0

Using itext7 libraries, i am trying to create a read-only pdf with embedded attachments. I am not finding really good examples that show how to disable "save" and "save-as" buttons from the main file menu. Also, I would like to disable "add" and "save" attachments from attachment menu.

Any help/direction with this regard is highly appreciated.

Thanks SGK

SGK
  • 43
  • 3

1 Answers1

1

iText is a library to generate pdf documents. It does not change what a pdf-viewer is capable of doing with the document. Your question about disabling "save" and "save as" is therefore completely out of context for iText.

That's the reason why you didn't find any documentation about it.

You can set a password on the document, which disables easy modification. But you'll never stop good old ctrl+c / ctrl+v.

You can add a digital signature to the PDF (you will find documentation about this). A digital signature will (from a bird's eye view):

  • Calculate a hash of the PDF
  • Use a public/private keypair to sign the hash using your private key
  • Add this information (original hash, signed hash, timestamp)
  • Add information with regards to your public key to the document
  • Add information with regards to the methods (hashing and signing) used

This ensures that if someone modifies the document, other people will know. A program like Adobe will then display a warning stating that the signature is no longer valid (because the content, and thus the hash of the content) has changed.

Strictly speaking this does not prevent anyone from modifying your content, it just ensures a sufficiently adept reader of your document will notice that something is up.

Joris Schellekens
  • 8,483
  • 2
  • 23
  • 54
  • Thanks Joris for your response. I see your point. But is there a way you generate a document and not allow editing of the document for authenticity? – SGK Jul 26 '17 at 15:14
  • 1
    Of course, like I said you can add password protection. But the best thing to do in your case is to digitally sign the pdf document. A digital signature is essentially a signed hashvalue, which is calculated from the document content, a timestamp, (and sometimes other characteristics). By providing a digital signature you are saying 2 things. First, you ensure the recipient knows the person sent it is you (because, like I said, you need a private/public key). Second, you ensure that you only sign the exact content (because the hash value would be different if the content was altered). – Joris Schellekens Jul 26 '17 at 23:32
  • I totally get your point now. Thanks Joris. – SGK Jul 27 '17 at 02:28
  • Then please mark my answer as the accepted answer. Also, all of the things I mentioned are perfectly possible with iText, and are documented in the examples section of our website. – Joris Schellekens Jul 27 '17 at 06:56
  • I very much disagree with this answer. the process of making a pdf read only is done by digitally signing it. and iText is capable of doing that. See this link of what is possible and what not after signing a PDF: https://helpx.adobe.com/africa/acrobat/kb/edit-signed-PDF.html – Gerrie Pretorius Mar 19 '18 at 20:16
  • 1
    You can indeed digitally sign a document. But strictly speaking, this does not prevent modification. It only ensures that the signature breaks upon modification. – Joris Schellekens Mar 20 '18 at 08:57