PDFlib 8 Windows COM/.NET Tutorial
PDFlib 8 Windows COM/.NET Tutorial
PDFlib 8 Windows COM/.NET Tutorial
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
3.3.2 Protecting Documents with <strong>PDFlib</strong><br />
Encryption algorithm and key length. When creating protected documents <strong>PDFlib</strong> will<br />
use the strongest possible encryption and key length which are possible with the PDF<br />
compatibility level chosen by the client:<br />
> For PDF 1.3 (Acrobat 4) RC4 with 40-bit keys is used.<br />
> For PDF 1.4 (Acrobat 5) RC4 with 128-bit keys is used.<br />
> For PDF 1.5 (Acrobat 6) RC4 with 128-bit keys is used. This is the same key length as<br />
with PDF 1.4, but a slightly different encryption method will be used which requires<br />
Acrobat 6.<br />
> For PDF 1.6 (Acrobat 7) and above the Advanced Encryption Standard (AES) with 128-<br />
bit keys will be used.<br />
> For PDF 1.7 extension level 3 (Acrobat 9) the Advanced Encryption Standard (AES)<br />
with 256-bit keys will be used. This version also allows Unicode passwords, while all<br />
earlier algorithms support only passwords with characters in WinAnsi encoding.<br />
Passwords. Passwords can be set with the userpassword and masterpassword options in<br />
begin_document( ). <strong>PDFlib</strong> interacts with the client-supplied passwords in the following<br />
ways:<br />
> If a user password or permissions (see below), but no master password has been supplied,<br />
a regular user would be able to change the security settings. For this reason<br />
<strong>PDFlib</strong> considers this situation as an error.<br />
> If user and master password are the same, a distinction between user and owner of<br />
the file would no longer be possible, again defeating effective protection. <strong>PDFlib</strong> considers<br />
this situation as an error.<br />
> For both user and master passwords up to 32 characters are accepted. Empty passwords<br />
are not allowed.<br />
The supplied passwords will be used for all subsequently generated documents.<br />
Security recommendations. For maximum security we recommend the following:<br />
> Use AES encryption unless you must support older viewers than Acrobat 7.<br />
> Documents which have only a master password, but no user password, can always be<br />
cracked. You should therefore consider applying a user password (but of course the<br />
user password must be available to legitimate users of the document).<br />
> Passwords should be at least eight characters long and should contain non-alphabetic<br />
characters. Words which can be found in dictionaries and the names of people or<br />
places should not be used as passwords.<br />
Permissions. Access restrictions can be set with the permissions option in begin_<br />
document( ). It contains one or more access restriction keywords. When setting the<br />
permissions option the masterpassword option must also be set, because otherwise Acrobat<br />
users could easily remove the permission settings. By default, all actions are allowed.<br />
Specifying an access restriction will disable the respective feature in Acrobat. Access<br />
restrictions can be applied without any user password. Multiple restriction<br />
keywords can be specified as in the following example:<br />
p.begin_document(filename, "masterpassword=abcd1234 permissions={noprint nocopy}");<br />
Table 3.3 lists all supported access restriction keywords.<br />
3.3 Encrypted PDF 77