Secure alternatives to Acrobat PDF encryption software
Adobe Acrobat is a fantastic tool for creating and editing PDFs. When it comes to encryption, though, users will find it rather lacking. Despite being a paid tool, Adobe Acrobat encryption just isn’t implemented securely.
A history of Adobe Acrobat encryption
Adobe created Acrobat in the early 90s when the public internet was still in its infancy and the world hadn’t been exposed to the full range of security threats. It added its first security features in 1994, including encryption, which was the only practical way of protecting information.
This encryption was weak, however. The 40-bit RC4 encryption was broken shortly after its release and the methods to bypass it quickly became public knowledge. In 2001 Adobe implemented the much stronger 128-bit encryption, and in 2008 256-bit encryption, which despite being stronger cryptographically, was less secure than 128-bit due to even poorer implementation.
Thankfully, Acrobat isn’t the only PDF encryption software on the market. We’re going to look at various options and cover key factors that should influence your program of choice for encrypting PDF documents.
Alternate PDF encryption software
The market is full of a variety of free and paid PDF encryption software. All of them claim to protect your documents, but they do so with varying degrees of effectiveness.
Free PDF encryption websites
This is the main Adobe Acrobat alternative you’ll run into. To their credit, they do just as well as Acrobat, it’s just that Acrobat isn’t much good to begin with.
Removing PDF passwords and permissions with a free tool
One of the crucial flaws they share is the use of passwords to decrypt the PDF file. All of these online tools ask you for a password to protect your PDF file. As well as being easily shareable, any number of online tools can crack the passwords – after all, they’re usually just 6-8 characters with a number or two.
An attacker can crack an encrypted PDF within a few seconds. Good passwords, which are difficult for users to remember, can still be shared along with the document, so they don’t stop unauthorized distribution.
PDF certificate encryption
Certificate encryption is more secure than using password protection. The user cannot share their password with others and aren’t as likely to share their private key. There also aren’t any applications that can crack certificate encrypted PDFs at the time of writing. When you encrypt PDF files with certificates, you can additionally digitally sign them, so recipients know where they originated from.
Adding a certificate
Certificates are an excellent way to protect PDF files when they’re in transit and at rest. However, they’re not very effective after that point. A user can still do whatever they like with the PDF file after they have decrypted it, including saving it to an unprotected format and sharing it with others.
They have other disadvantages, too:
- If you’re protecting PDF files for internal use, the keypair must have been generated for the users already. For convenience, these will likely be stored in a directory server, which has overhead.
- There’s a management overhead, too, since you need to be able to revoke certificates and generate new ones when others naturally expire. Certificate management can be very time-consuming for a large organization.
- They don’t really work if you’re selling PDFs to customers. You’d need the user’s certificate in advance or else you can’t encrypt PDF files for them. This would make any sale a multi-step process that requires the user to know what a certificate is and how they work.
In short, then, certificates are a good, if not cumbersome, protection method to send encrypted PDF files to a user who don’t want them to be intercepted. However, they don’t do anything to stop users from sharing an unprotected version with others if they wish.
PDF DRM solutions
PDF DRM solutions protect documents in transit, at rest, and after they have been opened. To do so, they use a combination of encryption, licensing controls, and a secure viewer application. Locklizard Safeguard is one such solution.
Here’s how it works:
- You encrypt a PDF on your local PC and add any DRM controls you desire. These can include anti-screenshotting and copying techniques, printing controls, watermarks, device/location locking, and more.
- The protected PDF is saved to your disk as a .PDC file and a record of the document is recorded on the Admin System.
- You create a user account for each person who you want to be able to view the document.
- Users receive an email with a license file and a link to download the Safeguard secure viewer.
- After installing the viewer, the user clicks the license file to activate it on their PC. Once activated, the license file cannot be registered elsewhere (unless otherwise specified).
- You choose which documents users can access via the Admin System.
- You send the encrypted PDF file to users just like any other file (via email, file sharing, messaging, etc.)
