Gian Franco wrote:Hello Bruno,
How does iText help/support in the pdf security aspects?
That's explained in
chapter 12.
Table 13.1 in the book lists the different PDF versions along with the most important functionality that was introduced in these versions.
40-bit encryption were introduced in Acrobat 2 (PDF 1.1).128-bit encryption was introduced in Acrobat 5 (PDF 1.4).AES encryption was introduced in Acrobat 7 (PDF 1.6). The algorithm used for the above encryption is (alleged) RC4.
All these types of encryption are supported in iText:
12.3 Encrypting a PDF document
12.3.1 Creating a password encrypted PDF
-> table 12.2 Overview of the permission parameters
-> table 12.3 Overview of the encryption parameters:
* 40-bit ARC4 encryption
* 128-bit ARC4 encryption
* 128-bit AES encryption
12.3.2 Public-key encryption
* this is also known as certificate encryption
Please understand that password protection in PDF isn't real security. It's very easy to crack a password, and since PDF became an ISO standard Adobe no longer has any legal basis to pursue companies that provide cracking software.
The
ElcomSoft/Sklyarov case is something of the past.
Whoever is asking for PDF password protection should know that this concept is purely psychological, and that iText can't be blamed if somebody succeeds in decrypting a PDF that was password encrypted by iText.
Certificate encryption is a better means to protect the document, but this concepts has its flaws too: you can use certificate (aka public-key) encryption to add restrictions (for instance: the user is not allowed to print the PDF), but these restrictions can be removed by the person owning the private key corresponding with the public key that was used to encrypt the document. As a matter of fact, I explain how to remove these restrictions in the book (after I checked with Adobe and with a lawyer if I was allowed to describe how to do this).
iText doesn't offer any DRM solution as DRM is not part of ISO-32000-1.
Note that chapter 12 also discusses digital signatures. I'm not sure if your question about security was only about encryption or if you also wanted to know about digital signatures to protect the integrity of a PDF document.
12.4: Digital signatures, OCSP and timestamping
* 12.4.1: Creating an unsigned signature field
* 12.4.2: Signing a PDF
* 12.4.3: Adding multiple signatures
* 12.4.4: Verifying the signatures in a document
* 12.4.5: Creating the digest and signing externally
* 12.4.6: CRLs, OCSP, and timestamping
* 12.4.7: PDF Advanced Electronic Signature profiles (PAdES)
iText supports both author and recipient signatures. All of the technologies mentioned in the above TOC are supported, except for PAdES.
Some developers have already created PDFs that are compliant with the different ETSI standards regarding PAdES, but as PAdES is only supported in Acrobat X, we've only just begun developing high-level methods. These will probably be available in 11Q1.