Macworld Forums: How to create read-only PDFs in OS X - Macworld Forums

Post your comments for How to create read-only PDFs in OS X here

Funny how this has been possible for about 10yrs in OSX, but people think they still need to spend extra money on apps. to do it! : )

Unfortunately, this method doesn't really secure the document since, with the exception of requiring a PW to open the document, you can simply use the Quartz convert to generic X3 PDF on any "secure" PDF. However, if you require a PW to open the document, that cannot be bypassed by the Quartz filter. There are other tools that will strip out the security, but 99% of the people won't use those.

It's a matter of what you're trying to do, but often in my industry, I see data sheets and other technical documents where the people who created them simply don't understand the security options and they think they are creating a secure document, when in fact it's not all that secure.

Can't someone just take a screenshot of the document, create a new one and do whatever they want with it?

If you copy the PDF, you can edit it !!

MacUKNW, on 12 July 2012 - 09:49 AM, said:

In my testing, once you've enacted the protections, they hold even if you duplicate the file. We sent a protected PDF through email and chat, as well as between Macs and PCs.

rairvine, on 12 July 2012 - 09:48 AM, said:

It's true, a person can take a screenshot of anything, although they may not end up with the same image quality. Readers could also retype the material, if they were willing to spend the time doing that. If you want more than basic protections, you might consider: requiring a password to open your PDF, investing in stronger protections like those offered through Acrobat Pro, or thinking twice about distributing your information by PDF at all.

Thanks for the video and text.

The last paragraph in the article says, "Be aware that determined users can find utilities on the Internet that will let them override many types of PDF encryption. Still, for most uses, the simple and free PDF protections provided by OS X will do the trick."

I encrypted some files, using the "Require password to open document" option, as shown in the video. Then I emailed the encrypted files to the person doing my taxes.

I wouldn't be surprised if some "bad guys" monitored the emails to and from the tax preparation firm. Could the bad guys open my encrypted file attachments, using utilities found on the Internet, and read my financial information?

glj, on 12 July 2012 - 11:49 AM, said:

First rule of computer security: Don't get a computer.

Yes, the "bad guys" could, for some value of bad guy. In everything in computer security, you have to decide what is the threat you are trying to protect against. What is your threat model? Is it the nosy twelve year old down the street? The disgruntled worker at your ISP? Some large criminal ring in another country that couldn't be bothered to visit you in person? Selected alphabet soup government agencies? Each one requires a different level of protection. The kid down the street would be fooled by anything better than ROT-13 (so use double ROT-13 for twice the protection :-) The alphabet soup government agency is unlikely to be fooled by anything because they read your keystrokes from your electronic emissions as you typed it in.

The goal is to make you less interesting a target than others. If you want to email a document with sensitive data, I'd fear the ISP worker, and they won't be fooled by any PDF protection short of full SSL encryption. Fortunately, in email, we can use various automatic encryption methods (SMIME being one of the two common standards). There is also the old fashioned way of handing them a shoe box. If you want to be new fangled, put a flash drive in the shoe box. But don't get too paranoid. That's my job.

how do you combine PDFs?

Afuller, on 16 July 2012 - 06:39 AM, said:

When you need to combine PDFs, this tip still works: http://www.macworld....ow_leopard.html

Afuller, on 16 July 2012 - 06:39 AM, said:

For both questions being discussed in this thread, try PDF Studio 7.
PDF Document security

• apply or user passwords to control opening the PDF; printing; changing the document.
  
• validate and apply true digital signatures (they encrypt the file at the time of signing; if the file is changed later, the signature is invalidated)

PDF Document combination:

• combine PDFs - drag & drop one at a time, or use the Batch command to convert folders of multiple files into a single PDF with one command

Security on any digital document generally serves two purposes:
1) primarily designed to discourage potential damage to or theft of the document's contents. Like the lock on a door, it CAN be overcome with enough effort.
2) the other purpose of digital document security (the true PDF digital signature technology) is to validate for the recipient that the contents of that document now is the same as when it left the signer. When a digitally signed PDF is modified, the signature will indicate that there was a change since the signing.

This post has been edited by PDFSusan: 23 July 2012 - 10:29 AM