[reportlab-users] non-hackable pdf files

Michael Trisko mtrisko at trisko.net
Tue Apr 25 15:59:05 EDT 2006

Another potential solution for you depending on your requirements would be to use digital signatures/PKI.  You've stated you want to prevent people from editing/hacking your PDF files.  As Andy/Robin have stated you can't really prevent it outright, but digital signatures would potentially make it evident that the file had been tampered with.

The basic gist would be that your PDF file would include a signature hash that matches the contents of the document and the private key used to generate the signature.  If someone modifies the file, they won't easily be able to generate a signature that would match both the modified contents and the private key that they don't have access to.  It wouldn't prevent changes, but you'd potentially have an easy way to verify whether or not the copy was changed.

There are a lot of options and technologies out there for digital signatures and PKI, and some are not always cost effective or feasible depending on your application, but the recent PDF standards do include some support for it, so that the signatures can be somewhat integrated into the document.

If you're really looking to make the files readable but non-modifiable, I think the best you could do would be to convert the PDF into something like a TIFF image file (or invert that and write graphics into your PDF), but even then you'd have graphics editors and optical character recognition to worry about, which is getting better all the time...it's Andy suggested it's really a losing battle.

Mike Trisko

-----Original Message-----
From: reportlab-users-bounces at reportlab.com [mailto:reportlab-users-bounces at reportlab.com] On Behalf Of Andy Robinson
Sent: Tuesday, April 25, 2006 4:41 AM
To: Support list for users of Reportlab software
Subject: Re: [reportlab-users] non-hackable pdf files

Mike Dewhirst wrote:
> Is there a way to create pdf files with ReportLab such that the file 
> cannot be hacked?

Amplifying slightly on Robin's reply...

If you want anyone to be able to read the PDF file, there is no robust 
way to protect it.  PDF is an open, published standard and anyone can 
write a PDF Reader (with open source reader software being available); 
and if the software can read enough to display the text on screen, then 
it can be modified to extract the words.

Acrobat supports an 'owner password' which is a convention that PDF 
readers are supposed to respect; if you set the flags to say that text 
cannot be copied, a well written PDF reader should not let someone paste it.

The 'user password' feature is stronger.  You can make a document so 
that it can only be opened by someone with a specific password, and the 
content is actually encrypted.  But once they have it open on the 
screen, the same concerns apply.

Parts of the software industry have been struggling for ages to find 
ways to let users read stuff but not copy it (witness the record 
industry) and have not yet come up with a scheme.  But if you want 
protection against casual abuse by non-techies, the 'owner password' 
supports this.

The security features are available in Acrobat, most PDF creators and 
our own encryption utility; if you are interested in the latter, please 
email me directly with a description of your app and the volumes and 
types of documents you want to use it to encrypt, and we will quote a 
price (as well as letting you try it out for free).  There is no 'list 
price' except as part of our overall suite which is enterprise-priced, 
but we are always happy to work out deals for user group members.

Best Regards,

Andy Robinson

reportlab-users mailing list
reportlab-users at reportlab.com

More information about the reportlab-users mailing list