Welcome Guest Search | Active Topics | Sign In | Register

Essential Objects Product Support Forum » All Products » Support » PDF Encryption

PDF Encryption Options
Previous Topic · Next Topic
Biz
Posted: Tuesday, August 26, 2014 7:08:16 PM
Rank: Member
Groups: Member

Joined: 8/26/2014
Posts: 20
Currently evaluating the software. When I use encryption to restrict certain features, the PDF seems to get encrypted as designed. However, I can use a PDF editor can easily access security and change the feature restrictions without a password prompt. When I do this using the editor itself, it restricts the features and does not allow users to change it until the correct password is provided. I am using NitroPDF as my editor. Is this a known issue of is there something wrong in my code?


Here is the code:


string file = @"C:\pdf\test.htm";
string outfile = Path.Combine(Path.GetDirectoryName(file), Path.GetFileNameWithoutExtension(file) + ".pdf");

HtmlToPdfOptions options = new HtmlToPdfOptions() { PageSize = new System.Drawing.SizeF(8.3F, 11.7F) };

PdfDocument pdf = new PdfDocument();
pdf.Security.OwnerPassword = "test";
pdf.Security.Permissions = PdfDocumentPermissions.None;

HtmlToPdfResult result = HtmlToPdf.ConvertUrl(file, pdf, options);
pdf.Save(outfile);
Back to top
 
eo_support
Posted: Tuesday, August 26, 2014 7:57:11 PM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,196
Hi,

I believe this is just how PDF security is. Originally the owner password is designed to lock permission such as disallowing printing. However in order for a program to be able to display the PDF file properly, it must be able to decode the file properly. Because of that the owner password is not needed for the file to be properly decoded. If a program can correctly decode the file, it can modify anything it wants to, including the permission settings. Because of this, the permission settings are purely a "gentleman's agreement" between the PDF files and PDF editors. Adobe wants all PDF editors to honor the rule that says if such a password exists in the file then the editor must verify it before allowing user to change permissions. However in reality there is no technical barrier preventing editor to ignore this password all together.

Thanks
Back to top
 
Biz
Posted: Tuesday, August 26, 2014 8:15:20 PM
Rank: Member
Groups: Member

Joined: 8/26/2014
Posts: 20
So, when I do this using the NitroPDF interface, it somehow enforces this "technical barrier"? When I encrypt the file with PdfDocumentPermissions.None, NitroPDF does show that the file does not allow any changes and that it "has" a Password Security, but it readily allows me to reset the restrictions and save the document. What is the PDF editor able to do that EO.Pdf is not able to do? Or is it (i.e the PDF Editor) doing something that is proprietary and not standard? For example, if I were to use PDF editor x to set the restrictions, PDF editor y will not "honor" those restrictions and vice versa.
Back to top
 
eo_support
Posted: Tuesday, August 26, 2014 8:49:51 PM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,196
Hi,

Here is a summary of the "owner password" behavior:

1. An "owner password" on a PDF file is like a "no smoking" sign with no enforcement;
2. When a PDF editor sees this password, it has the option to ignore it or honor it. That's why NitroPDF sees this password but still readily allow you to reset the permissions;
3. EO.Pdf can do the same. You can use the following code to reset a PDF file protected by owner's password (no matter the file is encrypted by EO.Pdf or by another editor):

Code: C# 
//Open a PDF file encrypted with owner password. Note that
//there is no need to provide the owner password at all. The
//file will open file without the password
PdfDocument doc = new PdfDocument(encrypted_pdf_file_name);

//Reset the permission
doc.Security.Permissions = PdfDocumentPermissions.All;

//Save it to a new file. The new file now has no permission restrictions
doc.Save(new_unencrypted_pdf_file_name);


There is nothing proprietary or non-standard about this. On the contrary, because the PDF file format standard is open and it puts no technical barrier for reading an owner password protected PDF file, everyone can read such a file without needing the password at all. The only part that is "non-standard" in the above code is that, if you were writing a PDF editor with our library, you "suppose" to add some code to ask for the user for password before your code proceed to reset the permissions. However as you have already discovered, nobody (except for Adobe) seriously enforces this rule;

4. By the same token, when you set the restrictions with Editor X, Editor Y can choose not to "honor" it at all.

The only case where the owner password really matter is, if a file is encrypted with both owner password and user password, then at least one of these two password is needed in order to open the file. In this case owner password can be used to correctly decode (open) the file.

Hope this clears up. Please feel free to let us know if you still have any questions.

Thanks!
Back to top
 
Biz
Posted: Tuesday, August 26, 2014 9:23:28 PM
Rank: Member
Groups: Member

Joined: 8/26/2014
Posts: 20
Thanks for the prompt response and clarification. I found that Adobe Professional "honors" the owner password, so the problem is with NitroPDF. The real issue, IMHO, is with the PDF format itself. If it is supposed to be so secure and standard, it should be secure regardless of what editor uses it. The portion of the file where these restrictions are stored should not be "writable" without the owner password. If a program attempts to do this, it should render the entire PDF unreadable. That is the only way you can force every PDF editor to honor this requirement.
Back to top
 
eo_support
Posted: Tuesday, August 26, 2014 9:35:11 PM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,196
You are very welcome. Yes, I agree with you that the problem is the PDF file format itself.

Please feel free to let us know if you still have any other questions about the product.
Back to top
 


You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.