Our encrypted PDF got hacked

We are encrypting our PDF with the following iText code. However, someone was able to edit our pdf (I am not sure how).

pdfWriter.setEncryption(null, null, PdfWriter.ALLOW_SCREENREADERS
    | PdfWriter.ALLOW_COPY | PdfWriter.ALLOW_PRINTING,
    PdfWriter.ENCRYPTION_AES_128);

Is there a better way for us to secure the pdf to prevent this?开发者_JAVA技巧

PDF Encryption and restriction of information relies purely on the goodwill of the authors of the viewer software to enforce that restriction.

Generally speaking, every application that has enough information to display the PDF has enough information to print the PDF, there's nothing really you can do about it.

Since there are plenty of open-source PDF viewers out there, it's very easy to produce a viewer that simply ignores those restrictions.

See this explanation of the PDF encryption mechanism for more detail.

If your PDF is encrypted using 128 bits AES, then it is safe from someone that would not know the key, the most plausible explanation is that someone has had access to the key.

You may think about signing the PDF using RSA, that is a good way to make sure it has not been compromised.

Encryption which prevents the viewing of a pdf works if the password is long enough.

The DRM features which allow viewing but disable other features such as printing, editing,... only work if the reader co-operates. The user can use a hacked or third party reader to circumvent such restrictions.

Add a user password. It's the only one that really matters. As you have no doubt gathered from the other answers, the owner password is a bit of a joke.

The USER password is strong crypto... up to 256-bit AES IIRC, though the original PDF crypto spec only allowed for 40-bit encryption due to US export restrictions. Anything stronger than 40-bit was considered a "munition". Goofy laws.

The OWNER password is not, it's more courtesy than anything else. PDF libraries try to support it to one degree or another, but open source PDF libraries are a quick code change away from being "pdf crackers".

A blank user password means "use the predefined string of bytes listed in the PDF Specification that anyone can download". The contents of the PDF are still encrypted, but everyone knows the password, so it doesn't do you much good. PDF viewers/libraries substitute this string of bytes when given no password.

PS:

When calling setEncryption:

• a null open password means "a blank password" as I described above
• a null owner password means "generate a random one for me".

A random owner password means "no one can legitimately modify the PDF".. but that does not mean "no one can modify the PDF".