Security overview

The security offering has the following main elements:

Passwords

Apply Open passwords that a recipient must use to open and view the PDF or Permissions passwords that are needed to define or change permitted or prohibited actions. The protection is achieved by encryption, for which removal is achieved only by supplying a password. See Password security overview.

Permissions

Actions that can be allowed or prohibited using a Permissions password: printing the document, high resolution printing, editing real PDF content, copying or extracting content, extracting Pages, accessibility access (usually allowed), commenting, form filling, and signing and document assembly.

Digital identities (IDs)

Passwords give control over document use; their disadvantage is that you must distribute one or more passwords to recipients via email, letter or phone, and these messages can be intercepted and misused. Digital IDs avoid this pitfall. A Digital ID is used when signing or certifying documents or when using Certificate Security. Power PDF can create self-signed certificates, which can also be obtained from Certificate Authorities. Security Certificates allow documents to be locked and unlocked using public keys and private keys. See Digital ID overview.

Signatures

Documents signed through a Certificate Authority make it possible to verify that no changes have been made since the document was signed and assure the signer's identity. If changes were made, a comparison can show what changed. A document can be just signed using the top part of the Sign/Certify panel, or it can be signed and certified using the bottom part of the panel. This approach allows the sender to limit the changes that recipients may make to the document See Sign/Certify Panel and Signing and Certifying Documents.

You can place a signature or other identifier in a document as a stamp (that is, a type of comment), but it offers no protection against later changes: create it from a hand-drawn signature, an imported image file (typically with your scanned signature) or a text that is typed in. See Handwritten Signatures.

Certificates

Certificates are files that contain Digital IDs and accompanying data. These files can be used for

  • Signing documents so their authenticity can later be verified.

  • Certifying documents, so they have a verifiable signature plus a limitation on the actions a recipient may perform.

  • Protecting documents by Certificate Security; this ensures that PDF contents are protected by encryption.

For Certificate security Power PDF can create self-signed certificates, they can also be obtained from Certificate Authorities.

Your own created Certificate file contains both your own private key plus your own public key. It must be stored in the Security Settings dialog box called from Security > Manage Digital Identities or in the Windows Certificate Store. The file must not be shared.

Select Export Certificate to generate a Public ID file, which does not contain your private key; it contains only your public key plus associated data. This file can be distributed to partners. Such files received from partners must be stored in the Manage Trusted Identities dialog box called from Security > Trusted Identities or in the Windows Certificate Store.

Time stamp services

These services are registered with a Time Stamp Server, and offer verification that the date and time shown in a signature really indicate the time of the signing. See Time Stamping a Digital Signature.

Envelopes

Envelopes serve as containers to group together a set of attached files, which may have their own security. Security can also be applied to the envelope, setting up conditions for recipients to access all enclosed documents. See Envelopes overview.

Secure delivery

A wizard is available to help you prepare documents for delivery See Secure Delivery.