Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to REALLY secure a PDF, using ItextPDF preferably?

Tags:

java

pdf

itext

I've been working on settting passwords on PDFs to prevent copy/paste and allow printing, add watermarks and set an owner password to prevent further changes.

Everything works well as expected, no issue there.

Then I downloaded this free for 15 days pdf removal tool, a-pdf. In a blink it removes all protection, no matter the complexity of the password (tried with 50 char length will all kind of chars).

I see there are other methods in itextPDF to encrypt a document. I used the following:

File f = new File("C:/TEMP/zip/waterMarked.pdf");

String hardPassword = "D 5BaIZQ@ CqAk+NQCW)7Dkgb@i&02ifu!2TMX*d 0TGK(j(Kq";
byte[] hardPasswordByte = hardPassword.getBytes(); 

PdfReader reader = new PdfReader("C:/TEMP/zip/Original_document-9.pdf");

FileOutputStream out = new FileOutputStream(f);

PdfStamper stamp = new PdfStamper(reader, out);

//first argument is the user password. If set to something it asks for password when opening file, not wanted.
stamp.setEncryption(null, hardPasswordByte, PdfWriter.ALLOW_PRINTING, true);

//do stuff on the stamper, save file.

Does anyone knows a better way to protect PDF documents from Java code ?

like image 359
IceGras Avatar asked Jul 12 '11 13:07

IceGras


People also ask

How do I password protect a PDF in C#?

Add Password to PDF in C# - Lock PDFDefine the password using the AddPasswordOptions class. Load the PDF file using Merger class. Lock the file by adding password using AddPassword method. Save the protected file using the Save method.

How do I password protect a PDF in android programmatically?

How to set a password to protect PDFs on Android. Begin by navigating to the password protection page on your preferred browser. Click the Select A File button to choose and upload your PDF. Create a password and enter the password, then retype it to confirm.

Why is security an important feature of PDFs?

Encryption. The PDF File structure already provides a certain level of security for the content before being encrypted due to the data being stored in a binary format. This means it can't be easily hacked like a normal text format.


1 Answers

PDF files support 2 passwords: user password and owner password. A user can view the PDF file if he knows any of these passwords. If the file has a user password, when the file is opened with a PDF viewer, the viewer asks the user to enter a password and either the user or owner passwords will work. If the file has only an owner password, the document is displayed automatically and the password is required when trying to change the file's access rights. This is the flow of operations suggested by PDF specification, but in reality it works like this: if the file is protected with a user password, brute force approach is required for password cracking, the longer the password is the longer it takes to crack. Problem is your real users need the password to open the file. If the file is protected only with an owner password, there is a default decryption key (remember, any viewer can display the PDF file without requesting a password) and the application that processes the PDF file decides whether to respect or not the document access rights. Once the file has been decrypted, it is saved without encryption and the output file has no longer a password. Since your documents have only the owner password, the tool removes it without problems using the default decryption key.

There are a few solutions (more or less related to iText) depending on your audience: simple PDF encryption (with the problems above) if your audience is widespread, for example you publish papers on a website; 3rd party DRM solution, more complex and requires various plugins installed on your users' computers; certificate encryption (no sure if iText supports it), again complex, requires each user to have a digital certificate and documents access is defined for each user. Last 2 options work in a controlled enterprise environment.

like image 177
iPDFdev Avatar answered Nov 14 '22 23:11

iPDFdev