How to Password Protect a PDF

Summary: PDFs are versatile and widely used, but controlling access and actions is crucial. This article explores using passwords to manage who can view, print, or edit PDFs and discusses the limitations of PDF permissions for comprehensive Digital Rights Management (DRM).

PDFs are ubiquitous, and quite rightly so. They are extremely good at doing what they are designed for—containing information in a portable, shareable way. Even better, they can be opened to a wide range of viewers and potentially edited, annotated, reorganized, or printed—all of which help to solve a wide range of user problems.

But what if you want to control exactly who they can be shared with or what can be done with them? Perhaps you only want specific people to view them. Or perhaps you want people to be able to view them but not be able to print or make changes to them.

That is where document security and passwords come in.

In this article we will look at two types of passwords and explain how you can use these to keep control of your documents. We will also see how permissions specified within a PDF are not in themselves a full solution to Digital Rights Management (DRM).

Exactly that, but they do different things.

Let’s look at each in turn.

This is also known as a user password.

When a PDF is given a Document Open password, the file is encrypted and can only be opened by someone who knows the password.

This is considered a secure way to protect the PDF from prying eyes. If the PDF ends up in the hands of someone who shouldn’t have it, then it will be extremely difficult for them to access the contents.

Attempts to open an encrypted PDF result in a password dialog being displayed. The details of how such a box looks varies from application to application, but the concept is the same.

The user just needs to enter the password and click on the appropriate button (which might say “OK,” “Open Document,” “Submit,” or something else entirely). If the password is correct, the PDF will be decrypted. If it is incorrect, an error will be displayed.

While theoretically, a malicious user could try to brute force the password by trying different password until one matches. However, if a strong password is used, then, even at very fast processing speed, this could take years to achieve.

Some of the old encryption algorithms (in particular RC4) were not very secure and could be broken more quickly without needing to resort to a brute force attack. The latest algorithm, though - 256-bit AES encryption – is considered to be virtually uncrackable and is the same level of encryption used by banks to protect customer data. It is strongly recommended to use this encryption option if it is available.

This is also known as the “Owner” or “Primary” password.

This password does not encrypt the PDF but allows various restrictions to be applied to it after it has been opened. Typical examples are the ability to restrict editing, printing, or rotating pages within the PDF.

At first glance, this appears to be a great solution—you can control what can be done with the PDF. Unfortunately, the implementation of PDF permissions is not universal or consistent.

Some applications entirely ignore the specified permissions once the file has been decrypted and, therefore, allow the user to do whatever they want with the PDF regardless of what the author intended.

As if that wasn’t bad enough, there are also tools available on the Internet that allow the restrictions to be removed. It was great when your business created the PDF, but now the person who did so has left the company and taken the knowledge with them.

However, password removal can also be used to bypass the restrictions that the author intended.

As such, the permissions specified within the document properties, while better than nothing, are not guaranteed to be enforced. That might be OK if you have control over how users open the documents, for example, via an intranet, but less good if the content of the PDFs is your business, for example, a play script that you don’t want people sharing unless they have paid you.

If you really want to protect documents, you should consider using a custom security handler or a dedicated DRM (Digital Rights Management) system. We will learn more about that later in this article.

If you want a deep dive into how encryption works, check out this excellent article on Encryption Algorithms and Key lengths 

There are several ways that you can add a password to a PDF.

Xodo PDF Studio has a built-in Security tab. This allows you to specify an Open Document and/or a Permissions password and specify exactly what users can do with the protected PDF.

In the example above, both types of passwords have been specified, and you can use either one to open it.

If, however, no Open Document password was specified, then anyone could open the file without needing a password (although what they could then do with the file is potentially restricted).

Similar functionality is available in other desktop tools, such as Adobe Acrobat.

The Apryse SDK allows you to add security options programmatically. This can be done using a wide range of programming languages, including C++, C#, Ruby, Go, Java, Python, and JavaScript.

Typical code (in this case for Node.js) is shown below.

Note that in this example, both a user password (which is the one that is required to open the document) is specified and also a permissions (or ‘owner’) password. As such, the user password ‘test’ is needed to open the PDF, but it cannot be used to edit permissions.

Adding a password can be done as a batch process, updating many files that are then stored with the password. Alternatively, the password could be added to an unencrypted PDF when it is requested, requiring the user to enter a password in the client app before they can view it.

Potentially. We have seen that when a Document Open password is used the PDF is encrypted so that the contents of the various streams within it cannot be read.

But, by default, the metadata for a PDF will also be encrypted. This can be an issue since the metadata can be used by Google (and other search engines) to help with indexing the file. As such, you might want the PDF to be indexed for search engines but still have a password associated with it so that only particular users can view the contents.

If this sounds like something that is important to you, then check out how the Apryse SDK uses setEncryptMetadata to allow you to control whether this occurs.

Provided that you have a recent PDF tool, you can create and open PDFs with passwords up to 127 bytes in length. Historically only ASCII characters could be used in a password, but with PDF 2.0, the password can also contain Unicode characters.

That’s great if you regularly use a non-Latin character set, since the password can, for example, use Japanese characters.

However, before you rush off and start using smiley faces or other Unicode characters (for example ✨ ✈ ⛄ - based on U+2728 U+2708 U+26c4) in your password, bear in mind that unless you have a keyboard that supports them, then this will be extremely difficult to enter into the password dialog.

You can't add passwords to a signed or certified document without invalidating the signature. In fact, attempting to do so within Xodo PDF Studio (for example) will result in an error.

While you could add a password to a PDF/A document, doing so will make it non-PDF/A, since that jeopardizes their use for archiving.

A PDF/A can be digitally signed, and this will make it harder to modify, and if someone does manage to do so, it will be possible to identify that a change has occurred.

If you need to protect a PDF/A from being read by unauthorized users, then this should be done by using Access Control and other file storage security best practices.

The Apryse WebViewer can help to some extent, since it enables PDFs to be viewed, and potentially edited, without them ever leaving the user’s machine, entirely removing the risk of them being intercepted in flight, or when stored on a third-party server.

If you want to have more control over who can view a PDF, and what they can do with it, then one option is to use a Custom Security Handler. This offers the ability to create an architecture where PDFs are secured using an encryption that requires not just a password, but also an ID that can be tied, to the application that is opening it. If the correct app is used then the PDF can be decrypted and viewed, if not then the PDF cannot be opened at all. This could be tied into creating a viewer that has been configured to support the permissions specified within the PDF.

Adding a password to a PDF is straightforward, but care needs to be taken to understand that there are two passwords possible: one allows the PDF to be decrypted and viewed, the other controls what can be done once the PDF has been decrypted.

While some software correctly supports the permissions that are specified within the PDF, the fact that other software does not means that this cannot be relied upon as a way to guarantee that a PDF cannot be edited, printed etc. It is nonetheless a useful mechanism in scenarios where you trust your users to not try to bypass the security.

Check out the Apryse SDK documention about setting permissions. If you run into any issues contact us via Discord and our helpful Solution Engineers will be happy to help.