Commit 53930d96d0fc6e762225d38241d93fcf7b4affd9
1 parent
2794bfb1
Add some clarification to encryption in the manual
Per user suggestion in issue 351.
Showing
1 changed file
with
32 additions
and
0 deletions
manual/qpdf-manual.xml
| ... | ... | @@ -3490,6 +3490,38 @@ outfile.pdf</option> |
| 3490 | 3490 | The only exception to this is that clear-text metadata will be |
| 3491 | 3491 | preserved as clear-text if it is that way in the original file. |
| 3492 | 3492 | </para> |
| 3493 | + <para> | |
| 3494 | + One point of confusion some people have about encrypted PDF files | |
| 3495 | + is that encryption is not the same as password protection. | |
| 3496 | + Password protected files are always encrypted, but it is also | |
| 3497 | + possible to create encrypted files that do not have passwords. | |
| 3498 | + Internally, such files use the empty string as a password, and | |
| 3499 | + most readers try the empty string first to see if it works and | |
| 3500 | + prompt for a password only if the empty string doesn't work. | |
| 3501 | + Normally such files have an empty user password and a non-empty | |
| 3502 | + owner password. In that way, if the file is opened by an ordinary | |
| 3503 | + reader without specification of password, the restrictions | |
| 3504 | + specified in the encryption dictionary can be enforced. Most users | |
| 3505 | + wouldn't even realize such a file was encrypted. Since qpdf always | |
| 3506 | + ignores the restrictions (except for the purpose of reporting what | |
| 3507 | + they are), qpdf doesn't care which password you use. QPDF will | |
| 3508 | + allow you to create PDF files with non-empty user passwords and | |
| 3509 | + empty owner passwords. Some readers will require a password when | |
| 3510 | + you open these files, and others will open the files without a | |
| 3511 | + password and not enforce restrictions. Having a non-empty user | |
| 3512 | + password and an empty owner password doesn't really make sense | |
| 3513 | + because it would mean that opening the file with the user password | |
| 3514 | + would be more restrictive than not supplying a password at all. | |
| 3515 | + QPDF also allows you to create PDF files with the same password as | |
| 3516 | + both the user and owner password. Some readers will not ever allow | |
| 3517 | + such files to be accessed without restrictions because they never | |
| 3518 | + try the password as the owner password if it works as the user | |
| 3519 | + password. Nonetheless, one of the powerful aspects of qpdf is that | |
| 3520 | + it allows you to finely specify the way encrypted files are | |
| 3521 | + created, even if the results are not useful to some readers. One | |
| 3522 | + use case for this would be for testing a PDF reader to ensure that | |
| 3523 | + it handles odd configurations of input files. | |
| 3524 | + </para> | |
| 3493 | 3525 | </sect1> |
| 3494 | 3526 | <sect1 id="ref.random-numbers"> |
| 3495 | 3527 | <title>Random Number Generation</title> | ... | ... |