Help Securing a PDF File

Posted on 2012-08-15
Last Modified: 2012-08-18

I just purchased a Digital ID/Certificate from GlobalSign, one of Adobe's CDS providers, so I can sign PDF files.  I installed the drivers/certificates and was able to sign a test document.  At the top of the file there was a blue banner that says "Certified by ..... Certificate issued by Global Sign".

The only problem is that the document is completely unprotected.  By this I mean you can copy all the content you want, and even copy it as formatted.  I suspect you could create an unsigned twin of the file by copying everything with formatting and pasting it into MS Word.

In the past, I used password security to prevent changes/copying/extraction of content.  How do I get the best of both worlds?  I want the final PDF signed by me with my GlobalSign ID.  The only thing others should be able to do is print in high-res.  There should be no copying, extraction, editing, etc.

I tried securing the document with a password, then signing it.  The problem is once it is secure the option to sign wasn't available.  Maybe I need to set the password security, then sign it without saving the document first.  Would this make signature and restrictions stick?

I hope this whole Digital ID thing wasn't a waste it means anyone can essentially copy my content.  Please help!

Question by:MrChip2
    LVL 14

    Expert Comment

    Document security thing is a available in Adobe Acrobat professional

    Author Comment


    I forgot to mention I have Acrobat X Pro.  I am familiar with password protection - have used it for years.  I recently discovered the best/strongest passwords are useless, free online tools will crack them in a second.  That's a reason I purchased this Digital ID from an Adobe CDS.  The problem is signing the document doesn't prevent people from copying/extracting.  

    I want to end up with a PDF file that:

    Everyone with Reader 9.0 or above (or equivalent third party app) can open
    Everyone can print it in high quality
    No one can copy content to clip board, extract pages, or change the document
    It is certified by me using my Third Party trusted certificate.

    Do you know how to do this?
    LVL 14

    Expert Comment


    Author Comment

    Hi shahzoor,

    Thanks for continuing to help.  I have seen that video already - but it was good to watch it again.  I am starting to think that what I want to do is impossible.

    It seems that if I use Certificate protection, then only people whose certificates I enter can open the document.  I want to use Certificate protection because online tools cannot crack it (passwords are worthless).  However, I want everyone to be able to open and print - that is it.  Is there a way to set that up?  In other words, can it be set so that anyone whose certificate is not pre-loaded can open and print?

    The other possibility is if there is a way to sign a document and prevent copying / extraction at the same time.  I don't see any way to limit controls when signing.
    LVL 14

    Accepted Solution

    You will sign it as you do regularly and then you will add the protection
    I use Nitro Pro and i can do all those things in it
    People cannot copy edit or modify
    All they have is the option to print it in high resolution
    If you are still doubtful then there is a manual process :)

    Save the document as JPG file
    then create a PDF document of it
    and add security :)

    Author Comment

    OK, this sounds promising.  I am new at this whole signing aspect of PDF files.  When I signed the file with my Digital ID I was not able to make any changes.  To help me figure this out quickly, would you mind being very specific and detailed in the steps you would take using Acrobat?  Nitro Pro may be a viable option down the road, but for now I need to stick with Acrobat.

    1. I start with an unlocked PDF.  Then I add whatever metadata I want.
    2. Next I go to Tools - Sign and Certify - Certify without Digital Signature
    3. Then I select my Certificate from GlobalSign
    4. Then I can select No Changes, Form Fill In, or Annotations.  I can still copy, copy with formatting, or Export Selection As.

    Can you tell me what I am doing wrong and how I would add protection after the signing?

    Your JPEG idea is interesting.  The original file is in MS Word.  Would you convert from Word to JPEG or from the PDF to JPEG?  Is the text in the JPEG just as readable?  I see what you mean though, if everything is a picture they cannot copy and past the text.  They could still make copies of pages, however.

