On 2014-11-12 16:08, Carlos E. R. wrote:
> Hi,
>
> when I send a password protected pdf, is it encrypted, with perhaps weak
> methods, or is it just a flag that signals “protected”, which other
> software may choose to ignore?
>
> I have seen claims to the second item, but it could also be software
> that breaks the encryption transparently.
I found a relevant item in the wikipedia:
+++····································
http://en.wikipedia.org/wiki/Portable_Document_Format#Security_and_signatures
Security and signatures
{This section requires expansion. (May 2008)}
A PDF file may be encrypted for security, or digitally signed for
authentication.
The standard security provided by Acrobat PDF consists of two different
methods and two different passwords, user password, which encrypts the
file and prevents opening, and owner password, which specifies
operations that should be restricted even when the document is
decrypted, which can include: printing, copying text and graphics out of
the document, modifying the document, or adding or modifying text notes
and AcroForm fields. The user password (controls opening) encrypts the
file and requires password cracking to defeat, with difficulty depending
on password strength and encryption method – it is potentially very
secure (assuming good password and encryption method without known
attacks). The owner password (controls operations) does not encrypt the
file, and instead relies on client software to respect these
restrictions, and is not secure. An “owner password” can be removed by
many commonly available “PDF cracking” software, including some free
online services.[76] Thus, the use restrictions that a document author
places on a PDF document are not secure, and cannot be assured once the
file is distributed; this warning is displayed when applying such
restrictions using Adobe Acrobat software to create or edit PDF files.
Even without removing the password, most freeware or open source PDF
readers ignore the permission “protections” and allow the user to print
or make copy of excerpts of the text as if the document were not limited
by password protection.
Some solutions, like Adobe’s LiveCycle Rights Management, are more
robust means of information rights management, which can not only
restrict who can open documents but also reliably enforce permissions in
ways that the standard security handler does not.
····································+±
It appears that the “owner password” can be broken easily, or simply
ignored, but the “user password” is encryption. The info is a bit old,
but that is reassuring. It explains why some claim that the password can
be ignored.
–
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)
(or give me