How to protect PDF documents using Acrobat X

How to protect PDF documents using Acrobat X

Dave Merchant – October 10, 2010

Protecting documents against unauthorized access or alteration is an important part of modern life, and in Acrobat X we have improvements in both the strength of our encryption methods, and the simplicity of applying and managing them.

Protection can be applied to PDF files, and through portfolios and file attachments to other file formats; to either restrict the ability to open a file, or block access to features such as printing, editing, commenting and content extraction.

Acrobat X supports the widest range of protection methods, with varying degrees of encryption to choose from based on the value of the documents and the needs of your users.

All PDF protection relies on encryption, either using a password, digital certificate or a server-based rights management solution.

To encrypt a PDF file, open the new Tools Pane, and select Protection – the first two buttons are what we're looking for.

Clicking "Encrypt" opens a drop-down list of the methods and preset profiles available.

Certificate encryption is designed for situations where you know your recipients in advance, and they each have a digital ID, the public key of which they must share with you in a file.

By using their certificates to encrypt the document, only they can open it – so of course you need to make sure you've included your own certificate in the list of recipients, or you'll be locked out.

Then we browse for the shared public keys that have been sent by each of our recipients, and for each user we can set individual permissions on what they may be allowed to do when they open the file.

Then click Next and click Finish.

The settings have been remembered but haven't been applied to the file – they'll only be applied when you save the document, so you can continue to make changes to it, and if you change your mind you can choose Encrypt > Remove, and reset the document to its unsecured state.

Password-based encryption is the most commonly-used method, and the most widely-supported in non-Adobe software, plus it doesn't need any advance knowledge as anyone who knows the password can open the file.

The Settings dialog for password protection has a number of important changes in Acrobat X.

First, when we select the compatibility level, you can see we still have the ability to target older versions of Acrobat, which can be important if your files are being opened in third-party software, however the strongest method, based on 256-bit encryption, is now compatible with Acrobat and Reader X and later.

If you're distributing files to users of Acrobat or Reader 9, you should choose the Acrobat 7 and later preset.

There are two ways we can protect this file; we can apply an open password, which of course is needed to open the file in the first place, or we can restrict operations on the file with a permissions password, or both.

Of course if you choose both, you can't use the same password twice!

I'll leave the open password blank.

The new strength indicator shows how complex the password is, and how likely it is to be guessed by a human or a software-based attack.

If I type in "hello", it's a weak choice...

add a couple of digits and it's getting better...

then some punctuation.Of course the more complex it is, the harder it is to remember - so I'll stick with "hello" in this example.

We then define what our recipients will be allowed to do if they don't know this password (if they do, they can turn off the restrictions).

I'll allow them to print the file, but not make any changes.

Remember that Adobe Reader X now allows access to a basic set of commenting tools for any unsecured document, so by selecting "none" from the changes options I'm turning those off.

To keep them active, I'd need to choose one of the commenting options instead.

You usually leave this first entry unchecked, so people can't copy and paste your content to other applications, and the second entry checked.

If you turn this off, Acrobat warns you there may be regulatory requirements for accessibility to deal with.

Now I just re-enter the password, and we're done.

I can save the file with a new name using File > Save As > PDF.

If was going to distribute the file to Adobe Reader users and I want them to be able to fill in forms, sign pages or use the fuller range of commenting tools, I'd choose Reader Extended PDF – however the security permissions I've chosen will take priority, so as I've decided to prevent all changes, Reader-extending this file wouldn't serve any purpose.

When we finally save the file, security is applied as you can tell from the title of the window.

Of course always applying same choices every time is a bit annoying, and in Acrobat we can create presets for any type of encryption, using Encrypt > Manage.

The dialog shows all your pre-defined policies, including any from DRM servers you may be connected to.

Let's click New and make a password-based policy...We're asked to name and describe the policy - the name will appear within the document so you have to be slightly careful what you say, and the description is optional - and you can choose whether the password will be embedded in the profile or not.

Unticking the box allows you to use a different password each time you apply the policy.

Now we get the same settings dialog box we saw earlier, and this time I'll create an open password...

Clicking Finish saves the new policy, and I can choose to apply it to the current document right away.

You can see there's a little star next to the name - this means it's a Favorite, and will appear on the Encrypt dropdown list.

You can choose which policies appear by toggling the star.

If I close the settings manager, you can see the new profile is now ready for use.

"More Protection" is where you can control files that are protected using Digital Rights Management, using Adobe LiveCycle Servers.

Depending on the policy applied, DRM files can be revoked, which stops anyone else from being able to open their copies, and you can see who's done what from the audit history.

With a server-based DRM solution, these links will open your web browser and take you to the online management interface.

You can manage your subscriptions to DRM servers, as well as your installed digital IDs, using the More Protection > Security Settings dialog.

This is also the place where you can export your public keys so other people can produce certificate-signed documents using your identity.

Simply choose your key, choose export, decide whether you wish to save it to a file or attach it to an email, and save the file as an FDF.

Finally, if you're managing the policies and settings for an enterprise - or simply want to transfer all your presets from one computer to another, you can export all your security settings to an encrypted file using More Protection > Export Security Settings.

You choose what you want to export from the list.

I'll choose to only export my security policies, and what actions to take with each policy.

Then click Export.

You'll need to encrypt the file.

I'll enter a simple password, and then sign it with a digital ID.

The file is saved with an acrobatsecuritysettings file extension, and the file can be distributed to anyone else; who (provided they know the password) can import it using More Protection > Import Security Settings.

By clicking Import, existing entries will be updated, new ones added, and revoked entries removed.

If you're applying encryption regularly, you can add the Encrypt tool to your Quick Tools menu, either by right-clicking it and choosing Add to Quick Tools, or just by dragging it into the Quick Tools bar.

In combination with presets, protecting a document in Acrobat X is literally a one-click process.