On 08/22/2011 04:32 PM, Jay R. Worthington wrote: > Hi y'all, > > the original Adobe Reader supports a lot of DRM functions like different > passwords for printing/low-res/cut'n'paste, and, at least with their > big'n'honkin' Enterprise solutions, time-limited documents that cannot be > opened after a date. > > I've been searching for hours and hours, but i could not find any evidence > that this is possible with the PDF Standard. Does anyone know if the pdf > library in djigzo does support any of these features (beyond the already > implemented encryption)...? > > Personally i'm looking for the timebombing-function to send CV's when i'm > applying for a new job, and i don't like the idea that my CV is circling the > int[er|ra]nets 'til the end of time. > > I could image three ways this could work: > > - Simply check the time of the computer (yes, easy to circumvent; but most > HR-People i've met would not even be able to do that ;)) > - Check the time of a certified timeserver > - Get a needed decryption-key from a (djigzo-) web-server, which could be > disabled after a timeperiod (yeah, that would not be a simple feature, but > it would be cool, it would be possible to track if/when/how often a > document/mail was opened, revoke that right at any time, potentially chance > permissions like print/no print on the fly etc) > > Any ideas if something like this is possible with "official" pdf commands, > or, if not, if it could be implemented with javascript inside the pdf...?
The PDF standard allows you to specify certain permissions: allowPrinting, allowModifyContents, allowCopy, allowModifyAnnotations, allowFillIn, allowScreenReaders, allowAssembly, allowDegradedPrinting It's however up to the PDF reader whether or not the PDF reader enforces these permissions. From a security viewpoint it's therefore questionable whether these permissions are of any help since it's probably easy to find a PDF reader that does not enforce these permissions. I will check whether it is possible to set the permissions for the generated PDF. > - Simply check the time of the computer (yes, easy to circumvent; but most > HR-People i've met would not even be able to do that ;)) > - Check the time of a certified timeserver > - Get a needed decryption-key from a (djigzo-) web-server, which could be > disabled after a timeperiod (yeah, that would not be a simple feature, but > it would be cool, it would be possible to track if/when/how often a > document/mail was opened, revoke that right at any time, potentially chance > permissions like print/no print on the fly etc) The problem is that AFAIK for DRM a paid version of Adobe Acrobat is required and this is not supported by most (all?) other non-Adobe PDF readers. So, to do PDF DRM 'correctly' requires some DRM'ified PDF reader. It might be possible to use Javascript but it wouldn't surprise me if most enterprise users have disabled Javascript due to security reasons. Kind regards, Martijn Brinkers -- Djigzo open source email encryption _______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
