Encrypt only with owner password?

[techjp]

Shouldn't it be possible to only encrypt with the owner password? That would lock down the permissions (on readers that support it) without requiring a password to open the file. It's supported by Acrobat Pro, would love a free tool that does this too.

[ryangriggs]

@techjp, as you already know, these permissions are enforced by the reader app, not by strong encryption, so they are trivial to bypass. However, I agree that it would be nice to encrypt only with an owner password, and I will try to work this into V2. Thank you for the suggestion.

[Hubgut]

I just wanted to ask for the same functionality - and then found this already existing issue!
I find it cumbersome for normal users to enter a password, just to read a PDF. I also tell them that there is no security if they only want to prohibit editing the PDF file. But that is still the most wanted functionality - because it is the default setting for Adobe Acrobat: Just restrict what you can do with the PDF file and let everybody view its contents freely!

I found this neat little tool, because I was asked for exactly this "Adobe-function". - But now I have to wait for version 2?
Is there any plan to realize this anytime soon?

[ryangriggs]

@Hubgut Thanks for your input. I am working hard to finish PDFEncrypt V2 as soon as possible. Going back to add features to v1 would seriously cut into my small available time to work on v2. I hope to have it released in the next 1-3 months. Sorry for the delays.

In regard to your desire to encrypt the file with permissions, please read my post about DRM and PDF files. PDF should not be used as a DRM solution! Remember that the permission settings are almost useless, as they are ignored by many PDF readers, and can be easily bypassed. However, encryption with strong algorithm (AES-256) and strong password cannot be easily bypassed. This is one of the concerns with allowing encryption without a user password: it completely breaks the strong protections offered by encryption, and allows any user to gain access to the full PDF file with only a few steps (such as opening the PDF in a reader that doesn't enforce permissions). You would be just as well sending the unencrypted PDF file in such cases and thus the usefulness and security of PDFEncrypt is completely compromised.

I would be interested in your thoughts on this matter.

[Hubgut]

Thanks for your quick reply!
Just to clear this up: I am aware of the security implications! The PDF files I speak about do not contain secret information! I just want to highlight the point of view of the normal office worker. They are used to set a password to "prohibit" others to modify their contents after they are finished with their work on this document. You and I know that there is nothing secure with this setting. But the normal office worker just knows about one or two popular viewers and both of them do comply with the set restrictions within the document. So they are happy with this way of "marking the PDF file as the final version" - but they do not want to enter or communicate (or even remember) a password to open the document!
In office they have Adobe Acrobat or some other commercial solution preinstalled on their PC - but at home they cannot produce "the same kind of PDF files" like at work.
This leads to a very unpleasant workaround: They are forced to upload their documents to some shady online services to be able to download a somehow altered / secured (???) version of their document! Nobody knows who is doing what with these user documents online. ...
That was my reason to search for a small, portable, offline tool which I can give everybody who needs this functionality.

[ryangriggs]

@Hubgut I definitely understand your viewpoint, and I am most likely going to add this feature to V2 (albeit with strong warnings to the end user before proceeding).

Please try to understand, as even you stated in your reply: there is a misunderstanding with normal users about "security" of PDF documents using permission settings. While you and I understand that there is nothing secure about the permission settings, I must be very careful not to give other users a false sense of security, or allow a misunderstanding to exist that could possibly compromise their confidential documents. While your documents do not contain secret information, keep in mind that many users depend on PDFEncrypt to protect actual confidential documents.

As an example, Firefox PDF viewer (pdf.js) ignores permissions. I'd say that's a fairly mainstream viewer that may be present on many users' machines.

I am happy to add features to the software, but security must take highest precedence.

It is very difficult to explain the permissions vs encryption to end users - this is why I wrote the blog post. Most won't take time to read it, however. I am open to suggestions for adding this feature without compromising security and ensuring users are aware of the risks and limitations of their choice. Users need to understand that PDF encryption is very strong when correct algorithms and strong passwords are used, but the permissions are very weak. It is also hard to convey that that the weakness of permissions doesn't compromise the security of properly encrypted PDF documents.

I am open to your suggestions and comments.

[Hubgut]

I think we completely agree about this topic!
I also wanted to ask for a warning with an in-place-description of the topic within the GUI of the tool! (I just forgot to mention it.) I know how difficult it is to describe the difference (between security and permissions - or let us call them "settings within the document", because more users will understand that these settings can be changed, once the document was opened sucessfully) to others - again and again.
E.g., today I had a situation within a family member: Just because I missed a call (for help in "securing" a PDF), the person "had to" upload the file to some online service to do so. - Obviously, that is not a good idea and should have been avoided. But even with your tool (version 1) the PDF would only have been encrypted in complete - and the password would have been given to the receiver within the same unencrypted e-mail! There is no secure channel. That is still widely the normal working process today. --- That is another reason for this special "feature". Because with normal e-mail communication the password is just "overhead".
Sadly, a chat with my family member showed that - again - the knowledge about the insufficient security was lost during time. I explained all I can when we started creating PDF files with these "settings" a while ago. But now I had to explain it again. Most people do not realize technical relations. For us it is clear and necessary that a tool can show the contents of a PDF file to the user has to have full access to these contents in the first place (including all those permission which many users do not want to give). But this relation is not clear to everybody!

Edit: And again I forgot to mention something.
My own way to mark the final version of some PDF file is to invisibly sign it with my certificate so that every change after this step (vaild ones will include filling out forms) can be detected. But I only know how to do so with Adobe's Acrobat. I think, most people do not even have / use certificates for signing digital documents. But maybe that is another fitting feature for PDFEncrypt? ... Right now it is off-topic. So I will not add another issue for that.

[ryangriggs]

@Hubgut Thanks for your kind response.

I am glad you see the difficulty in securely sharing passwords and PDF files without placing the password directly into the same email! Because of this issue, I am working on another project that is complementary to the PDFEncrypt project, which will enable secure sharing of PDF files among users without the need to send passwords in email, and also avoiding uploading unencrypted documents to any server. (This means nobody, not even the server host, can access the document contents!) I am very excited about this and am working to incorporate it directly into the PDFEncrypt app. (More details as PDFEncrypt V2 is released!) :)

I do like the idea of adding certificate signing to PDFEncrypt, as this is the correct way to "stamp" documents at a certain version level and track changes thereafter. Please feel free to add this as a feature request so that I don't forget it!

Regarding your current use case... could you get around the problem by instructing all users to encrypt their files with a simple password such as "x"? This would allow all users to utilize the current v1 PDFEncrypt and avoid online encryption apps, and not need to generate new passwords for all documents. They would just remember to use 'x' to open all documents. However, this may not work for docs that are distributed outside the organization... Just a suggestion for a quick fix at the current time until V2 comes out.

Thanks again for your understanding and I look forward to your feedback on V2.

Best regards,
Ryan