Site iconJava PDF Blog

Brief Overview of Security features offered by the PDF file format

Computer security

PDF security

As security is an ever present issue we thought we would highlight some security features offered by the PDF file format that can be enabled if you want to control or limit which actions users can perform. This blog post will cover what type of actions you can prevent and some different authentication techniques that can be implemented to increase the security of your PDF.

What can be controlled?

Before we dive into the different security options available I thought it would be useful to provide examples of what actions you can control which include limiting who can:

It is worth noting that you cannot stop people from saving a PDF.

Encryption

The PDF File structure already provides a certain level of security for the content before being encrypted due to the data being stored in a binary format. This means it can’t be easily hacked like a normal text format. You can open it in a text reader to view but it can be difficult to understand if you do not understand how PDF files are structured internally.

On top of that you can encrypt your files to help prevent further unauthorized access. Encrypting a PDF file means that the majority of Strings and Streams that make up your content will be encrypted. There are some String/Stream exceptions though that cannot be encrypted like the String values in the Encrypt dictionary as it needs to be able to read these in order to decrypt the file.

How is data encrypted you ask? Well PDFs utilize a security handler which is an extension of the encryption object that implements various aspects of the encryption process. It also enforces your set permissions to control access/actions on the encrypted document.

It looks at values set in the extended Encryption Dictionary entries to ascertain the User Access Permissions to allow. Some values read would include:

Authentication Methods

There are different methods you can use to allow certain groups/individuals to authenticate themselves as both the sender of a document and a recipient:

And that concludes a brief overview of security features available for a PDF. For a more extensive list you can view the last publicly available version of the PDF Specification.