0

I am using the following code:

PdfReader reader = new PdfReader("Input.pdf");
PdfStamper stamper = new PdfStamper(reader, new FileOutputStream("Output.pdf"));

stamper.setEncryption("password".getBytes(), "password1".getBytes, PdfWriter.ALLOW_ASSEMBLY, PdfWriter.STANDARD_ENCRYPTION_128);

The property PdfWriter.ALLOW_ASSEMBLY does not change the value of Document Assembly and it still shows as "Not allowed" after output pdf is created.

Rajesh Pandya
  • 1,540
  • 4
  • 18
  • 31
SA10
  • 3
  • 3
  • Do you check using adobe reader or adobe acrobat? – mkl Jul 19 '18 at 12:42
  • I have Adobe Reader. I think maybe this could be the issue but other properties such as ALLOW_PRINTING, ALLOW_FILL_IN etc. were working fine except for Document assembly and Page Extraction. Also, I was not able to find any property matching to Page extraction. – SA10 Jul 19 '18 at 12:45

1 Answers1

2

What encryption permissions are for

First of all, please be aware that permissions given in context with encryption never cause the user to be able to do more than he could do with the unencrypted document, these permissions merely decide how much less a regular document user (i.e. a person opening the PDF with the user password) is allowed to do compared with the document owner (i.e. a person opening the PDF with the owner password). When opening an unencrypted document, always the full owner permissions are assumed.

Thus, in a PDF viewer that does not allow certain operations even to a document owner, setting the matching ALLOW_* flags during encryption does not suddenly make the viewer allow those operations to some user.

This is the case in the example at hand, the Adobe Reader does not allow document assembly on an unencrypted document or a document opened with the owner password. Thus, Adobe Reader doesn't allow document assembly in documents encrypted with ALLOW_ASSEMBLY, either.

What the Document Restrictions Summary shows

The Document Restrictions Summary on the Security tab of the Document Properties in Adobe Reader and Adobe Acrobat don't merely reflect the state of the permissions of the document set during encryption. Instead they are indeed a summary based on numerous inputs not all of which depend on the document itself:

  • the operations the program variant allows by default;
  • additional operations allowed via a usage rights signature in the document; and
  • restrictions introduced by permissions not given during encryption.

E.g. in Adobe Reader your document shows these summarized restrictions for owner and user:

Reader - Owner Reader - User

In Adobe Acrobat your document shows these summarized restrictions for owner and user:

Acrobat - Owner Acrobat - User

Thus, Adobe Reader by default does not allow Document Assembly or Page Extraction. So it does not allow them for your document opened as user, either, in spite of ALLOW_ASSEMBLY.

Adobe Acrobat, on the other hand, by default allows everything. So it does allow Document Assembly fr your document opened as user due to the ALLOW_ASSEMBLY.

Reader-enabled PDFs

As mentioned above, some operations in excess of the operations allowed by the program variant in question by default, can be allowed by means of a usage rights signature. Adobe Reader obviously only accepts usage rights signatures created by special private keys authorized for this by Adobe.

If you e.g. have a sufficient Adobe Acrobat version, you can use it to create such a usage rights signature using the menu item Extend Features in Adobe Reader, other Adobe programs can be used to set other usage rights.

Community
  • 1
  • 1
mkl
  • 90,588
  • 15
  • 125
  • 265
  • Thank you so much for the detailed answer! – SA10 Jul 20 '18 at 09:49
  • For an overview see [this answer](https://stackoverflow.com/a/65021738/1729265). – mkl Nov 26 '20 at 12:05
  • @mkl how is it you know that reader disables assembly by default? I've been troubleshooting this issue wrt writing some PDF validation software, and I've been scratching my head. I suspected this may be the case, but haven't found this fact documented anywhere... – Nathan Chappell Sep 28 '21 at 09:14
  • 1
    @NathanChappell *"how is it you know that reader disables assembly by default?"* - Well, first of all by comparing the screenshots of the permissions in Acrobat Reader and in Full Acrobat for the files in question, see above. And by plausibility checks that also matches, Acrobat Reader is the cut-down Acrobat variant after all, and document assembly here is a very obvious feature to remove in such a cut-down variant. Indeed I have no explicit documentation for that but there is hardly any useful documentation for these kinds of details anyways... – mkl Sep 28 '21 at 09:58
  • @mkl thanks for the quick response and clarification. Cheers. – Nathan Chappell Sep 28 '21 at 10:12
  • 1
    @NathanChappell By the way, that obviously might change in any new Acrobat Reader version. Adobe might decide tomorrow to publish a new Adobe Reader version with a different set features allowed or disallowed. Thus, if you want to display restrictions of the document, too, you should present them without trying to include PDF viewer specific ones, they are too much of a moving target. – mkl Sep 28 '21 at 10:17
  • @NathanChappell If you look into permissions, don't only check what the Reader says, also check what the full Acrobat software says. Where they differ, you cannot expect any third-party library to provide "the correct" value, there obviously is none. Or if there is, it's what you see in the full Acrobat software. Furthermore, the permission values a library gives you will usually only return the encryption restrictions, they will usually not return restrictions or permissions due to the other factors mentioned in the [overview answer](https://stackoverflow.com/a/65021738/1729265). – mkl Sep 28 '21 at 10:49
  • 1
    @NathanChappell Thus: *"detecting permissions is an essential part of this task"* - you should start by clarifying *which permission values* are essential because there are different permission sets and some of them show differently in different viewers because they are viewer-specific. – mkl Sep 28 '21 at 10:52