Password-Protected PDFs
 

Hi,
I noticed that when I password protect a PDF from being copied or printed in Adobe Acrobat, evince bypasses these restrictions. Is it possible at all to password protect a PDF in evince or somehow password protect a PDF such that no other software can bypass the restrictions set in place?

Thanks,

There are several types of password protection for PDFs.

First there are strong encryptions. You can't open the PDF at all unless you know the password, and if the password is strong the file is essentially impossible to hack (barring advances in cryptographic technology).

Second there are weak encryptions (40-bit?). These are like the above, but easier to break. These were once standard but now very easy to break. It's possible to cycle through the possible hashes until the right one is found, regardless of the length of the password. Using rainbow tables, these files can always be cracked in a matter of hours.

Finally there are advisory passwords. The contents of the file are not encrypted (though they are obfuscated slightly), since otherwise the file couldn't be read. The PDF program is asked to disallow printing, or modifying, or the like. Of course this can't be enforced, thus my name for this type of protection.

With this background, I don't think I need to actually explain the answer! :smile:

I am using what you dub an 'advisory password'. I am distributing a pdf to other people whom I am weary to trust, and thus I do not want them copying or printing the contents of the pdf. In other words, they can look but not touch. The encryption I am using is 128-bit AES. However, evince simply bypasses this restriction. The reason (I think) is that evince doesn't care for advisory passwords; however, evince could most definitely *not* open a document which requires a password to open unless the password is entered.

Ghostscript/GSview also ignores "password protected" restrictions on printing and copying PDFs. It's easy to even "print" to a non-password-protected version of the PDF that can then freely be used in Acrobat. I have on occasion taken advantage of this feature.

Of course, what you are seeking is fundamentally impossible. If they can see the content, then they can image what they see using a screen grab. They can then freely print the images. If they want copyable text, Acrobat includes surprisingly good OCR software.

[QUOTE=flouran;174940]I am using what you dub an 'advisory password'. I am distributing a pdf to other people whom I am weary to trust, and thus I do not want them copying or printing the contents of the pdf. In other words, they can look but not touch. The encryption I am using is 128-bit AES. However, evince simply bypasses this restriction. The reason (I think) is that evince doesn't care for advisory passwords; however, evince could most definitely *not* open a document which requires a password to open unless the password is entered.[/QUOTE]

The contents of your file are *not* encrypted: if they were, those untrusted people could not read your file. But what you want (as frmky pointed out and I already explained) is technically impossible: if they have the information, you can't stop them from using it. If they have enough information to display it onscreen they have enough information to print it.

You can include information in the file asking programs not to do certain things, but you can't stop them. Further, given such a 'password-protected file', it's easy to produce another file with the same information but no password, so that even printing from Acrobat is possible. (It's not quite so easy that you could do it with a hex editor and scratch paper, but nearly so.)

[QUOTE=CRGreathouse;174942]The contents of your file are *not* encrypted: if they were, those untrusted people could not read your file. But what you want (as frmky pointed out and I already explained) is technically impossible: if they have the information, you can't stop them from using it. If they have enough information to display it onscreen they have enough information to print it.

You can include information in the file asking programs not to do certain things, but you can't stop them. Further, given such a 'password-protected file', it's easy to produce another file with the same information but no password, so that even printing from Acrobat is possible. (It's not quite so easy that you could do it with a hex editor and scratch paper, but nearly so.)[/QUOTE]
I'm not surprised.

What about making a video slideshow of the info on a DVD? Once you burn it as a regular DVD, most computers will display it, but make copying the view cumbersome at best.

Send it out on VHS.....
35mm

So get a digital camera.

Certainly the process can be made more difficult, but you can't make it impossible. If the user is presented with the information, it's available for whatever end.

[quote=CRGreathouse;174949]So get a digital camera.[/quote]... or take out that SX-70 resting on your closet shelf, get a couple of film packs from the [I]resurrected Polaroid instant film factory ([URL]http://www.nytimes.com/2009/05/26/technology/26polaroid.html?em[/URL])[/I], and warm up your digital scanner.

[quote=CRGreathouse;174942]The contents of your file are *not* encrypted: if they were, those untrusted people could not read your file. [/quote]

You can encrypt the content - it depends which protection scheme you're using. Most of the password protected content uses older pdf versions so you can use it with older Acrobat Reader.

I doubt that you can crack pdf-1.7 files without knowing the key (e.g. password).

[QUOTE=joblack;175097]You can encrypt the content - it depends which protection scheme you're using.[/QUOTE]

Right, I'm well aware of the schemes. But any PDF that can be opened without a password can be printed without a password -- the only thing stopping you is software choosing to listen to the PDF's recommendation that it not be printed.

