If you have sensitive information you want to protect and distribute, PDF is a good option to consider. Adobe Reader could very well be the most widely distributed crypto-enabled application from any vendor, because Adobe has been including encryption since version 2.0 in 1994 – across numerous desktop and mobile platforms. So there’s a pretty good chance that your intended recipients will be able to open an encrypted PDF. Today in 2011, PDF supports the FIPS certified AES 256 algorithm and provides a number of advanced capabilities.
Another advantage of using the built in encryption of PDF is that it can be persistently integrated in the file – and not enveloped. This means that anywhere the file goes, independent of storage and transport, it stays protected. Common alternatives like PGP, ZIP, and S/MIME use enveloping encryption around content that gets discarded when the envelope is open – leaving the content unprotected, subject to accidental or malicious redistribution.
There are three main ways to encrypt a PDF file:
- Password encryption
- Public Key Infrastructure (PKI) encryption
- Rights Management
Password encryption relies on a shared password between the publisher and all the recipients. The publisher selects a phrase like “No1Kn0w$” to encrypt the document, and the recipient uses the same to decrypt it. To mitigate brute force attacks as well as simple guessing of common passwords – be sure to use long complex passwords with multiple upper, lower, number, and symbol combinations. Remember to be creative, like song lyrics, poetry, and other long phrases as source material.
PKI encryption can provide greater protection by using additional cryptography and digital certificates. Each recipient has a keypair (up to RSA4096), and publishes their public key certificate. While encrypting, the publisher’s computer randomly generates a symmetric key(up to AES256), and encrypts that key to each recipient’s asymmetric public key to include in the document with the symmetric key encrypted content. In return, the recipient computer uses their own private key to decrypt the symmetric key, and then decrypt the document. When the private key is stored on a token, e.g. USB, CAC, PIV, eID – it can provide two factor security – requiring the token, and any PIN codes to unlock the token.
Rights Management was developed to provide integration into enterprise authentication (AuthN) and authorization (AuthZ) infrastructure without requiring PKI. A Rights Management server ties into LDAP, Active Directory (AD), or other user databases to identify the ecosystem of users sharing a document. Rights Management can also use those same directories to read in groups of users. An administrator can create a rights management “policy” which is an easily reusable way to protect documents in a certain way. The policy can define which users or groups can open the document, what they can do with the document, and track what they have done with the document. These can be internal or external users – whether employees, partners, or consumers. The publisher then selects the policy to protect a document. The recipient opens the document and the Acrobat/Reader client will call back to the server to authenticate them, then determine whether they are authorized to open the document. In addition to username/password types of authentication, the server can also support Kerberos single sign on (SSO),PKI authentication (which is different than PKI encryption above), OTP, and other custom methods. With Rights Management you can also expire, revoke, version control, watermark, and audit document usage, too. Rights Management is great for communities of users that have existing authentication and authorization systems in place – whether it’s secure information sharing, or electronic statements to consumers. In addition to PDF, Rights Management can also apply to native Office and CAD documents, too. Stay tuned for news on rights management capabilities being available on smartphone and tablet devices in Fall’11, too!
For all three encryption methods, it is also possible to restrict printing, clipboard, and modification after a protected document is opened.
Applying these encryption capabilities can be done ad-hoc on the desktop with Acrobat, as well as part of automated structured workflows on a server, too.