View Full Version : ePub encryption possible?

03-09-2012, 05:45 PM
Hi, I am new to the forum and will introduce myself properly when I'm not in such a crunch for time. Meanwhile....

I'm using OSX (10.5.8) and CS5 (will soon upgrade to 5.5). My client has an aviation manual that I will be converting from InDesign to an ebook (fixed-layout .epub file, via 5.5 and CircularFlo software) so he can sell either through iBookstore or his own website. But he wants to protect the manual with a key so that only designated buyers---i.e. his trained students----have access to it, and so it can't be easily shared. (Ideally, buyers would only have to use the key once, not every time.) At what stage does such encryption happen (layout? conversion? distribution?). This must be common practice---for military, medical, scientific materials and so on----anyone know where can I learn more about how to do it? This is my first foray into encryption. Thanks!

03-09-2012, 06:02 PM
There has been the same question raised (but about DRM, not encryption) about a couple of weeks ago (let me see if I can find the thread). The short answer is selling with DRM from your own site is extremely expensive because it requires a DRM server and licensing fees for Adobe Content Server.


Here ( you go.

03-09-2012, 07:40 PM
Thanks, osnova, for your reply. I saw those other threads but none quite addressed my issue. As I understand it, DRM helps prevent unauthorized sharing, and happens at the publisher end (iBookstore, for example), but encryption helps prevent unauthorized access and happens, I think, at the creation end. So say my client decided to use iBookstore, his book may be hard to share thanks to DRM, but unless it is encrypted (i.e., opens with a key), then anyone with the iBook app could buy it, and he wants to limit the buyers to only those authorized to read the material (to whom he will provide the key or password). So to clarify my question, I guess I'd say "Does iBookstore support encryption?" and "Is encryption an affordable process for a relatively small project?" If encryption software, like DRM software, costs $10K, then the answer would be no. But perhaps there are those out there who do encryption for individuals, just as Apple aggregators do conversion and DRM for the individual---I just don't know who that would be or what they would be called. It's important to note, too, that this will be a fixed-layout .epub, not the usual flowing-content .epub, as that might make a difference in the answer. Thanks.

03-09-2012, 07:45 PM
Your best bet is to sell it through your site only, and only to known customers. You can not prevent the buyers from sharing the document. If it was possible it would be employed already (aka DRM) but all systems so far have proved uneffective.

Actually the only somewhat effective form of DRM is printing it on paper. All other forms of DRM can be broken in a second with software that can be downloaded for free; paper has to be scanned or photocopied, which takes a lot longer than a second and comes at possible additional cost of material.

03-09-2012, 08:00 PM
The issue with encryption is that the reader app has to be able to decrypt. So you have to use a standard scheme. Since one of the revenue streams for DRM owners is adding DRM for publishers, they don't tend to be interested in inexpensive encryption options.

In principle, the Adobe password-based ePub encryption (most used by Barnes and Noble, but supported on several reading devices and apps) could be reverse engineered and made available to everyone. No one has done this because a) those with the skills needed are more interested in DRM-stripping than DRM-adding, and b) Adobe might sue the authors of the encryption program. I don't know that Adobe would have a case, but that never seems to stop large corporations.

03-10-2012, 05:22 AM
You could encrypt the ePub as any other file (zip with a password, or similar). Then the end user would have to unencrypt it. But once this is done, the unencrypted file can be copied, shared and viewed unrestrictedly...

03-10-2012, 05:44 PM
You could encrypt the ePub as any other file (zip with a password, or similar). Then the end user would have to unencrypt it. But once this is done, the unencrypted file can be copied, shared and viewed unrestrictedly...

But, even if it was encrypted and the person wanted to give it out, all that would need be done is give the key with the copy and there you go.

There is no foolproof method to make this eBook secure.

03-11-2012, 08:30 AM
Unless you use a pair of public-private keys, and encrypt it so that it can only be unencrypted with the other person's private key. Of course, the other person could give the private key to someone else, but it's called "private" for a reason.

03-17-2012, 09:34 AM
B&N uses a DRM method that includes the buyer's credit card number. That is pretty slick, since most buyers wouldn't want to share that.

But encryption and DRM are not foolproof and users will find ways to share if they want to. IMO, your client should think more about his process for selling. For example, if he wants to sell to students, he should make the ebook price part of the class price, which would reduce any incentive to sharing the book. If he wants to charge a really high price for the ebook - which will also lead to the desire to share/borrow - he should reconsider pricing strategy..... people are willing to pay for items if they don't think they are getting ripped off. If he still wants a high price for his work, spllit the book into multiple volumes so the cumulative price gets closer to what he wants.

That's just my 2 cents. Also some food for thought: how much money would JK Rowling have made from ebook versions of the Harry Potter series if she had released them and priced them effectively? I think we all know that people would have bought retail versions of the ebooks..... but since retail versions don't exist, she has not made a cent from them.


Rob Lister
03-17-2012, 10:08 AM
To nutshell it, what the OP wants is really the Holy Grail of DRM. If he invents it, he could certainly make a mint (assuming nobody stole it :) )

Imagine that, a epub encrypted using the very DNA of the buyer. Even then, the evil identical twin would likely pirate it.