TUTORIALS

 PDF encryption basics

As easy as 1, 2, 3...

Introduction

Cryptography is the art of hiding contents from unauthorized eyes by using cipher technologies.
When content is ciphered, it indirectly creates two distinct communities: the ones who have the right credentials to read/change it ... and the ones who don't!

But what exactly are these credentials? And how are they related to the authentication process?

Authentication is the process of checking credentials. Typically, when you input your credit card PIN numbers, you are performing an authentication that checks your credentials (in this case, Card number + PIN).

Encryption applied to PDF

This section will help you understand how cryptography applies to PDF, and it will relate the different methods of authentication available.

Over the years, the PDF standard has evolved dramatically. Today it supports the most secure cipher algorithm: the Advanced Encryption Standard (AES) along with Ron's Code 4 (RC4). These two techniques ensure that your content is ciphered using some of the most advanced techniques available.

These two algorithms can work with either a password or a public/private key. They also require that the document have some document privileges (also known as "permissions") applied.

Password Security defines two communities:

1. The one which has full access to the contents -- typically the author.
2. The one to which the restrictions are applied -- typically the readers. Note: anonymous access is made possible by the use of an empty password.

Different passwords are applied to these two communities. When the document is opened, users will be asked for their password, which identifies the community of which they are part. Typically, password security is used to prevent people from printing or modifying a document.

Certificate Security is applied as part of a Public Key Infrastructure (PKI) where users have their own set of public/private key pairs.
By using certificate security you can identify recipients and apply individual privileges for the document.

1. The credentials are no longer passwords, but public/private keys.
2. You can define different document permissions for each individual reader.
3. Anonymous access is no longer allowed.

When the document is opened, users will be prompted to identify themselves by using their private key. This key is then used to select its associated document permissions as well as to decipher the document.

 

Encryption applied to jPDF

jPDF features are organized per modules: the encryption features are regrouped in the Encryption module and can be recovered via the code below:

PdfDocument doc=new PdfDocument("mydocument.pdf");
EncryptionModule module = doc.getEncryptionModule();

The module is by itself quite simple as it only contains methods to process encryption changes on a given document. As we will see later, the preferences object is used to hold the different attributes that define how the document should be ciphered and protected.

The encryption module works behind the scene and enables other modules to work with ciphered documents. For instance, you can use jPDF Creator to create a ciphered document using the code below:

// Set the passwords and permissions for password security:
Permissions perms = new Permissions();
perms.setDenyAll();
PasswordCredentialsCreation credentials = new PasswordCredentialsCreation("authorPassword", "readerPassword", perms);

// Set the encryption settings:
Preferences prefs = new Preferences();
prefs.setDefaultSecurityType(Preferences.SECURITY_PASSWORD_PROTECTED);
prefs.setDefaultCredentials(credentials);
prefs.setDefaultEncryptionType(Preferences.ENCRYPTION_AES);
prefs.setDefaultEncryptionKeyLength(128);

// Now create the document in memory using the requested preferences:
PdfDocument doc = new PdfDocument(prefs);

// And use jPDF Creator to draw something on the page:
Page pg = Page.createInstance(doc);
JPdfGraphics2D g = pg.getGraphics();
g.setColor(Color.black);
g.setFont(new Font("Arial", Font.BOLD, 30));
g.drawString("Hello ciphered world", 100, 100);
g.dispose();

// Save and close:
doc.saveAs("newCipheredDocument.pdf");
doc.close();

As described in point #2 above, jPDF can use password or certificate credentials to handle authentication. The selection is done by setting the security type and selecting the appropriate credential implementation.

There are two categories of credentials:

1. ICredentials: These credentials are used to open documents.
2. ICredentialsCreation: These credentials are used to create or change documents.

All this information will be discussed further in following tutorials.