Thread: Can somebody make a tool to inject Information into a PDF?
View Single Post
Old 07-10-2006, 04:26 AM   #5
ath
Addict
ath doesn't litterath doesn't litter
 
Posts: 222
Karma: 110
Join Date: Jun 2006
Location: Malmo, Sweden
Device: iLiad, Sony PRS-505, Kindle Paperwhite & Oasis
Quote:
Originally Posted by CommanderROR
You make a PDF, make it simple, reflowable but otherwise standard so it can be used with as many PDF viewers as possible. You put a password on it for edit protection so that nobody can extract text or change the contents.

You then add a page that contains the "Owner Information". Let's say Name and Address.

Would it be possible to automate a process like that?
Possible, but impractical. It seems useless to first add DRM, then remove it in order to add a page, and then add it back in again: you need to keep track of the first password. If it's just a dummy password, it will be less safe, but if it's a good password, further password management is required. Simpler to keep the unprotected document, do the 'add extra page, and finish off with encryption', as that means you don't have to keep the original password around: instead you can use a truly random password for the encryption, which you don't keep any record of. Possibly less safe, but simpler.

Quote:
Wouldn't a "DRM" model like this disencourage casual piracy (who wants to put their name and address up on a p2p network???) while still making files compatible and easy to keep and to use?
Depends. If you add that page in the wrong place, it may not be seen, and so have minimal impact. You really want the PDF file to open on that page, and that means altering the document configuration. A better approach would be, I think, to design the cover page so that it incorporates the owner's name, or, perhaps, the page header or footer to do so. That means that the document has to be designed, however, so that this information can be added in some document specific way -- probably as a special object with known contents that is replaced.

If tracing was the only purpose, it would perhaps be enough to add one or more custom document properties, or perhaps an embedded file, with the identity, though I'm not 100% certain yet if it can be done so that it cannot be removed without passing the encryption barrier. (It is possible to remove some things from an encrypted document: it just means that Reader will warn that the document has been changed. That's clearly not useful for this information -- removal must be very difficult.)

However, for best protection 1.5 or later should be used, as it includes encrypted object streams, along with the longer-than-40-bit keys from 1.4 -- but that lessens the portability of the document. The tradeoff need to be considered carefully.
ath is offline   Reply With Quote