Encryption in PDF documents
When encryption is used in PDF, a security handler must be selected. The Pdftools SDK always uses the standard security handler that, according to the PDF Specification, must be supported by any software that can process encrypted PDF documents.
For more detailed information about PDF encryption in general, consult PDF Reference, chapter 3.5.
Permissions and passwords in PDF documents
The standard security handler allows access permissions for the document. Up to two passwords can be specified for a document:
Owner password
An owner password is also referred to as the author's password. This password grants full access to the document. It allows the document be opened and read, and also lets the document's security settings (access permission and passwords) to be changed.
User password
A user password protects the document against unauthorized opening and reading. If a PDF document is protected by a user password, either the user or owner password must be provided to open and read the document. If a document has a user password, it must have an owner password as well. If no owner password is defined, the owner password is the same as the user password.
The following table shows the four possible combinations of passwords and how an application processing such a PDF document behaves.
User password | Owner password | Behavior |
---|---|---|
None | None | Everyone can read. Everyone can change security settings. (No encryption) |
None | Set | Everyone can read. The user password is an empty string. Owner password required to change security settings. |
Set | None | User password required to read. The owner password is equal to the user password. User password required to change security settings. |
Set | Set | User or owner password required to read. Owner password required to change security settings. |
Permission flags
The operations granted in a PDF document are controlled by permission flags. To set permission flags, the PDF document must be encrypted and have an owner password. The owner password is required to initially set or later change the permission flags.
These access permission flags determine operations such as:
- Modify the content of the document
- Copy or extract text and graphics from the document
- Add or modify text annotations and interactive form fields
- Print the document (low or high quality)
- Fill in forms and digitally sign the document
- Assemble the document (insert, rotate, delete pages, etc.)