No, it's not a flaw in certificates at all. The new document will be an obvious fake as it won't have the signature.
People tend to focus too much on "people can make a copy of this PDF and edit it", as if this is a hole in security. The fact is, if a fake is going to be worth making, people only have to retype it (some people have that much patience).
It can require sigificant user education to get them to check signatures, rather than look at what it says on screen, but it's important.
I think you missed the point.
My question is not about whether or not people can identify if the document has been modified. It is asking if there is a way to prohibit the act of converting the document to a completley unprotected format. However thankyou for your off topic opinion.
The option to prevent copying and or converting to other formats is a basic option for a secured PDF document. Can this be added to the security policy for certifying a document through the Adobe interface somehow?
What permissions do you use when you add the certicate security?
1 person found this helpful
Bernd, He/She is not using Certificate Security, but rather MDP (Modification, Detection, and Prevention) as part of the Certified Document Signature (CDS) workflow.
TSN, Like Rob mentioned there is no way to totally lock down the document because someone could take a picture of the screen using a cell phone, convert it to PDF and use OCR to turn it back into editable text. Or as he also mentioned, just re-create the whole document. That said, what you are looking to do is (hopefully) make it so hard to get the document into an editable format that it discourages anyone from trying. In other words, you want to prevent page extraction and copying data to the clipboard along with the other restrictions. This is best accomplished using one of the file encryption methods along with the certifying signature. There are three methods available to you; Password Security, Certificate Security, and LiveCycle Rights Management Server (RMS) Security. Password Security is the simplest to apply, but also the simplest for a hacker to break. Certificate security is the most complex to apply because you have to acquire the public-key certificates for everyone you want to allow access to the document, but it is the hardest form of security to crack because you are actually limiting who can open the document along with what they can do with it once they get it open. This prevents the document from being opened by the hacker. RMS security is a hybrid of the other two, but if you don't have the sever available already, it's not an option.
So working on the assumption that you will use Password Security, one thing to remember is you cannot encrypt a signed document, which means you have to apply Password Security first, and then add the Certifying Signature. After you apply Password Security you will get a dialog that tells you that security isn't in effect until you save the document. Instead of saving the file at this point go ahead and add the CDS signature which will force a Save As operation as part of the signing routine. It's here that the document will be fully locked down, but remember that after you sign (and save) the file that you need to close the file and reopen it before you check the Permission Settings, because for that moment between signing and closing the file you (and only you) still are the document author and still have all of the rights. After you close and reopen you will be a regular user (no longer the document author) and see all of the permission settings that you expect.
Thankyou for your reply Steve,
Your method is what we have ended up doing, using password encryption to secure the document before certifying it with a CDS certificate.
Glad it worked and happy to help.