SecurePDF
You can use the command SecurePDF to digitally sign, encrypt, and set access controls on PDF documents. The digital signature is based on a cryptographic certificate, and you can use it to validate the authenticity of the PDF document. Any changes made to the PDF document after it has been signed invalidate the signature. Encryption restricts access to the protected document to users who have the appropriate password. The access controls restrict the ways in which the content of the PDF document can be manipulated by the reader.
The SecurePDF command does not produce PDF/A-1b compliant documents, even when the input PDF document is PDF/A-1b compliant.
Syntax
SecurePDF
File(<text>)
CertificateName(<text>)
AllowPrint(<True or False>)
AllowCopy(<True or False>)
AllowChange(<True or False>)
AllowFieldAuthoring(<True or False>)
PermissionPassword(<text>)
OpenPassword(<text>)
Use40BitEncryption(<True or False>)
Processor("Amyuni" or "PDFLib");
Parameters
- File: Required. The path and file name of the PDF file. This must be a PDF file on which none of the restrictions is set. If the PDF file contains attachments, they are removed.
- CertificateName: Optional. (Default: the PDF file is secured, but not signed.) The name of the stored certificate used for signing the PDF file. The certificate is issued to this name.
- The certificate must be installed in the Personal certificate store associated with the KCM Core account.
- AllowPrint: Optional (Default: False). Specifies whether the file can be printed by users.
- AllowCopy: Optional (Default: False). Specifies whether the document content can be copied by users.
- AllowChange: Optional (Default: False). Specifies whether the document content can be changed by users.
- AllowFieldAuthoring: Optional (Default: False. Users can still fill out the fields). Specifies whether Form Fields and comments can be added or changed.
- PermissionPassword: Optional (Default: a random password,
unknown to all). Specifies the password required to change access restrictions for the PDF file set with this command. If you do
not specify a permission password, a random password unknown to all is used.
If no permission password is specified, you cannot change the permissions later through the Adobe Acrobat software. The permission password alone should not be regarded as a strong security measure. Most common software, such as Adobe Acrobat, respects the PDF security settings. But you can develop and obtain software tools that remove or ignore the access restrictions for PDF documents that do not have an open password. You can find information on the parameter OpenPassword and security under "Security remarks" later in this section.
- OpenPassword: Optional (Default: no password is needed to
open the PDF). If a non-empty string is given, this parameter is the password that must be used to open the document. If a password
is set, all access to the document is prohibited without it.
The default is empty, which means that anyone can open the document and at least view it.
If you specify an OpenPassword and an empty PermissionPassword, there will be no access restrictions once a user opens the document with the open password.An open password should not be regarded as a strong security measure in combination with an empty PermissionPassword. The SecurePDF parameter reduces this risk by generating a random permission password by default. The Adobe software does not allow to open a file without specifying OpenPassword, but you can develop/obtain software tools that remove/ignore the open password for PDF files that have an empty (non-random) permission password.
- Processor: Optional. Selects the conversion technology
used to secure the PDF files. If this parameter is set to "Amyuni", the Amyuni toolkit is used. If this parameter is set to
"PDFLib", the PDFLib toolkit is used. Default is "PDFLib". You can change the default through the following setting in the dp.ini
file:
PDFTools.Processor=<"Amyuni" or "PDFLib"> - InteractiveFeatures: Optional. Takes effect only when
Processor is set to "PDFLib". This parameter controls how the
SecurePDF command processes the following interactive PDF features of the input PDF documents:
- Bookmarks: A PDF file can contain a bookmark structure that follows the document outline. This outline includes entries that link to the corresponding page when clicked.
- Links: A PDF file can contain links to a particular page within the document or to an external URL.
InteractiveFeatures parameter does not maintain bookmarks and links that have named destinations.
This parameter can have three values:
- IncludeStrict: Supported interactive features of the input documents are included in the result document. Any issues found with these features are flagged as errors, and processing is stopped. IncludeStrict does not guarantee that the supported interactive features are included in the result document in exactly the same way as they were present in the input documents. However, it attempts to detect and flag issues. When bookmarks or links with named destinations are encountered an error appears.
- Include: Supported interactive features of the input documents are included in the result document. The interactive features are replicated as closely to the originals as possible, but any deviations are not flagged as errors. Bookmarks and links with named destinations are not included in the result document.
- Exclude: No interactive features of the input document are included in the result document. This option can speed up processing of documents that support a large number of interactive features. Does not include any bookmarks or links, therefore none of them is flagged as an error.
If the InteractiveFeatures parameter is omitted, you can configure the default behavior of the SecurePDF command in the dp.ini file. Do this by assigning one of the preceding InteractiveFeatures values to the following setting:
PDFTools.InteractiveFeatures
If not specified, the default is include.
Also, when selecting the conversion technology, note the following:
- Amyuni
- SecurePDF uses the RC4 cipher with a 128-bit key to encrypt the PDF file if OpenPassword is specified.
- PDFLib
- SecurePDF uses the AES cipher with a 256-bit key to encrypt the PDF file if OpenPassword is specified.
- Signing the PDF file with a certificate is not supported.
-
SecurePDF removes interactive features (such as form fields) and document metadata from the documents.
- As of KCM Core version 5.1.1, hyperlinks and outlines are retained in the document.
Security remarks
- The parameter OpenPassword is used to encrypt the PDF document using the 128-bit RC4 stream cipher. For optimal safety, use passwords of around 32 characters.
- The most secure file is achieved when the parameter OpenPassword is specified and the parameter PermissionPassword is not specified. The effect of the combination of these parameters is that users need a password to open the file and that the parameter PermissionPassword is unknown, so the security cannot be changed.
- The second most secure file is achieved with both the parameters PermissionPassword and OpenPassword set to different non-empty values. The effect of this combination is that users need a password to open the file, and that they need to know the PermissionPassword to change the security settings. If you use the same password for both opening and permissions, users are able to change the security settings after providing the open password alone.
- Either specifying an empty PermissionPassword or specifying an empty OpenPassword (or omitting it) leads to a less secure file. The file will be encrypted and have access restrictions respected by the Adobe Acrobat software.
- The security level that can be reached with the parameter SecurePDF depends on the passwords set and on the 128-bit RC4 stream cipher standard and as such needs to be assessed for adequacy before use.
Use40BitEncryption: This setting is ignored. Documents are usually encrypted using 128- bit encryption. If PDFLib processor is used, the documents are encrypted using 256-bit encryption.