6 Replies Latest reply on Oct 18, 2012 11:53 PM by Steven.Madwin

    Certified documents - Allowed actions after signing

    Rob Transport

      Hello,

       

      I am using a CDS certificate to digitaly certify documents. When "no changes allowed" is selected the document restrictions summary reads as follows:

       

      Printing: allowed

      Content copying: allowed

      Content copying for accessibility: allowed

      Page Extraction: allowed

       

      Rest not allowed.

       

      Now it is a simple matter for someone to, for example, go - File - Save as - Word document and now they have their own completley editable version of the document.

       

      Is there a way to prevent this from happenening, it seems an increidble flaw in the security of the document. Is there any way I can change the security profile to only prining allowed?

       

      With Thanks

       

      Robert

        • 1. Re: Certified documents - Allowed actions after signing
          Test Screen Name Most Valuable Participant

          No, it's not a flaw in certificates at all. The new document will be an obvious fake as it won't have the signature.


          People tend to focus too much on "people can make a copy of this PDF and edit it", as if this is a hole in security. The fact is, if a fake is going to be worth making, people only have to retype it (some people have that much patience).

           

          It can require sigificant user education to get them to check signatures, rather than look at what it says on screen, but it's important.

          • 2. Re: Certified documents - Allowed actions after signing
            Rob Transport Level 1

            I think you missed the point.

             

            My question is not about whether or not people can identify if the document has been modified. It is asking if there is a way to prohibit the act of converting the document to a completley unprotected format. However thankyou for your off topic opinion.

             

            The option to prevent copying and or converting to other formats is a basic option for a secured PDF document. Can this be added to the security  policy for certifying a document through the Adobe interface somehow?

            • 3. Re: Certified documents - Allowed actions after signing
              Bernd Alheit Adobe Community Professional & MVP

              What permissions do you use when you add the certicate security?

              • 4. Re: Certified documents - Allowed actions after signing
                Steven.Madwin Adobe Employee

                Bernd, He/She is not using Certificate Security, but rather MDP (Modification, Detection, and Prevention) as part of the Certified Document Signature (CDS) workflow.

                 

                TSN, Like Rob mentioned there is no way to totally lock down the document because someone could take a picture of the screen using a cell phone, convert it to PDF and use OCR to turn it back into editable text. Or as he also mentioned, just re-create the whole document. That said, what you are looking to do is (hopefully) make it so hard to get the document into an editable format that it discourages anyone from trying. In other words, you want to prevent page extraction and copying data to the clipboard along with the other restrictions. This is best accomplished using one of the file encryption methods along with the certifying signature. There are three methods available to you; Password Security, Certificate Security, and LiveCycle Rights Management Server (RMS) Security. Password Security is the simplest to apply, but also the simplest for a hacker to break. Certificate security is the most complex to apply because you have to acquire the public-key certificates for everyone you want to allow access to the document, but it is the hardest form of security to crack because you are actually limiting who can open the document along with what they can do with it once they get it open. This prevents the document from being opened by the hacker. RMS security is a hybrid of the other two, but if you don't have the sever available already, it's not an option.

                 

                So working on the assumption that you will use Password Security, one thing to remember is you cannot encrypt a signed document, which means you have to apply Password Security first, and then add the Certifying Signature. After you apply Password Security you will get a dialog that tells you that security isn't in effect until you save the document. Instead of saving the file at this point go ahead and add the CDS signature which will force a Save As operation as part of the signing routine. It's here that the document will be fully locked down, but remember that after you sign (and save) the file that you need to close the file and reopen it before you check the Permission Settings, because for that moment between signing and closing the file you (and only you) still are the document author and still have all of the rights. After you close and reopen you will be a regular user (no longer the document author) and see all of the permission settings that you expect.

                 

                Steve

                1 person found this helpful
                • 5. Re: Certified documents - Allowed actions after signing
                  Rob Transport Level 1

                  Thankyou for your reply Steve,

                   

                  Your method is what we have ended up doing, using password encryption to secure the document before certifying it with a CDS certificate.

                   

                  Thanks

                   

                  Rob

                  • 6. Re: Certified documents - Allowed actions after signing
                    Steven.Madwin Adobe Employee

                    Hi Rob,

                     

                    Glad it worked and happy to help.

                     

                    Steve