Should you use passwords or certificates to keep sensitive and private business documents from getting out or being used wrongly, or is there a better way?
When encrypting a PDF file, you can choose between password and certificate encryption. Here, we discuss options and a third, safer way to encrypt PDF files that use licensing controls and transparent key management.
Selecting the appropriate PDF security for your organization
Whether you choose one way to protect PDF files over another depends on why you need to protect them in the first place. The content could be sensitive or secret in business, like trade secrets or intellectual property, or it could be personal information that must comply with laws like HIPAA or GDPR.
You may need to share documents securely within your organization or want to share documents securely with people outside of your organization. Or maybe you sell things like ebooks, training courses, or reports that bring in money and want to ensure they can't be easily copied and stolen.
No matter why you want to encrypt PDF files, you should ensure that your method can't be easily bypassed or removed.
How does encryption for PDF files work?
When you use a password or a certificate to encrypt a PDF, this is used to protect the random key that is made and used to encrypt the PDF. So, if you choose AES 256-bit encryption, a 32-character random key is used to encrypt the PDF, and the password or certificate is used to keep that key from being easily found.
Once the PDF is encrypted (the encryption algorithm scrambles the document's contents), only the correct password (the one used to encrypt the PDF) or the correct private key (in the case of certificate encryption) will decrypt the contents and allow access.
Using passwords to encrypt PDF files
All PDF editing software lets you put a password on a PDF to make it more secure. It is part of the conventional PDF and is easy to use in PDF programs because it is part of the standard. You can also free encrypt PDF files with a password on many sites that protect PDFs.
Using Adobe Acrobat to put a password on a PDF file
Is PDF encryption with a password safe?
So password protection might be an easy way to encrypt PDF files, and you don't have to deal with a complicated registration process as you do with certificates, but it's not very useful.
If you still require a password to encrypt a PDF, follow the rules for choosing a strong password to protect PDF files so you can easily make one that can't be brute-forced.
How to Encrypt a PDF Certificate
You can also use certificate encryption instead of a password to protect a PDF.
PKI includes certificates (Public Key Infrastructure). PKI is a way to find out who made an encrypted file and who the public identity of the recipient is without making it easy to use that information to break into the system.
A user's public key and knowledge about when it was made, when it will expire, and what it can be used for are stored on a certificate. Certificates can be signed by a Certificate Authority (CA), which verifies the user, or the user can sign them. If the certificate is self-signed, it is up to you to trust that it belongs to the right person. Most organizations make their certificates unless they want to use them to talk to third parties securely.
When you use an app to make a key pair, you'll get a certificate with your public key and a private key that you should keep to yourself. You can decrypt the information and sign files digitally with the private key.