Choosing a security method for PDFs

Note:

For a full list of articles about security, see Overview of security in Acrobat and PDF content.

By adding security to documents, you can limit viewing, editing, printing, and other options to only the specified users.

Choosing which type of security to use

Security features range from relatively simple measures to sophisticated systems adopted by corporations and agencies. Which feature you choose depends on what you want to achieve. Here are some examples:

  • You want only certain people to view your PDF. The easiest solution is to add a password to the PDF and send it to your intended recipients. (See Add password security.)

  • You don’t want anyone to print or edit your PDF. You can block printing and editing from the same dialog box that you use to add a password. (See Add password security.)

  • You want to assure your recipients that the PDF is really from you. The best way is to purchase a digital ID from a certificate authority. Alternatively, you can create a self-signed digital ID if you are communicating with a group that you trust. (See About digital IDs and Securing documents with certificates.)

  • You want an organization-wide security solution for PDFs. You can devise a solution specifically for a company handling sensitive data. Some organizations use Adobe LiveCycle Rights Management ES to apply a policy to documents. The policy contains the list of recipients and their individual set of permissions. Individuals can use a policy to apply the same security settings to numerous documents. (See Securing documents with Adobe LiveCycle Rights Management ES.)

Security policies

A security policy enforces systematic constraints on information flow and exchange within an organization. You can use Adobe LiveCycleRights Management ES to apply a policy to documents without the need for digital signatures and certificates. If you often apply the same security settings to PDFs, consider creating a security policy to simplify your workflow. Different policies are useful for accommodating different requirements.

Envelope policy

You can secure multiple documents by embedding them in a PDF envelope. You can encrypt envelopes to prevent unauthorized users from accessing the contents and certify them to provide proof of origin. Authorized recipients can open the envelope and extract the files to view them.

LiveCycle Rights Management ES policy

Adobe LiveCycleRights Management ES policies are stored on a server, and users must have access to the server to use them. Creating these policies requires specifying the document recipients from a list on Adobe LiveCycleRights Management ES.

Password and certificate policies

Save your password or certificate settings and reuse them to encrypt PDFs without setting up the password or certificate for each instance.

Note:

If you apply security settings to a PDF Portfolio in Acrobat Pro, including the component documents, you can automate the steps by using Action Wizard (Choose Tools > Action Wizard).

Protection required:

Action:

Require a password to open a PDF, or copy or print its contents

Choose Tools > Protect > More Options > Encrypt with Password. For a PDF Portfolio, choose View > Portfolio > Cover Sheet. Then choose Tools > Protect > More Options > Encrypt With Password.

If your company is signed up, you can also use Adobe LiveCycle Rights Management ES to secure documents.

When you use Action Wizard to apply security to PDF Portfolios in Acrobat Pro, the child documents are secured, but the cover sheet is not.

Indicate that you approve of the PDF content

Sign and certify the PDF. You must obtain a digital ID to add digital signatures. Buy a digital ID (see the Adobe website for security partners) or create a self-signed one. See Create a self-signed digital ID.

For Asian languages, you can add an approval stamp.

Prevent forms from being tampered with

Use LiveCycle Designer to secure forms and create locking signature fields. See the Adobe LiveCycle Designer Help.

Send secure file attachments via email

Use security envelopes. (Tools > Protect > More Options > Create Security Envelope.

Allow only the people you specify to view a PDF

Choose Tools > Protect > More Options > Encrypt With Certificate, or apply security using Adobe LiveCycleRights Management ES. You must have certificates for users who can view the documents.

Additional resources

For more information on using security features, see these resources:

Choosing security methods within FIPS mode (Windows)

Acrobat and Reader provide a FIPS mode to restrict data protection to Federal Information Processing Standard (FIPS). FIPS mode uses FIPS 140-2 approved algorithms using the RSA BSAFE Crypto-C Micro Edition (ME) 3.0.0.1 cryptographic module.

The following security options are not available in FIPS mode:

  • Applying password-based security policies to documents. You can use public key certificates or Adobe LiveCycleRights Management ES to secure the document. However, you cannot use password encryption to secure the document.

  • Creating self-signed certificates. To create a self-signed digital ID, it must be saved to the Windows certificate store. You cannot create a self-signed digital ID that is saved to a file.

  • RC4 encryption. A PDF file can only be encrypted by using the AES encryption algorithm when in FIPS mode.

  • MD5 or RIPEMD160 digest methods. In FIPS mode, only the SHA-1 and SHA-2 families of digest algorithms can be used when creating a digital signature.

In FIPS mode, you can open and view documents that are protected with algorithms that are not FIPS compliant. However, you can’t save any changes to the document using password security. To apply security policies to the document, use either public key certificates or Adobe LiveCycleRights Management ES.

FIPS mode is configured in the Windows registry by a system administrator. For more information, see the Digital Signatures Guide.

Get help faster and easier

New user?