Encryption & Permissions Enquiry
Printed From: www.exp-systems.com
Category: PDF reDirect
Forum Name: Using PDF reDirect
Forum Discription: Questions and Comments on using PDF reDirect Freeware and Pro
URL: http://www.exp-systems.com/Forum_exp/forum_posts.asp?TID=422
Printed Date: 21 Nov 24 at 7:29PM
Topic: Encryption & Permissions Enquiry
Posted By: _writer
Subject: Encryption & Permissions Enquiry
Date Posted: 30 May 08 at 12:16AM
Hi Everyone,
Congratulations to the makers of PDFDirect for still supporting Windows 98 SE. (If it makes any difference, its one of the reasons I decided to install and test PDFDirect).
I'm a writer from England, researching how encryption works in ebook creation programs like PDFDirect. Basically, I'm wondering if PDFDirect Free or Pro Versions can create encrypted PDF ebooks suitable for mass-distribution via a website.
It looks like the free version of PDFDirect uses a 40bit key- which means my ebook readers will need a password from me to access the ebook they downloaded. (I think thats right?)
But can I set the permissions on these ebooks, so pirate copiers cannot resell, mass distribute an ebook that took me a year to write? I've been trying to find-out the best ways to stop that happening, but cant find any clear answers online to date. (The whole business of digital signatures, DRM (digital rights management) and encryption seems complicated and unclear to me).
Maybe members here had/or are having the same problems? Would be great to get some feedback and many thanks for providing this forum. Its a great idea for anyone new to PDF (Ebook) making.
Kind Regards, _writer.
PS: I did a search on the forum before I posted this, by the way. There only appears to be one post that mentions "encryption", but it did not relate to my specific enquiry.
|
Replies:
Posted By: Michel_K17
Date Posted: 04 Jun 08 at 10:41PM
Hi,
Thanks. Please keep in mind that Windows 98 support is being dropped at the next version. Sorry.
With respect to encryption, you have hit upon one of the most difficult problems to solve, one that Adobe themselves tried to address 9 years ago, and gave up after a year (It was a system called "Secure PDF" in 1999. See http://www.pcworld.com/article/id,12579-page,1/article.html - here for details).
So, let's go back to basic PDF File encryption: Today, the 40 bit encryption is no longer very effective. A decently fast computer can run a password guessing utility and can "guess" (via brute force trial and error) in a few hours.
128 bit compression is by far much better. A complex password would take in excess of a year of continuous computing to get there (assuming a complex password is used).
So, a pirate could redistribute your PDF, and sell it, but only if they figure out what is the password. But all they would have to do is purchase from you one copy of your PDF in order to get the password, and then re-distribute the PDF and password together.
However, there are web sites that tries to prevent this kind of foul play. Check out http://www.file-secure.com - www.file-secure.com . There are other systems like it, and I do not endorse any of them, having no experience with them. I believe that they use the web to ensure that they can control who reads the PDF, and when. However, because it is a service they offer, you will need to pay to get the benefit.
So my recommendation is to troll the internet, find those kinds of services, and hopefully you can find something that fits your needs.
Best of luck!
------------- Michel Korwin-Szymanowski
EXP Systems LLC
|
Posted By: _writer
Date Posted: 06 Jun 08 at 10:27PM
Hi Michel,
Thanks for such an informative answer I'm writing this follow-up so you know I'm revisiting this excellent forum on a regular basis.
Windows 98 Support:
I realise I'm an "o/s dino" still using Windows 98. (Although, personally I find Win98 easy to maintain and use). Realistically, I understand why software makers cannot "code" for an o/s now 10 years old. Personally, I prefer software archives provided by some manufacturers that have all their versions listed/downloadable. (Maybe an advantage, since a manufacturer will obtain more customers that way?) Although, one cannot expect support for outdated versions for too long.
PDF Encryption:
Looks like 128 bit encryption is the best direct protection an ebook author can hope to achieve. (I'd heard about the "brute force" decrypters around, but did not know how they applied to ebooks. Thanks for this vital update).
There is a public-private encryption system I've read about (On Wiki I think) when one "key" remains "secret", while another key is published openly for customers, but again, how this key protection system applys to ebooks is anyone's guess.
Since pirates will be bundling passwords with an ebook, a two-key system or web-based id/licence system seems the only workable solution. If PDF Direct can be used in a public-private two key system, I'd be pleased to know ! Its sad Adobe dropped "Secure PDF"- Would be interesting to find out why in detail.
Securing Ebooks Via The Web:
I'll be sure to check out "file-secure" - If it helps other members here, I researched web technologies such as digital signatures, digital "seals" and digital id tags that offer more protection for commerically distributed ebooks- although its still unclear to me how these systems are applied to PDF documents effectively.
It's likely these kinds of "digital sig" technologies will be what file-secure and other companies offer. (Although, again, I'll have to research this carefully because it seems either an area of business companies deem sensitive, or possibly its just highly specialised).
Kind Regards, _writer.
|
Posted By: Michel_K17
Date Posted: 09 Jun 08 at 10:51PM
Hi!
Thanks for the update.
I believe that you will find that digital signatures provides no additional protection. It does use the two-key system, but that system only allows to verify the identity of the original author. However, that is about it, and will not provide any additional level of protection to the PDF file with respect to distribution (as far as I know).
However, if you do find a way around the distribution dilemna, or you find a service that works well for you, please let me (and everyone else) know what you found as it may help all of us at some point in the future.
Cheers!
------------- Michel Korwin-Szymanowski
EXP Systems LLC
|
Posted By: _writer
Date Posted: 10 Jun 08 at 1:32PM
Hi Michel,
Appreciate your thoughts on "digital signatures" - From what I can tell, author verification using a two-key system gives ebook buyers some assurity they arent receiving a low-grade pirated copy. (personally, I think thats a big selling point, since there are so many poor-quality pdf files floating 'round !)
Most of my research is leading to the conclusion I need to do a Test PDF Ebook, then see how easy it would be for a pirate to copy
I've got a website (non commerical) where I post articles on PDF Optimization and Security, but I'm not sure I can post a link to my web-blog here, so I wont without the Forum Owner's permission.
The Distribution Dilemma
"Dilemma" is right, if links to a downloadable pdf arent hidden in some way, most pirates can find the link and download a pdf in minutes! I guess if the pdf is encrypted with a 128bit key, it wont be worth the pirate's efforts.
Anyway, I sure will post back on a secure distribution method, once I've tested one that seems "pirate proof". Will I succeed where Adobe failed? That feels like an exciting prospect. . .
Kind Regards, _writer
|
|