Encryption in PDF documents
When encryption is used in PDF, a security handler must be selected. The Pdftools SDK always uses the standard security handler that, according to the PDF Specification, must be supported by any software that can process encrypted PDF documents.
For more detailed information about PDF encryption in general, consult PDF Reference, chapter 3.5.
Permissions and passwords in PDF documents
The standard security handler allows access permissions for the document. Up to two passwords can be specified for a document:
Owner password
An owner password is also referred to as the author's password. This password grants full access to the document. It allows the document be opened and read, and also lets the document's security settings (access permission and passwords) to be changed.
User password
A user password protects the document against unauthorized opening and reading. If a PDF document is protected by a user password, either the user or owner password must be provided to open and read the document. If a document has a user password, it must have an owner password as well. If no owner password is defined, the owner password is the same as the user password.
The following table shows the four possible combinations of passwords and how an application processing such a PDF document behaves.
User password | Owner password | Behavior |
---|---|---|
None | None | Everyone can read. Everyone can change security settings. (No encryption) |
None | Set | Everyone can read. The user password is an empty string. Owner password required to change security settings. |
Set | None | User password required to read. The owner password is equal to the user password. User password required to change security settings. |
Set | Set | User or owner password required to read. Owner password required to change security settings. |
Permission flags
The operations granted in a PDF document are controlled by permission flags. To set permission flags, the PDF document must be encrypted and have an owner password. The owner password is required to initially set or later change the permission flags.
These access permission flags determine operations such as:
- Modify the content of the document
- Copy or extract text and graphics from the document
- Add or modify text annotations and interactive form fields
- Print the document (low or high quality)
- Fill in forms and digitally sign the document
- Assemble the document (insert, rotate, delete pages, etc.)
Reading a PDF document
A PDF document that is not encrypted or protected with an owner password only can be read and decrypted by the Pdftools SDK Open
function without providing a password.
A PDF document that is protected by a user password can only be opened if either the user or the owner password is provided as parameter in the Open
function.
Technically, it does not matter later on which of the two passwords was provided, because both grant full access to the document.
However, it is up to the application programmer to distinguish between input documents that are password protected or not.
Encrypting a PDF document
If either of the passwords or permission flags is set, the document is encrypted. If only a user password is set, but no owner password and no permission flags, the owner password is equal to the user password and all permissions are granted.
To encrypt a document and protect it against any manipulations other than printing, the document must have an owner password and the print permission flag set.
To learn how to encrypt and decrypt a document with the Pdftools SDK, see Encrypt a PDF.
Security and PDF encryption
PDF application programs such as all products of the Pdftools family or Adobe Acrobat can open and decrypt PDF documents that have an owner password but no user password, without knowing that password. Otherwise, it couldn't display the document. The application at that point has full access to the document.
However, this does not imply the user of this application is given the same access rights. The user should only be given the access permissions defined by the permission flags and the password provided.
Any PDF application that behaves different from that can allow for changing the security settings or completely removing encryption from the document as long as the original document does not have a user password.
The user password protects the document, so that it only can be opened if the user or owner password is known. No PDF application program can open a user-password protected PDF document without providing the password.
However, the security of such a document strongly depends on the password itself. Like in most password-related situations, insecure passwords can easily be found programmatically. For example, a brute force attempt testing all passwords that either exist as word in a dictionary or have less than six characters only takes minutes.