How to protect your PDF?

2020-11-30

On the Data protection day, we decided to prepare an article about the PDF documents protection. PDF has become one of the world standards today; it’s a good idea to understand how to protect it.

PDF

From what do you need to protect a PDF document?

  1. From unauthorized editing.
  2. From unauthorized access.

Protecting a PDF file from editing

First, I would like to say that changes can be authorized and even desirable. Often a PDF file is sent to be signed (and standard tools such as Adobe Acrobat Reader allow you to sign such documents), or it is a questionnaire document with built-in editable fields and interactive forms.

There are many articles about working with PDF files in FastReport, and some of them are about creating PDF files with interactive forms:

  1. Saving a report in PDF/X format
  2. Configure options of Acrobat PDF viewer when exporting from FastReport.NET
  3. Interactive forms in PDF export Fast Report .Net 2018
  4. How to make a PDF from Delphi / C++Builder / Lazarus
  5. How to make a PDF document from a text file

But there is another type of PDF document – those that cannot be edited, and if some bad person tried to edit something, we would know about it.

First of all, these are documents with an electronic signature which certifies the validity of this particular document.

Two types of signatures became available in FastReport.Net version 2019.3.2.

1) Signature field. To add it to your document, you need to add the Digital signature object. When this control is placed on the report page, it looks like this:

Digital signature

It is not displayed in report view mode. Its functionality is limited to PDF export only, which means that you will see this field when viewing a PDF file in Acrobat Reader.

When exporting to PDF, enable the “Sign document” option:

Export to PDF

2) Invisible signature. For an invisible PDF export signature, you do not need to add a Digital Signature control to the report page. The only thing you need to do is enabling the “Sign document” option in the export settings:

Export to PDF

You can fill in the Location, Reason, and Contact Info fields. Next, you need to select a signature certificate file in .pfx format and set a password for the certificate. After exporting the report, you will see a hidden signature in the PDF document, but it will not be filled in. It is important to know, that this signature is not directly visible in the document. 

You can read more about digital signature in our article. 

In addition, there are so-called “archive” formats PDF/A. Such documents contain all information inside them (it doesn’t “pull” images, fonts and any other data from external sources that may be compromised or removed). Moreover, the document properties state that it is a non-editable format. Can you open it for editing? Everything is possible, but in this case, it will lose its archive type traits, that is, we will clearly see that the document has been changed.

The article "How to export a report in PDF / A format" describes the features and capabilities of this format in detail.

Protecting a PDF file from unauthorized access

This article is not intended to provide an overview of methods for cracking protected PDF files (it is a separate topic. For example, here professionals from Elcomsoft describe their approach).

As a format, PDF contains built-in password protection mechanisms.

A password allows you to protect a document from one or several actions at once:

  • from opening,
  • from printing,
  • from editing,
  • from copying text, images, and other information,
  • from screen readers’ access.

Modern PDFs use AES (Advanced Encryption Standard) encryption for password protection with 128-bit keys, which complicates the task of finding a password (but does not make it impossible!). With 128-bit encryption, the number of keys is 2128

FR .Net:

Export to PDF

FR VCL:

Export to PDF

In the “Security” tab you can configure such fields as:

  1. Owner Password
  2. User Password
  3. You can additionally prohibit printing a document, changing it, copying text or graphics, adding or changing text notes.

You can also protect a document using certificates (with public and private keys for digital singing and opening the document). Public key is included in the certificate and used to encrypt information, while the private one is used to decrypt and digitally sign the document. It’s too early to talk about 100% protection. Nevertheless, today it is perhaps the most secure electronic document format.

I hope this article will help you provide your users with PDF security tools and make them more security aware. Anyways, there is no 100% protection; the document protection is just a small part of an integrated security system, which should include not only technical, but also organizational measures.

We also recommend reading.

November 01, 2024

New Features of the FastReport VCL Editor
We are considering new features of the report editor: extension lines, highlighting of intersecting objects, updated report and data trees.
October 30, 2024

Using Styles When Creating Reports in FastReport VCL
The article discusses one of the new features of FastReport VCL — the use of styles and style sheets.
October 28, 2024

How to Set Up WSL 2 for Working with FastReport and FastCube
In this article, we will explore how to set up WSL 2 for working with FastReport and FastCube components in Lazarus for Linux.
Fast Reports
  • 800-985-8986 (English, US)
  • +4930568373928 (German)
  • +55 19 98147-8148 (Portuguese)
  • info@fast-report.com
  • 66 Canal Center Plaza, Ste 505, Alexandria, VA 22314
Products
Support
Company
© 1998-2024 Fast Reports Inc.
Privacy policy
Cookies policy