- The user opens the PDF with their secure viewer application.
The decryption keys for the document are securely and transparently relayed from a licensing server to only authorized users that hold a valid license file. The keys are held in an encrypted keystore that cannot be shared with other devices.
Users without a valid license file and decryption key cannot view the file. Those that can view it are unable to edit, screenshot, print (unless otherwise specified), print to file, and more. The document content is only ever decrypted in memory, so the user has no way of extracting it.
How to encrypt a PDF file without Acrobat using Locklizard
The PDF encryption and decryption process is made quite simple with Locklizard Safeguard. You don’t need to worry about creating key pairs in advance because the licensing system does the heavy lifting for you.
Here’s how you DRM protect and encrypt PDF files with Safeguard step-by-step:
- Right-click your PDF in Windows File Explorer and select “Make Secure PDF”.
Create a protected PDF
- Select the restrictions you’d like to apply, including restricting access after a certain date, which can be found in the “Expiry & Validity” tab. By default, editing, copying, and printing are disabled.
Prevent printing of a PDF
- Press the Publish button to protect the PDF and apply restrictions. On pressing the Publish button, Locklizard will output your encrypted PDF file, which can only be opened by users you give access to in the Safeguard Admin portal. It can’t be edited, and content cannot be copied and pasted. Printing is also blocked by default unless you specifically allow it.
- Add new users, and/or select existing users you want to give access to your protected PDF files using the cloud-based Safeguard Admin System:
Adding a user and granting document access in Safeguard Admin
- Distribute your protected PDF documents just like any other file – email it or let users download it from your web site or file sharing site. It does not matter who downloads your encrypted PDF files (.PDC files) as only those authorized will be able to view them.
The best PDF encryption software
To summarize, Adobe encryption and other forms of password encryption are not very secure at all.
Documents with poor PDF encryption strength can be decrypted in seconds, while those with insecure passwords can take anywhere from a few minutes to a few days. Encrypting a secure PDF file with a strong password is more effective at protecting the PDF in transit and at rest, but there’s still nothing to stop an authorized user from sharing the password or decrypted document.
Certificate encryption is a step up because it does not use passwords, and private keys are less likely to be shared. However, it is unsuitable for retail purposes, cumbersome to manage, and doesn’t prevent users from editing or passing on a PDF after they have decrypted it.
When you’re shopping for PDF encryption software, you want something that covers all bases. This is why Locklizard is the best choice for most organizations and businesses. It protects the PDF file at all stages of distribution, including in transit, at rest, and after decryption. It can effectively cut out unauthorized sharing, editing, screen grabbing, and printing with relatively low overheads and regardless of whether you’re distributing internally or selling PDFs to the general public or other businesses.
Is PDF encryption strength important?
In short, yes – to an extent.
- Programs can crack 40-bit RC4 protection 100% of the time, in a few minutes.
- 128-bit AES encryption would take about 200 times longer than the universe has existed to crack (2.29×10^32 years).
- 256-bit would take 2.29×10^32 years.
Whichever of the two AES key lengths you choose, you’re pretty well protected – with AES 128-bit faster with a stronger key schedule, and AES-256-bit more resistant to brute force attacks and the quantum computers of the future.
Which encryption algorithm is the best?
AES is the clear winner when it comes to PDF encryption algorithms. It is approved even for protecting confidential US government information.
While RC4 is still used by some tools for PDF encryption and decryption, it is considered insecure due to the security issues involved with using stream ciphers. As a result, encrypting PDF documents with RC4 is not recommended.
How secure is an encrypted PDF file?
It depends entirely on the encryption algorithm, the key length, implementation, and use case.
If you’re just looking to protect your document in transit and at rest, PDF encryption software that provides 128-bit or 265-bit AES certificate encryption is fine. Bear in mind however that any permissions you apply are useless since they can be instantly removed.
If you’re looking to secure your PDF against unauthorized sharing or editing, only a DRM solution with strong encryption will cut it.