Restrict who can view your PDF and how they can use it.
You can use PDF encryption to lock a file's content behind a password, but more often it is used to enforce lighter restrictions imposed by the author. For example, the author might permit printing pages but prohibit making changes to the document. Here, we continue from [Hack #2] and explain how pdftk [Hack #79] can encrypt and decrypt PDF documents. We'll begin by describing the Acrobat Standard Security model (called Password Security in Acrobat 6) and the permissions you can grant or revoke.
|
Acrobat Standard Security enables you to set two passwords on a PDF: the user password and the owner password. In Acrobat 6, these are also called the Open password and the Permissions password, respectively.
The user password, if set, is necessary for viewing the document pages. The PDF encryption key is derived from the user password, so it really is required. When a PDF viewer tries to open a PDF that was secured with a user password, it will prompt the reader to supply the correct password.
The owner password, if set, is necessary for changing the document security settings. A PDF with both its user and owner passwords set can be opened with either password, so you should choose both with equal care.
An owner password by itself does not provide any real PDF security. The content is encrypted, but the key, which is derived from the (empty) user password, is known. By itself, an owner password is a polite but firm request to respect the author's wishes. A rogue program could strip this security in a second. See [Hack #66] for additional rights management options.
If your PDF must be compatible with Acrobat 3 or 4, you must use the weaker, 40-bit encryption strength. Otherwise, use the stronger, 128-bit strength. In both cases, the encryption key is created from the user password, so a good, long, random password helps improve your security against brute force attacks. The longest possible PDF password is 32 characters.
Set the user password if you don't want people to see your PDF. If they don't have the user password, it simply won't open.
You also have some control over what people can do with your document once they have it open. The permissions associated with 128-bit security (Acrobat 5 and 6) are more precise than those associated with 40-bit security (Acrobat 3 and 4). Tables Table 5-1 and Table 5-2 list all available permissions for each security model, and Figure 5-2 shows the permissions as seen through Acrobat. The tables also show the corresponding pdftk flags to use.
To allow readers to . . . |
Apply this pdftk permission |
---|---|
Print?pages are top quality |
Printing |
Modify page or document contents,insert or remove pages, rotate pages or add bookmarks |
ModifyContents |
Copy text and graphics from pages, extract text and graphics data for use by accessibility devices |
CopyContents |
Change or add annotations or fill form fields with data |
ModifyAnnotations |
Reconfigure or add form fields |
ModifyContents and ModifyAnnotations |
All of the above |
AllFeatures |
To allow readers to . . . |
Apply this pdftk permission |
---|---|
Print?pages are top quality |
Printing |
Print?pages are of lower quality |
DegradedPrinting |
Modify page or document contents, insert or remove pages, rotate pages or add bookmarks |
ModifyContents |
Insert or remove pages, rotate pages or add bookmarks |
Assembly |
Copy text and graphics from pages |
CopyContents |
Extract text and graphics data for use by accessibility devices |
ScreenReaders |
Change or add annotations or fill form fields with data |
ModifyAnnotations |
Fill form fields with data |
FillIn |
Reconfigure or add form fields |
ModifyContents and ModifyAnnotations |
All of the above, and top-quality printing |
AllFeatures |
Comparing these two tables, you can see that Assembly is a weaker version ofModifyContents and FillIn is a weaker version of ModifyAnnotations.
DegradedPrinting sends pages to the printer as rasterized images, whereas Printing sends pages as PostScript. A PostScript stream can be intercepted and turned back into (unsecured) PDF, so the Printing permission is a security risk. However, DegradedPrinting reduces the clarity of printed pages, so you should test your document to make sure DegradedPrinting yields acceptable, printed pages.
After setting these permissions and/or a user password, changing them requires the owner password, if it is set.
When using pdftk on encrypted PDF documents, the owner password must be supplied. If an encrypted PDF has no owner password, the user password must be given instead. If an encrypted PDF has neither password set, no password should be associated with this document when calling pdftk.
Input PDF passwords are listed right after the input filenames, like so:
pdftk <input PDF files> input_pw <input file passwords> ...
The file handles assigned in <input PDF files> are used to associate files with passwords in <input file passwords> like so:
<input PDF handle> = <input PDF password>
For example:
A=foopass
Adding this parameter to our example in [Hack #51] produces:
pdftk A=in1.pdf B=in2.pdf C=in3.pdf \ input_pw A=foopass cat A1 B1-end C5 output out.pdf
You can encrypt any PDF created with pdftk by simply adding encryption parameters after the output filename, like so:
... output <output filename> \ [encrypt_40bit | encrypt_128bit] [allow <permissions> ] \ [owner_pw <owner password> ] [user_pw <user password> ]
Here are the details:
Specify an encryption strength. If this strength is not given along with other encryption parameters, it defaults to encrypt_128bit.
List the permissions to grant users. If this section is omitted, no permissions are granted. See Tables Table 5-1 and Table 5-2 for a complete list of available permissions.
Use this combination to set the owner password. It can be omitted; in which case no owner password is set.
Use this parameter to set the user password. It can be omitted; in which case no user password is set.
Adding these parameters to our example in [Hack #51] yields this:
pdftk A=in1.pdf B=in2.pdf C=in3.pdf \ cat A1 B1-end C5 output out.pdf \ encrypt_128bit allow CopyContents Printing \ owner_pw ownpass
The previous examples were in the context of [Hack #51] . Here are examples of simply adding or removing encryption from a single file:
pdftk A=input.pdf output encrypted.pdf \ encrypt_128bit allow CopyContents \ owner_pw foopass
pdftk A=encrypted.pdf input_pw A=foopass output decrypted.pdf