Help Securing a PDF File

Posted on 2012-08-15
Medium Priority
Last Modified: 2012-08-18

I just purchased a Digital ID/Certificate from GlobalSign, one of Adobe's CDS providers, so I can sign PDF files.  I installed the drivers/certificates and was able to sign a test document.  At the top of the file there was a blue banner that says "Certified by ..... Certificate issued by Global Sign".

The only problem is that the document is completely unprotected.  By this I mean you can copy all the content you want, and even copy it as formatted.  I suspect you could create an unsigned twin of the file by copying everything with formatting and pasting it into MS Word.

In the past, I used password security to prevent changes/copying/extraction of content.  How do I get the best of both worlds?  I want the final PDF signed by me with my GlobalSign ID.  The only thing others should be able to do is print in high-res.  There should be no copying, extraction, editing, etc.

I tried securing the document with a password, then signing it.  The problem is once it is secure the option to sign wasn't available.  Maybe I need to set the password security, then sign it without saving the document first.  Would this make signature and restrictions stick?

I hope this whole Digital ID thing wasn't a waste it means anyone can essentially copy my content.  Please help!

Question by:MrChip2
  • 5
  • 4
LVL 14

Expert Comment

ID: 38298907
Document security thing is a available in Adobe Acrobat professional

Author Comment

ID: 38298920

I forgot to mention I have Acrobat X Pro.  I am familiar with password protection - have used it for years.  I recently discovered the best/strongest passwords are useless, free online tools will crack them in a second.  That's a reason I purchased this Digital ID from an Adobe CDS.  The problem is signing the document doesn't prevent people from copying/extracting.  

I want to end up with a PDF file that:

Everyone with Reader 9.0 or above (or equivalent third party app) can open
Everyone can print it in high quality
No one can copy content to clip board, extract pages, or change the document
It is certified by me using my Third Party trusted certificate.

Do you know how to do this?
LVL 14

Expert Comment

ID: 38298951
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.


Author Comment

ID: 38298987
Hi shahzoor,

Thanks for continuing to help.  I have seen that video already - but it was good to watch it again.  I am starting to think that what I want to do is impossible.

It seems that if I use Certificate protection, then only people whose certificates I enter can open the document.  I want to use Certificate protection because online tools cannot crack it (passwords are worthless).  However, I want everyone to be able to open and print - that is it.  Is there a way to set that up?  In other words, can it be set so that anyone whose certificate is not pre-loaded can open and print?

The other possibility is if there is a way to sign a document and prevent copying / extraction at the same time.  I don't see any way to limit controls when signing.
LVL 14

Accepted Solution

shahzoor earned 1600 total points
ID: 38299032
You will sign it as you do regularly and then you will add the protection
I use Nitro Pro and i can do all those things in it
People cannot copy edit or modify
All they have is the option to print it in high resolution
If you are still doubtful then there is a manual process :)

Save the document as JPG file
then create a PDF document of it
and add security :)

Author Comment

ID: 38299661
OK, this sounds promising.  I am new at this whole signing aspect of PDF files.  When I signed the file with my Digital ID I was not able to make any changes.  To help me figure this out quickly, would you mind being very specific and detailed in the steps you would take using Acrobat?  Nitro Pro may be a viable option down the road, but for now I need to stick with Acrobat.

1. I start with an unlocked PDF.  Then I add whatever metadata I want.
2. Next I go to Tools - Sign and Certify - Certify without Digital Signature
3. Then I select my Certificate from GlobalSign
4. Then I can select No Changes, Form Fill In, or Annotations.  I can still copy, copy with formatting, or Export Selection As.

Can you tell me what I am doing wrong and how I would add protection after the signing?

Your JPEG idea is interesting.  The original file is in MS Word.  Would you convert from Word to JPEG or from the PDF to JPEG?  Is the text in the JPEG just as readable?  I see what you mean though, if everything is a picture they cannot copy and past the text.  They could still make copies of pages, however.

LVL 14

Expert Comment

ID: 38303245
i dont have acrobat installed and i hate it because of the reason that it sucks lots of resources of your pc and the space
thus i am using nitro
the step seems to be missing is selecting the encryption level
and the list of advanced options and then the password
if you have the password you can later edit the protected file

In pdf document, go to file save as and select the option as image file
then open create a pdf file of the image file
no one can edit image file and its equally good but would loose some clarity

More safe and difficult to edit :)

Author Comment

ID: 38303297
Thanks for keeping up with this.  I have been reading a lot on Adobe forums and I have pretty much come to the conclusion that what I am trying to do is a waste of time.  

I found a post in Adobe's Acrobat Forum from an expert named Dave Merchant.  He wrote the following that makes sense:

Password-based permissions settings are not secure at all. It's trivial to remove them, and only Adobe software guarantees to respect them in the first place... they take 30 seconds to remove.

Certificate-based encryption uses the digital ID of the recipient, not the creator - so it's only going to work if you get the digital ID from each recipient in advance, and cannot be used for public documents on a website. It can also be removed without access to the private key, but it takes a lot more effort to do so.

Digital rights management (using Adobe ADEP / LiveCycle Rights Management servers) can protect a file against printing and direct copying with no realistic possibility of the protection being removed, but it's extremely expensive. - Note later comment said 5 figures.

Here is the key comment:

However in every case, if a page is visible on screen it can be captured as a screengrab, then re-OCRed to extract text. You can't extract media, scripts and vector objects, but something like a novel is utterly impossible to secure against copying if it's distributed into an uncontrolled space.

In a nutshell, if you can see it and print it, you can scan it and extract text.  Given this, I think I will simply sign the document with my GlobalSign ID.  Changes would invalidate my signature - which I may make visible on the document.

FYI, you are not kidding when you say "loose some clarity".  The default settings yield a very pixelated file.  I spent hours trying to get images that look good at a manageable size.  When saved as a 600 dpi TIF file, the text looks just as good as the original.  The problem is each page is 50 MB!  Somehow I don't think a 1.6 GB PDF file will go over well.  I have tried all kinds of variations on image creation, manipulation in CS5, and PDF size reductions.  The smallest PDF that looks as good as the original is 55MB in size - way better than 1.6 GB but still way too big.  Unless I can find a way to get a good looking image based file at 3MB or smaller, I will just sign.

Any suggestions?
LVL 14

Expert Comment

ID: 38304381
i dont think an expert of Adobe will talk against Adobe on their forum
Of course he is trying to sell something which he suggested
there is nothing which cannot be cracked , there are a  number of ways to do things if you want to do but not everyone will be an expert to modify the documents
LVL 31

Assisted Solution

captain earned 400 total points
ID: 38304916
Ok, I must say I have not tried this in line with all the previous comments but here is what I understand:

Not withstanding the foregoing, that a person with enough criminal energy will always find a way to circumvent your security (screengrab >OCR etc.) this is also a question of how much your content is worth and whether for that purpose you want to go trough the expense of adding layers of security on top, go to DRM solutions, online or offline only to realise that a student in far east makes cracking your document a new hobby of his.

All that aside, of you use the document Properties dialog to add security and select the option for Digital certificate the following wizard will allow you to set the Permissions including whether the contents can be copied.

But for this you can only enable the opening of this document to the identities that you have certificates for. Adobe does not offer a certificate protection whereby the certificate only applies to the change permissions, such as the password does. This is probably due that without the presence of a certification authority such as a local CA, any security would have to be stored within the PDF, and my guess is that this would be just as easy to tamper with as a password removal tool will remove said password.

In short there is no way to use a stronger security than password security, if you don't have control over your recipients unless you want to use DRM servers but that is a different class as far as costs are concerned

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question