Hi,

People will always be able to edit your PDF file no matter what you do. The PDF permission settings are basically a "gentleman's agreement" between the PDF file and the PDF Viewer application:

1. When you only set the owner's password:

1.a. The file can be opened without a password. In this case it means you are an "user" and the PDF Viewer supposes to honor the permission flags;
1.b. The file can also be opened with the owner password. in this case it means you are the "owner" and the PDF Viewer should allow you to change the permission;

2. When you set both owner's and user's password, a password must be provided in order to open the PDF file. However once the file is opened, depending on which password was used, rule 1.a and 1.b applies;

This means there is no technical barriers to prevent a file from being modified. The only thing here is you set the flag and the PDF Viewer application honors it. However a PDF Viewer application can always choose to ignore those flags.

Digital certificate is something different and it does not address the above issue directly --- even though it may serve your purpose somewhat. A digital certificate signs the file so that once the file is being modified, the digital signature will be broken unless you resign it. The following sequence describes what happens:

1. You create a PDF file and sign it with a certificate (you can do this with our PdfSigner class);
2. User open the PDF file, the PDF Viewer application would usually display something like "this file has a digital signature and the signature is valid";
3. User modifies the file and resave it;
4. If user open the PDF file again, the PDF Viewer will display something like "The digital signature is invalid";
5. The user can resign it thus validate of the signature again;

It is possible that a PDFViewer application will choose to disallow step 3 --- but again there is no technical barriers to forbid that because it is perfectly logical that a user may indeed want to modify the contents and then resign it. So the conclusion here again is there is nothing technical to prevent the file from be modified.

Hope this helps.

Thanks!

Hi,

We are not in a position to offer advice on digital certificate since that is both beyond the scope of our support and beyond the scope of our expertise. We can only provide a general technical view of the PDF signer feature to you.

The PDF signer takes a digital certificate and signs the document with the private key of that certificate (creating a digital signature using the certificate's private key). It will then store both the certificate's public key and the signature in the file. A PDF Viewer application would then read the public key and the signature and using the public key to verify whether the signature is valid. This works because public key/private key exist in pairs --- information encoded by a private key can only be properly decoded by the corresponding public key.

When you pay a company for a digital certificate, you are basically paying for a public/private key pair. Since the algorithm to create public/private key pairs are well known so anyone can create such pairs. The difference between a paid one and a self created one is a paid one is linked to a trusted "certificate authority" (CA) that will check and confirm your identity. Regardless a certificate is linked to a trusted CA or not, a PDF Viewer application can detect the signature no longer match if the file has been modified. However a trusted CA is often important since anyone can modify a file signed by your certificate and then resign it with their own certificate. In this case the PDF Viewer application will still display "digital signature is valid" for the modified and resigned file. The difference is the new digital signature is no longer yours. As such identity of the signature is as important as the validity of the signature. However its common for organizations to setup their own CA to confirm identifies within their own organization. This way they can issue their own certificates without having to pay anyone but they can only be used within the organization since it can not be validated outside. This is often sufficient for internal networks.

There is no technical limits on how many times you can use a key pair if you are provided the key pair directly (often in the form of a .cer file). However some companies may decide to without the actually key pair from you and charge/limit how many times you can use it instead. That's probably what the "25K" is. However as mentioned we are not in that business so we could be very well wrong on this.

Hope this helps.

Thanks!

Great. Glad that we were able to help.