Proofed it. Corrected a few typos and added a link to the PDF Reference. In
a couple more days, I'll read over it again.
Pat
-----Original Message-----
From: J.Pietschmann [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 06, 2003 3:44 PM
To: [EMAIL PROTECTED]
Subject: Re: Encryption
Patrick C. Lankswert wrote:
> If there is anything you need reworked, just let me know.
No problem apart from the surprise.
I wrote up something in pdfencryption.xml, checked in in HEAD (not
the maintenance branch). If you (or someone else) would proofread
it, in order to spare others the trouble...
Again, did anyone try the Mozilla JCE impl?
Any other OSS implementation (besides BouncyCastle) which
includes RC4?
What about commercial stuff?
Peter, Keiron: how is the web site updated? I thought there was a
cron job every few hours?
J.Pietschmann
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
<?xml version="1.0" standalone="no"?>
<!DOCTYPE document PUBLIC "-//APACHE//DTD Documentation V1.1//EN"
"http://cvs.apache.org/viewcvs.cgi/*checkout*/xml-forrest/src/resources/schema/dtd/document-v11.dtd";>
<document>
<header>
<title>PDF encryption.</title>
</header>
<body>
<section>
<title>Overview</title>
<p>
FOP supports encryption of PDF output, thanks to Patrick
C. Lankswert. This feature is commonly used to prevent unauthorized
printing, editing and copying text from the document or to forbid
annotations. It is also possible to ask the user for a password in order
to view the contents. Note that there already exist third party
applications which can decrypt an encrypted PDF without effort and allow
the aforementioned operations, therefore the degree of protection is
limited.
</p>
<p>
For further information about features and restrictions regarrding PDFF
encryption, look at the documentation coming with Adobe Acrobat or the
technial documentation on the Adobe web site.
</p>
</section>
<section>
<title>Usage</title>
<p>
Encryption is enabled by supplying an owner password with the
<code>-o</code> option. The owner password can be used to disregard
any restriction imposed on the PDF document. If no owner password has
been supplied but FOP was asked to apply some restrictions, a random
password is used.
</p>
<p>
A user password, supplied with the <code>-u</code> option, will
cause the PDF display software to ask the reader for this password in
order to view the contents of the document. If no user password was
supplied, viewing the content is not restricted.
</p>
<p>
Further restrictions can be imposed by using the
<code>-noprint</code>, <code>-nocopy</code>,
<code>-noedit</code> and <code>-noannotations</code> options,
which disable printing, copy text, editing in Adobe Acrobat and making
annotations, respectively.
</p>
</section>
<section>
<title>Environment</title>
<p>
In order to use PDF encryption, FOP has to be compiled with cryptography
support. Currently, only <link
href="http://java.sun.com/j2se/1.4/docs/guide/security/jce/JCERefGuide.html";>JCE</link>
is supported. JCE is part of JDK 1.4. For earlier JDKs, it can be
installed separately, however, the build process currently recognizes
JCE from JDK 1.4.
</p>
<p>
Cryptography support must also be present at run time. In particular, a
provider for the RC4 cipher is needed. Unfortunately, the sample JCE
provider in Sun's JDK 1.4 does <strong>not</strong> provide RC4. If you
get a message saying
</p>
<source>"Cannot find any provider supporting RC4"</source>
<p>
you don't have the needed support.
</p>
<p>
There are several commercial and a few Open Source packages which
provide RC4. A pure Java implementation is produced by <link
href="http://www.bouncycastle.org/";>The Legion of the Bouncy
Castle</link>. <link
href="http://www.mozilla.org/projects/security/pki/jss/";>Mozilla
JSS</link> is an interface to a native implementation.
</p>
</section>
<section>
<title>Installing a crypto provider</title>
<p>
The pure Java implementation from <link
href="http://www.bouncycastle.org/";>Bouncy Castle</link> is easy to
install.
</p>
<ol>
<li>
Download the binary distribution for your JDK version. If you have JDK
1.3 or earlier you must alos download a JCE from the same page.
</li>
<li>
Unpack the distribution. Add the jar file to your classpath. A
convenient way to use the jar on Linux is to simply drop it into the
FOP lib directory, it will be automatically picked up by
<code>fop.sh</code>. If you have JDK 1.3 or earlier don't forget to
install the JCE as well.
</li>
<li>
Open the <code>java.security</code> file and add<br/>
<code>security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider</code>,<br/>
preferably at the end of the block defining the other crypto
providers. For JDK 1.4 this is detailed on <link href="http://java.sun.com/j2se/1.4/docs/guide/security/jce/JCERefGuide.html#InstallProvider";>Sun's web site</link>.
</li>
</ol>
</section>
</body>
</document>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