This is fundamentally different from an encrypted PDF, where it's not obvious how to get the content at all. (As I mentioned, though, the older schemes are easy to break with rainbow tables -- it takes a few hours, tops. Even without rainbow tables it can be done in a few days on a slow laptop.)

[QUOTE=flouran;174940]I am using what you dub an 'advisory password'. I am distributing a pdf to other people whom I am weary to trust, and thus I do not want them copying or printing the contents of the pdf. In other words, they can look but not touch. The encryption I am using is 128-bit AES. However, evince simply bypasses this restriction. The reason (I think) is that evince doesn't care for advisory passwords; however, evince could most definitely *not* open a document which requires a password to open unless the password is entered.[/QUOTE]

In an abstract theoretical sense, with general purpose computers there is no way to allow people to read a file on a screen and prevent them from doing other things such as printing. Any such measure is at best voluntary on the recipient's option. If you don't trust them then you shouldn't give them the "read only" copy.

It would be even harder to prevent anyone from making and distributing copies of a file.

Adobe may try to enforce such measures in their software but they don't control most other pdf/postscript interpreters. Even then its probably not too hard to patch adobe's software (hack) to bypass such restrictions. (I may be illegal in the US under the DCMA tho)

[QUOTE=lfm;175248]Adobe may try to enforce such measures in their software but they don't control most other pdf/postscript interpreters. Even then its probably not too hard to patch adobe's software (hack) to bypass such restrictions. (I may be illegal in the US under the DCMA tho)[/QUOTE]

It's not clear whether patching Acrobat with a nonapproved patch would fall afoul of the anticurcumvention clause. But using a program that doesn't listen to the suggestion shouldn't be a problem.

----

I've attached the standard Acrobat warning for those who are interested.

I would agree with everything said here. If you don't want someone to replicate a document the best path is to secure a legal copyright and have the users sign an agreement which would need to contain strict language to bind them.

It's so complex in this case that if you dont have control over the terminal that is being used to view the file, there is no way you could stop the user from replicating the file.

I would just screen capture it and then OCR import it to my scanner software. If I needed to have it look identical, then I'd export it as a PDF, then style the new PDF until my copy matched the screen capture. If the PDF has active features a set of screen captures would still be sufficient to replicate the document.

Even if the users could only see the document on the screen but not access the document, they could replicate it. And couldn't they also just tell someone what was contained in the document?

If it's the document form you want to protect, you'll need a copyright and/or legal agreement.
If it's the information you want to protect, trust noone, or show them only in person.

Tons of softwares which convert PDFs could be used once the password protection is bypassed or if the software ignores the protection. PDF just isnt as secure as everyone loves to believe. To truly be secure in the short term you'd want to write your own viewer/client app, but my screen capture method would still work.

One thing I was thinking that would work to deter most amatuers is to link files within the PDF that are external, on a secured server, with server/client program authentication. Then you can assure the layout/information can't be loaded without the server being up and current, you can swap the file on the server to disable the PDF in the future, and you can be sure that spoofing authentication of adobe acrobat IS illegal and not what most of the programs do. Most non-adobe PDF handling programs can be identified by the server when the document is loaded... If there would be one that "pretends" to be Adobe Acrobat it would be illegal use.

Still that doesn't stop a screen capture method... You need legal protection. Hire a lawyer local to the person and have them show them the print copy, then take it away.

(sorry so long)

Even keeping control of the physical copies might not work. If you let them read it at all they might have a concealed camera that will record everything they see. Its just getting harder and harder to keep secrets. Hmm, I wonder if we could construct some sorta shield out of tin foil .....

don't forget print screen...

[quote=lfm;175569]Even keeping control of the physical copies might not work. If you let them read it at all they might have a concealed camera that will record everything they see.[/quote]In fact, all "they" may need is for you to lay your keyring on a table in a public place where it can be photographed from across the room/street, if the ring has the key(s) controlling access to the physical copies.

It's now possible for someone to read the key code that can be used to duplicate a key, using only a photograph of the key, and [I]without expensive equipment, using publicly-available software, and without any special knowledge[/I]. See "Duplicating Your Housekeys, From a Distance" at [URL]http://mersenneforum.org/showthread.php?t=10885[/URL]

[quote]Its just getting harder and harder to keep secrets.[/quote]So, I'm advising my friends to begin changing their habits if they habitually lay their keys on a table beside them in public places such as a restaurant. Better to keep all keys out of sight when not actually in use.

It's sad that technology keeps eroding our traditional privacy and security, but it is happening. (* sigh *) Stuff like this new key-copying technique is probably still very rare, but changes are gradually negating old assumptions about safety as new ideas spread faster and faster.