Site iconJava PDF Blog

How are PDF files protected?

Access to PDF files can be secured so that not just anyone can open them. This is achieved by encryption – the bytes in PDF file are actually scrambled using a unique key – you will need a key to convert the PDF data back into something which can be opened.

This is a clever way to do it because the key is not in the file but it is woven into the basic fabric of the file so it is very hard to bypass or find. The key for every PDF object uses the key but also the object number, so it is slightly different for every object. This makes it much harder to crack.

The key is usually a password (and there can be 2 possible keywords – the Owner and the User password). Either will work and the Owner password gives you full control while the user password can be given more limited control. Obviously people can guess so the PDF is only as secure as the password chosen – do not make it obvious!

You can also secure a PDF file using a certificate – this is a sort of electronic password which is generated using a tool like keytool. You use it to encrypt the PDF data and send copies to anyone you wish to have access. The certificates are stored in a hidden directory on your machine and can be accessed in Java directly like this.

KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(new FileInputStream("c:\\keystorePath\\.keystore"), password);
PrivateKey key = (PrivateKey) keystore.getKey(nameOfCertificate,password);

There is a good explanation of the Keystore class here.

So you can limit access to PDF files to people who know the password or have a copy of the certificate you used to encrypt the PDF file. Everyone will not be able to access the file. We cover this in more detail in this article. Do you use PDF file encryption to secure your documents?