What is PDF encryption and how to encrypt PDF documents & files
What is encryption and PDF encryption?
Encryption is the use of a mathematical system (algorithm) to make information secret from anyone not authorized to use it. Encryption uses a secret key to scramble information in files so that only those with the correct key can view them. PDF encryption is therefore the encryption of PDF files, the result of which is an encrypted PDF file.
Encryption keys are sometimes taken from passwords, but passwords are a poor choice for encryption keys – see PDF password protection. It does not matter what the strength of the encryption algorithm is if the implementation is not secure.
Free 15 Day Trial
Encrypt PDFs without Passwords
Stop unauthorized access and sharing
Control use – stop copying, editing, printing, etc.
Lock PDFs to devices, countries, locations
User and PDF expiry, revoke files at any time
Encrypting PDF files
Why encrypt PDF documents?
There are many reasons why you would want to use PDF encryption.
The information in the PDF document is confidential and only a restricted number of people should be able to see it. This could include training courses, price lists, bid documents, takeover plans, healthcare records, and so on. The information is valuable – you sell it – perhaps a newsletter, or an analyst’s report, or a consulting report or a periodical or a book. You obviously don’t want to give it away!
If you don’t encrypt the PDF file then anyone can read it and the value of your information is lost. But if you are going to encrypt PDF files then you need to use PDF encryption software that uses a reliable encryption method.
Is PDF encryption secure?
PDF encryption prevents those who are not authorized from using the PDF document. But those who are authorized to use it can decrypt it and then do whatever they wish with it – copy it, send it to friends, edit it, print it and so on. In some instances, such as transferring financial data for computer processing, encryption on its own provides all the requirements. But to protect information in published documents you need additional controls to actively prevent a user who is authorized to see the PDF from misusing the document.
DRM controls work in addition to encryption by providing protection once the document has been decrypted. They limit what authorized users can do with a document and prevent them sharing it with others. However, you also need:
a secure method of transferring the key such as public key technology
the ability to lock keys to devices to ensure they cannot be shared with others
decryption of PDF content in memory and not to temporary files so that decrypted content is never made available
to prevent simple ways of grabbing decrypted content such as screen grabbing and printing to file drivers
PDF encryption can be made secure, but it requires:
a strong implementation that does not rely on passwords
that decrypted content is not made available
DRM controls to enforce what can be done with the document once it is decrypted
Adobe PDF security uses encryption to protect PDFs and allows you to apply permissions to control what a user can do with a document (print or edit it). The PDF is encrypted with a password (the encryption key) but weak passwords can be easily removed with password removal software.
PDF permissions can be removed regardless of how strong the password is and are therefore completely useless – see Removing PDF Passwords.
What PDF encryption algorithm should I use?
The US government approved an algorithm called AES for protecting US government information that is confidential. It has two key lengths, 128 bit and 256 bit (16 or 32 bytes of data). Other algorithms may be available in PDF encryption software but they do not have the recommendation of the US government.
However, even if the PDF encryption software uses AES 256 bit encryption, if the implementation is not secure then the protection is useless.
Further reading on PDF encryption
To learn more about PDF encryption, see the following white papers.
How to encrypt a PDF file using Safeguard PDF Encryption Software
Encrypting PDF files is simple and secure with Safeguard PDF Security.
To encrypt PDF files, right-click on them in Windows File Explorer and select the menu option ‘Make Secure PDF’.
Strong PDF Encryption with DRM controls
Safeguard PDF security takes PDF encryption to the next security level. It encrypts PDFs with US Gov strength AES 256 bit encryption to prevent unauthorized access, and applies DRM to control what authorized users can do with your PDF files:
stop editing and modifying
stop or limit printing
stop screen grabbing
control expiry (how long your PDFs can be used for)
revoke access at any stage
apply dynamic watermarks to identify users
lock PDFs to country and IP locations
log document use
Safeguard provides strong PDF encryption with total document control:
PDFs are locked to individual devices
content is only ever decrypted in memory
there are no passwords to enter or manage, or for users to share or forget
Types of PDF Encryption
PDF password encryption is included with Adobe Acrobat and other PDF creator software. A password is used to encrypt the PDF file. The same password is used to decrypt it.
You can choose the encryption algorithm and strength (key length) in Adobe Acrobat to support backwards compatibility with older versions. However, AES 256 bit is the most secure.
Encrypting PDF files with a password is not recommended if you want to protect PDF files from unauthorized use and distribution because:
Passwords can be shared – they have to be sent in readable form so users can copy and forward them
The password interface has to be exposed so can be readily attacked by password recovery programs – see Removing PDF Passwords
Strong passwords are difficult to set up and use, so weak passwords are normally used
If you use different passwords for each PDF document then you have to manage lists of passwords – this can become complicated
Regardless of how strong the Permissions password used (the password used to restrict PDF document use) it can be easily removed – see Removing PDF Passwords – and therefore provides NO protection
Once a user has the password they can unprotect the PDF and do what they like with it unless DRM controls have also been used
Public Key Encryption
Public Key Encryption is more secure than password encryption. It is used to:
protect the secret decryption key, preventing the user or attacker from finding it
create a digital signature which establishes that the document has not been altered and verifies the sender
Unlike password encryption, the key is not exposed to the user so cannot be attacked. In addition there are no passwords to manage, for users to share with others, or forget.
Most PDF DRM systems use public key encryption instead of passwords. This is because if the key can be readily attacked then the DRM controls would be useless.
Why Locklizard for PDF Encryption?
US Gov Strength PDF Encryption – Encrypt PDF files without passwords
Locklizard takes your document protection seriously.