Highlighted

PDF data encryption

Avatar

Guest

21-01-2009

I have a requirement where in users download the PDF form from our public website to their desktop and fill out the form and Submit it to HTTPS server (that is hosting the servlet). The PDF will have have an "Owner" password with acrobat 7 compatibility and 128 bit AES encrpytion.



I have 3 questions mainly:



1. During the data transfer from user's desktop to the servlet, is the data encrypted? If so, what level of encryption.



2. If in the above case, user opens the form from within the browser, Is the browser handling the encryption or the the PDF?



3. If user stores the form they filled out, is the data stored as encrypted. If it is, how would the user who wishes to see this form decrypt it?



Appreciate your quick response.

Replies

Highlighted

pguerett

21-01-2009

1. The PDF will be encrypted enRoute by the https connection.



2. The browser.



3. The data is only encrypted while it is in the pipe.
Highlighted

Avatar

Guest

21-01-2009

Thanks Paul for your quick response as usual.



But, what is the point of having Security Settings in the Adobe LiveCycle Designer by making the form "owner" password protected. I understand that it protects the form integrity but there are also Encryption Settings in that window, the 2 choices being 128 bit RC4 and 128 bit AES.



After I apply these settings, if I open the form in Adobe Reader, I see the "lock" icon on the PDF and when I see the Document Security Window, it says Encryption level of "128 bit RC4" or "128 bit AES" depending on what was set.



Even if I do not apply these (owner password and encryption) settings the form data will be posted securely over HTTPS right as long as my servlet is hosted on a secure server with valid certificate?
Highlighted

pguerett

22-01-2009

Sorry I was thinking of something else and not those settings. Yes that will encrypt the PDF. Also because you are using https it will always be encrypted in the pipe.
Highlighted

Avatar

Guest

22-01-2009

Thanks Paul. If the form that is filled and saved to user desktop is encrypted, how can the user decrypt it to view data. Do they always need a password? On our form, there will NOT be a "user" password protection. We will only set "Owner" password which the users will not be provided.
Highlighted

pguerett

22-01-2009

I think that Acrobat decrypts it when it is opened .....that encryption is only so that if someone tried to look at the bits of the pdf with somethig other than Acrobat/Reader they woudl not be able to.



If you want to encrypt it specifically for a single user then you will need a PKI infratsructure.
Highlighted