Topic: PDF over LAN & Security

[Cyrus Bharda]

Hello all,

Firstly thank you to the contributers of the "How to create PDF-files by using an E-Smith server and Ghostscript" ! It works great!

I just have a question, is there any way of adding security settings when using ghostscript? Just because I found that once I created a pdf file, if I were to open in in Adobe Acrobat (the full blown version, not just the reader) I was able to make changes to the file and save it, and thus having a pdf file pointless as a file that could not be edited after creation.

When using the full version of Acrobat, you can add a security setting onto a pdf file, thus password protecting it from changes. I know there is probably  something out there that could strip this security measure from the file, but I am not dealing with people who would go to that extreme, but still would like some assurance that these files are not going to be edited and saved after we have sent them out.

Is there any way of setting up ghostscript to add this security feature to the pdf files it creates?

Thanks,

Cyrus Bharda

[Dave F]

I'm no expert in ghostscript, but I'm interested in this functionality too.  Went to http://www.ghostscript.com/doc/gnu/6.52/Use.htm and searched for "password" and "security" and found no entries on the page.  My assumption is that this capability is not present in ghostscript and rather than develop it, the expectation is to use GNUPG.  IF you find out something else, let me know.

[Cyrus Bharda]

Dave,

Yeah I had a poke around and there are some free programs that say that they add security to the file, but open it in Acrobat and you can easily remove it.

Our company does own a single copy of Acrobat, so what we are going to do is use ghostwriter to create the pdf files and then apply the security to them in Acrobat and then send them offsite, as that seems to be the only way to make 100% sure that no one can then edit it without the password, which will probably be just a random generated number as we wont need to edit them after we create them.

But thanks for the info!

Cyrus Bharda

[Nathaniel Brown]

If you want to make sure that they aren't change keeps a secure copy of the check sums.

Here's a sample configuration.

At the end of generating the file you create an hash value (md5 etc) this is stored in a database along with other file information (Creation date etc).

As long as you keep the database secure your fine. Also what I'd recomend doing is making the ibay with the PDF's on it read only.

The truth is if your users don't know how to get around security then they don't know how to change the modification date on a file either and if they do change a file you still have the checksum.

You can even wip up a handy web interface so that users can check that the file is valid. After they've "tested" it once or twice they'll give up.

I haven't seen any open source programs that do PDF security. If they did it only cost about $50 for the software to remove it. Personaly where burning our file to cdrom and having them archived so that they can't be changed.

[Michael Smith]

How about md5 checksums for your documents?  That'd at least put folks on notice that you'll know if documents are altered.

[Guck Puppy]

Michael Smith wrote:
>
> How about md5 checksums for your documents?  That'd at least
> put folks on notice that you'll know if documents are altered.

I suspect it's as much an issue of people making changes to the documents - and then printing them. They'll seem legit in every way, can't do any fancy checksum-ing on paper.

G

[Cyrus Bharda]

Thanks everyone for their input on this thread, it looks as though it does not matter what type of security you put on a pdf file, there are programs out there that can break that security. So basically if a person wants to change it they will. But if they then try to claim anything with their edited version, they cannot, as we have a copy of the original document, a copy of the pdf document and a copy of what we sent out, which we can confirm are all exactly the same, so the edited copy is obviously a fake and therefor anything contained on it is invalid, legally speaking, so it looks like the issue of security and pdf files is just a storm in a teacup.

As long as we cover our bases and keep copies of original documents and sent items if emailing, then I think we'll be fine. A person would be totally stupid anyway to try anything like that, I mean its just stupid. It would be like me buying something, changing the receipt and then trying to go back with the edited receipt and try to get more money back than what was on the original receipt. Of course that is not going to work as the vendor is going to know the receipt has been edited.

Anyway thanks for the input all!

Cyrus Bharda

[Mats Karlsson]

Sorry hasnt read the old topic, but if its based on "http://www.acenet-tech.org/cdj/pdf-over-lan/install_on_5.6" the I would like to ask:

Is it possible to use the Ghostscript AFPL 8.0 version that has this feature instead of the Ghostscript GNU 6.52 version that hasn't ?

Cut from the 8.0 manual :
-sPDFPassword=password
Sets the user or owner password to be used in decoding encrypted PDF files.

http://www.ghostscript.com/doc/AFPL/8.00/Use.htm

Is it a problem to use Ghostscript AFPL version 8.0 instead of the GNU version


/Mats