Understanding the PDF file Format – PDF security (passwords and certificates)

Access to PDF files can be secured so that not anyone can open them. This is achieved by encryption – the bytes int PDF file are actually scrambled using a unique key – you will need a key to convert the PDF data back into something which can be opened.

This is a clever way to do it because the key is not in the file but it is woven into the basic fabric of the file so it is very hard to bypass or find. The key for every PDF object uses the key but also the object number, so it is slightly different for every object. This makes it much harder to crack.

The key is usually a password (and there can be 2 possible keywords – the Owner and the User password). Either will work and the Owner password gives you full control while the user password can be given more limited control. Obviously people can guess so the PDF is only as secure as the password chosen – do not make it obvious!

You can also secure a PDF file using a certificate – this is a sort of electronic password which is generated using a tool like keytool. You use it to encrypt the PDF data and send copies to anyone you wish to have access. The certificates are stored in a hidden directory on your machine and can be accessed in Java directly like this.

KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(new FileInputStream("c:\\keystorePath\\.keystore"), password);
PrivateKey key = (PrivateKey) keystore.getKey(nameOfCertificate,password);

There is a good explanation of the Keystore class here.

So you can limit access to PDF files to people who know the password or have a copy of the certificate you used to encrypt the PDF file. Everyone will not be able to access the file. Do you use PDF file encryption to secure your documents?

This article is part of the Understanding the PDF file format series. In each article we try to take a specific PDF feature and explain it in simple terms. You can see all the articles so far in the Understanding the PDF file format series.

Related Posts:

The following two tabs change content below.

Mark Stephens

System Architect and Lead Developer at IDRSolutions
Mark Stephens has been working with Java and PDF since 1999 and has diversified into HTML5, SVG and JavaFX. He also enjoys speaking at conferences and has been a Speaker at user groups, Business of Software, Seybold and JavaOne conferences. He has a very dry sense of humor and an MA in Medieval History for which he has not yet found a practical use.
Markee174

About Mark Stephens

Mark Stephens has been working with Java and PDF since 1999 and has diversified into HTML5, SVG and JavaFX.

He also enjoys speaking at conferences and has been a Speaker at user groups, Business of Software, Seybold and JavaOne conferences. He has a very dry sense of humor and an MA in Medieval History for which he has not yet found a practical use.

2 thoughts on “Understanding the PDF file Format – PDF security (passwords and certificates)

  1. John

    Hi, I’d like to know if there is a way to bypass the open password step when opening a password protected pdf.

    • The password is need to decode the encrypted content. It is a part of the key used to decrypt the contents and not stored in the file. So you cannot just bypass it.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>