I have a requirement where in users download the PDF form from our public website to their desktop and fill out the form and Submit it to HTTPS server (that is hosting the servlet). The PDF will have have an "Owner" password with acrobat 7 compatibility and 128 bit AES encrpytion.
I have 3 questions mainly:
1. During the data transfer from user's desktop to the servlet, is the data encrypted? If so, what level of encryption.
2. If in the above case, user opens the form from within the browser, Is the browser handling the encryption or the the PDF?
3. If user stores the form they filled out, is the data stored as encrypted. If it is, how would the user who wishes to see this form decrypt it?
1. The PDF will be encrypted enRoute by the https connection.
2. The browser.
3. The data is only encrypted while it is in the pipe.
Thanks Paul for your quick response as usual.
But, what is the point of having Security Settings in the Adobe LiveCycle Designer by making the form "owner" password protected. I understand that it protects the form integrity but there are also Encryption Settings in that window, the 2 choices being 128 bit RC4 and 128 bit AES.
After I apply these settings, if I open the form in Adobe Reader, I see the "lock" icon on the PDF and when I see the Document Security Window, it says Encryption level of "128 bit RC4" or "128 bit AES" depending on what was set.
Even if I do not apply these (owner password and encryption) settings the form data will be posted securely over HTTPS right as long as my servlet is hosted on a secure server with valid certificate?
Sorry I was thinking of something else and not those settings. Yes that will encrypt the PDF. Also because you are using https it will always be encrypted in the pipe.
Thanks Paul. If the form that is filled and saved to user desktop is encrypted, how can the user decrypt it to view data. Do they always need a password? On our form, there will NOT be a "user" password protection. We will only set "Owner" password which the users will not be provided.
I think that Acrobat decrypts it when it is opened .....that encryption is only so that if someone tried to look at the bits of the pdf with somethig other than Acrobat/Reader they woudl not be able to.
If you want to encrypt it specifically for a single user then you will need a PKI infratsructure.
For PKI infrastructure, we need to set up User password on the form. Is that correct?