions you place on the PDF will be effect when the PDF is opened. Well, that’s the intent anyway. While we certainly don’t endorse the practice, it is possible to find software that will remove encryption from a PDF when only an owner password is present. The reason for this is the user password is used internally to decrypt the document. If the user password is not applied then by default it’s blank and therefore known. Keep this in mind if you have sensitive data to encrypt.

Summary

PDF encryption is used to limit how an end user can interact with your PDF. In addition, it provides an extra layer of security. This is not to say the security cannot be cracked but it should be sufficient for most users. Always keep the owner password available for future reference in the event you want to modify restrictions on an existing PDF. You can use Adobe Acrobat or other compatible software that is capable of removing PDF security settings. The other option is to recreate the PDF from its original source, such as a Word Document, and apply new restrictions.

admin PDF