    LVL 14

    Expert Comment

    i dont have acrobat installed and i hate it because of the reason that it sucks lots of resources of your pc and the space
    thus i am using nitro
    the step seems to be missing is selecting the encryption level
    and the list of advanced options and then the password
    if you have the password you can later edit the protected file

    In pdf document, go to file save as and select the option as image file
    then open create a pdf file of the image file
    no one can edit image file and its equally good but would loose some clarity

    More safe and difficult to edit :)

    Author Comment

    Thanks for keeping up with this.  I have been reading a lot on Adobe forums and I have pretty much come to the conclusion that what I am trying to do is a waste of time.  

    I found a post in Adobe's Acrobat Forum from an expert named Dave Merchant.  He wrote the following that makes sense:

    Password-based permissions settings are not secure at all. It's trivial to remove them, and only Adobe software guarantees to respect them in the first place... they take 30 seconds to remove.

    Certificate-based encryption uses the digital ID of the recipient, not the creator - so it's only going to work if you get the digital ID from each recipient in advance, and cannot be used for public documents on a website. It can also be removed without access to the private key, but it takes a lot more effort to do so.

    Digital rights management (using Adobe ADEP / LiveCycle Rights Management servers) can protect a file against printing and direct copying with no realistic possibility of the protection being removed, but it's extremely expensive. - Note later comment said 5 figures.

    Here is the key comment:

    However in every case, if a page is visible on screen it can be captured as a screengrab, then re-OCRed to extract text. You can't extract media, scripts and vector objects, but something like a novel is utterly impossible to secure against copying if it's distributed into an uncontrolled space.

    In a nutshell, if you can see it and print it, you can scan it and extract text.  Given this, I think I will simply sign the document with my GlobalSign ID.  Changes would invalidate my signature - which I may make visible on the document.

    FYI, you are not kidding when you say "loose some clarity".  The default settings yield a very pixelated file.  I spent hours trying to get images that look good at a manageable size.  When saved as a 600 dpi TIF file, the text looks just as good as the original.  The problem is each page is 50 MB!  Somehow I don't think a 1.6 GB PDF file will go over well.  I have tried all kinds of variations on image creation, manipulation in CS5, and PDF size reductions.  The smallest PDF that looks as good as the original is 55MB in size - way better than 1.6 GB but still way too big.  Unless I can find a way to get a good looking image based file at 3MB or smaller, I will just sign.

    Any suggestions?
    LVL 14

    Expert Comment

    i dont think an expert of Adobe will talk against Adobe on their forum
    Of course he is trying to sell something which he suggested
    there is nothing which cannot be cracked , there are a  number of ways to do things if you want to do but not everyone will be an expert to modify the documents
    LVL 32

    Assisted Solution

    Ok, I must say I have not tried this in line with all the previous comments but here is what I understand:

    Not withstanding the foregoing, that a person with enough criminal energy will always find a way to circumvent your security (screengrab >OCR etc.) this is also a question of how much your content is worth and whether for that purpose you want to go trough the expense of adding layers of security on top, go to DRM solutions, online or offline only to realise that a student in far east makes cracking your document a new hobby of his.

    All that aside, of you use the document Properties dialog to add security and select the option for Digital certificate the following wizard will allow you to set the Permissions including whether the contents can be copied.

    But for this you can only enable the opening of this document to the identities that you have certificates for. Adobe does not offer a certificate protection whereby the certificate only applies to the change permissions, such as the password does. This is probably due that without the presence of a certification authority such as a local CA, any security would have to be stored within the PDF, and my guess is that this would be just as easy to tamper with as a password removal tool will remove said password.

    In short there is no way to use a stronger security than password security, if you don't have control over your recipients unless you want to use DRM servers but that is a different class as far as costs are concerned

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    In this second video of the Xpdf series, we discuss and demonstrate the PDFimages utility, which, in a single command, is able to extract all the images from a PDF file and save each one in a separate image file (PBM, PPM, or JPG). Download and inst…
    In this video, we show how to convert an image-only PDF file into a PDF Searchable Image file, that is, a file with both the image (typically from scanning) and text, which is created in an automated fashion with Optical Character Recognition (OCR) …

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now