PDF documents can utilize two passwords:

  • Password to open
  • Password to restrict printing and editing

Password to Open

The Password to open requires a user to enter a password to view the document.

When the user sets a Password to open, all of the strings and streams in the PDF document are encrypted with the RC4 stream cipher.

The Password to open is also know as the User password.

Password to Restrict Printing and Editing

The Password to restrict printing and editing can be configured to require a user to enter a password to:

  • Insert, delete or rotate pages
  • Insert comments
  • Fill in form fields
  • Sign the document

When a user sets a Password to restrict printing and editing, the password is stored inside the PDF document. This password does not encrypt the PDF. This password is simply supposed to be honored by PDF-compliant applications.

Some programs simply ignore the Password to restrict printing and editing. Applications which are know to do this include:

  • Aladdin Ghostscript/GSview
  • XPDF
  • Apple Mac OS X Preview

The Password to restrict printing and editing is also know as the Owner password.

Applying passwords in Adobe Acrobat Distiller

To apply a password to a PDF document in Adobe Acrobat Distiller, click <Settings>, <Security>.

If you set a Password to restrict printing and editing, you have more options:

  • Printing Allowed:
    • Low Resolution (150dpi)
    • High Resolution.
  • Changes Allowed:
    • None
    • Inserting, deleting, and rotation of pages
    • Fill in of form fields and signing
    • Commenting, filling in of form fields, and signing
    • Any except extracting of pages
  • Enable copying of text, images, and other contents
  • Enable text access for screen reader devices for the visually impaired

PDF Password Recovery

It is possible simply to delete the Password to restrict printing and editing.

The Password to open can be attacked with a dictionary attack or a brute force attack.

With earlier versions of Adobe Acrobat Distiller which were limited to 40-bit keys, a brute force attack could actually be faster than a dictionary attack. Current versions of Adobe Acrobat Distiller use 128-bit keys.

Several programs, with widely varying capabilities, are available to help you recover a lost PDF password:

Purchase these excellent books on cryptology at Amazon.com