How to protect a PDF with a username and password?

Tags: password encryptionencryptionpermissionsiText 5

Let's say I have a private teaching forum, where each user has a username and an encrypted password (paid account), and there's a DOWNLOAD section where pdf files can be downloaded by users only. These files should be protected by the personal user name and password of these users. In other words, the password should be taken from the user's account and used to the open the PDF file that is downloaded. This way, sharing the PDF file with others would force the "copier" to also share his user name and password...

Posted on StackOverflow on May 1, 2014 by iJassar

You can't achieve what you want with PDF because encryption with a username and password doesn't exist in PDF.

There are two ways to encrypt a PDF document:

  1. Using certificates. You could ask your users to create a public/private key pair. You could then ask them to keep their private key private and ask them to give you their public key. When you encrypt your PDF using their public certificate, you can then encrypt the document with their public key. From that moment on, only the owner of the corresponding private key can read the document. However: the owner of the corresponding private key can also decrypt the document so that it can be shared.

  2. Using passwords. You can define two passwords: a user password and an owner password. A document that is encrypted with an owner password can be opened by every one who receives the document. The owner password is there to define permissions (for instance: the document can be viewed, but not printed). Removing the restrictions without knowing the owner password is fairly easy. It used to be illegal when Adobe still owned the copyright on the PDF reference, but since PDF is now an ISO standard, it's not entirely clear if applying the spec to remove the owner password is allowed. If a document is encrypted using a user password, everybody who knows the user password can open the file. There is no username, only a user password.

Neither of both cases serve your purpose (read ISO-32000-1 for the full details). The only alternative is to buy an expensive DRM solution.