From: Scott Ehrlich <[email protected]>
How safe is a password-protected PDF file sent via email? I've never run a sniffer to see what could be learned from doing this. Thanks. Scott
As far as I know, pdfs have two types of password protections. One governs what the viewer is allowed to do with the document (print, copy text, etc); the other is used to encrypt the pdf's content. From what I've read, the first type is easy to get around. The second depends on the encryption algorithm. Page 55 of https://wwwimages2.adobe.com/content/dam/Adobe/en/devnet/pdf/pdfs/PDF32000_2008.pdf describes the encryption in pdfs. It looks like RC4 or AES, using key lengths of 40--128 bits. The default is 40 bits, which is pretty weak by today's standards. Given only -sOwnerPassword= and -sUserPassword=, ghostscript seems to use 40 bits; but you can ask for 128 bits with by adding -dKeyLength=128 -dEncryptionR=3. In summary, the password protection allows you to encrypt the pdf. The amount of protection you get depends on the key length you choose. Steve
signature.asc
Description: Digital signature
_______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
