Help Securing a PDF File

Hello,

I just purchased a Digital ID/Certificate from GlobalSign, one of Adobe's CDS providers, so I can sign PDF files.  I installed the drivers/certificates and was able to sign a test document.  At the top of the file there was a blue banner that says "Certified by ..... Certificate issued by Global Sign".

The only problem is that the document is completely unprotected.  By this I mean you can copy all the content you want, and even copy it as formatted.  I suspect you could create an unsigned twin of the file by copying everything with formatting and pasting it into MS Word.

In the past, I used password security to prevent changes/copying/extraction of content.  How do I get the best of both worlds?  I want the final PDF signed by me with my GlobalSign ID.  The only thing others should be able to do is print in high-res.  There should be no copying, extraction, editing, etc.

I tried securing the document with a password, then signing it.  The problem is once it is secure the option to sign wasn't available.  Maybe I need to set the password security, then sign it without saving the document first.  Would this make signature and restrictions stick?

I hope this whole Digital ID thing wasn't a waste it means anyone can essentially copy my content.  Please help!

Thanks!!
MrChip2PresidentAsked:
Who is Participating?
 
shahzoorCommented:
You will sign it as you do regularly and then you will add the protection
I use Nitro Pro and i can do all those things in it
People cannot copy edit or modify
All they have is the option to print it in high resolution
If you are still doubtful then there is a manual process :)

Save the document as JPG file
then create a PDF document of it
and add security :)
0
 
shahzoorCommented:
Document security thing is a available in Adobe Acrobat professional
0
 
MrChip2PresidentAuthor Commented:
Hi,

I forgot to mention I have Acrobat X Pro.  I am familiar with password protection - have used it for years.  I recently discovered the best/strongest passwords are useless, free online tools will crack them in a second.  That's a reason I purchased this Digital ID from an Adobe CDS.  The problem is signing the document doesn't prevent people from copying/extracting.  

I want to end up with a PDF file that:

Everyone with Reader 9.0 or above (or equivalent third party app) can open
Everyone can print it in high quality
No one can copy content to clip board, extract pages, or change the document
It is certified by me using my Third Party trusted certificate.

Do you know how to do this?
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

 
shahzoorCommented:
0
 
MrChip2PresidentAuthor Commented:
Hi shahzoor,

Thanks for continuing to help.  I have seen that video already - but it was good to watch it again.  I am starting to think that what I want to do is impossible.

It seems that if I use Certificate protection, then only people whose certificates I enter can open the document.  I want to use Certificate protection because online tools cannot crack it (passwords are worthless).  However, I want everyone to be able to open and print - that is it.  Is there a way to set that up?  In other words, can it be set so that anyone whose certificate is not pre-loaded can open and print?

The other possibility is if there is a way to sign a document and prevent copying / extraction at the same time.  I don't see any way to limit controls when signing.
0
 
MrChip2PresidentAuthor Commented:
OK, this sounds promising.  I am new at this whole signing aspect of PDF files.  When I signed the file with my Digital ID I was not able to make any changes.  To help me figure this out quickly, would you mind being very specific and detailed in the steps you would take using Acrobat?  Nitro Pro may be a viable option down the road, but for now I need to stick with Acrobat.

1. I start with an unlocked PDF.  Then I add whatever metadata I want.
2. Next I go to Tools - Sign and Certify - Certify without Digital Signature
3. Then I select my Certificate from GlobalSign
4. Then I can select No Changes, Form Fill In, or Annotations.  I can still copy, copy with formatting, or Export Selection As.

Can you tell me what I am doing wrong and how I would add protection after the signing?

Your JPEG idea is interesting.  The original file is in MS Word.  Would you convert from Word to JPEG or from the PDF to JPEG?  Is the text in the JPEG just as readable?  I see what you mean though, if everything is a picture they cannot copy and past the text.  They could still make copies of pages, however.

Thanks!!!!!!!!
0
 
shahzoorCommented:
i dont have acrobat installed and i hate it because of the reason that it sucks lots of resources of your pc and the space
thus i am using nitro
the step seems to be missing is selecting the encryption level
and the list of advanced options and then the password
if you have the password you can later edit the protected file

In pdf document, go to file save as and select the option as image file
then open create a pdf file of the image file
no one can edit image file and its equally good but would loose some clarity

More safe and difficult to edit :)
0
 
MrChip2PresidentAuthor Commented:
Thanks for keeping up with this.  I have been reading a lot on Adobe forums and I have pretty much come to the conclusion that what I am trying to do is a waste of time.  

I found a post in Adobe's Acrobat Forum from an expert named Dave Merchant.  He wrote the following that makes sense:

Password-based permissions settings are not secure at all. It's trivial to remove them, and only Adobe software guarantees to respect them in the first place... they take 30 seconds to remove.

Certificate-based encryption uses the digital ID of the recipient, not the creator - so it's only going to work if you get the digital ID from each recipient in advance, and cannot be used for public documents on a website. It can also be removed without access to the private key, but it takes a lot more effort to do so.

Digital rights management (using Adobe ADEP / LiveCycle Rights Management servers) can protect a file against printing and direct copying with no realistic possibility of the protection being removed, but it's extremely expensive. - Note later comment said 5 figures.


Here is the key comment:

However in every case, if a page is visible on screen it can be captured as a screengrab, then re-OCRed to extract text. You can't extract media, scripts and vector objects, but something like a novel is utterly impossible to secure against copying if it's distributed into an uncontrolled space.

In a nutshell, if you can see it and print it, you can scan it and extract text.  Given this, I think I will simply sign the document with my GlobalSign ID.  Changes would invalidate my signature - which I may make visible on the document.

FYI, you are not kidding when you say "loose some clarity".  The default settings yield a very pixelated file.  I spent hours trying to get images that look good at a manageable size.  When saved as a 600 dpi TIF file, the text looks just as good as the original.  The problem is each page is 50 MB!  Somehow I don't think a 1.6 GB PDF file will go over well.  I have tried all kinds of variations on image creation, manipulation in CS5, and PDF size reductions.  The smallest PDF that looks as good as the original is 55MB in size - way better than 1.6 GB but still way too big.  Unless I can find a way to get a good looking image based file at 3MB or smaller, I will just sign.

Any suggestions?
0
 
shahzoorCommented:
i dont think an expert of Adobe will talk against Adobe on their forum
Of course he is trying to sell something which he suggested
there is nothing which cannot be cracked , there are a  number of ways to do things if you want to do but not everyone will be an expert to modify the documents
0
 
captainCommented:
Ok, I must say I have not tried this in line with all the previous comments but here is what I understand:

Not withstanding the foregoing, that a person with enough criminal energy will always find a way to circumvent your security (screengrab >OCR etc.) this is also a question of how much your content is worth and whether for that purpose you want to go trough the expense of adding layers of security on top, go to DRM solutions, online or offline only to realise that a student in far east makes cracking your document a new hobby of his.

All that aside, of you use the document Properties dialog to add security and select the option for Digital certificate the following wizard will allow you to set the Permissions including whether the contents can be copied.

But for this you can only enable the opening of this document to the identities that you have certificates for. Adobe does not offer a certificate protection whereby the certificate only applies to the change permissions, such as the password does. This is probably due that without the presence of a certification authority such as a local CA, any security would have to be stored within the PDF, and my guess is that this would be just as easy to tamper with as a password removal tool will remove said password.

In short there is no way to use a stronger security than password security, if you don't have control over your recipients unless you want to use DRM servers but that is a different class as far as costs are concerned
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.