綾小路龍之介の素人思考

[pdf] パスワード保護と解除

pdfには編集を制御するオーナーパスワードと、閲覧を制御するユーザパスワードをかけることができる。パスワードをかけたファイルは暗号化がおこなわれる。

まずは適当な pdf ファイル foo.pdf を生成して、ファイルの情報を見る。pdf ファイルの情報を見るには pdfinfo や qpdf --show-encryption を使う。

$ echo 'Hello world!' | a2ps -o - | ps2pdf - foo.pdf
[stdin (plain): 1 page on 1 sheet]
[Total: 1 page on 1 sheet] sent to the standard output
$ pdfinfo foo.pdf
Title:          stdin
Author:         **********
Creator:        a2ps version 4.14
Producer:       GPL Ghostscript 9.05
CreationDate:   Fri Jul  4 19:38:28 2014
ModDate:        Fri Jul  4 19:38:28 2014
Tagged:         no
Pages:          1
Encrypted:      no
Page size:      612 x 792 pts (letter)
File size:      3091 bytes
Optimized:      no
PDF version:    1.4
$ qpdf --show-encryption foo.pdf
File is not encrypted

印刷や変更などの可否を制御するために、pdf ファイルにはオーナーパスワードをつけることができる。これらの情報を表示するには、オーナーパスワードの無い pdf の場合と同様に pdfinfo や qpdf --show-encryption を使う。

$ pdftk foo.pdf output foo-ownerpw.pdf owner_pw o
$ pdfinfo foo-ownerpw.pdf
Title:          stdin
Author:         ********
Creator:        a2ps version 4.14
Producer:       GPL Ghostscript 9.05
CreationDate:   Fri Jul  4 19:38:28 2014
ModDate:        Fri Jul  4 19:38:28 2014
Tagged:         no
Pages:          1
Encrypted:      yes (print:no copy:no change:no addNotes:no)
Page size:      612 x 792 pts (letter)
File size:      3318 bytes
Optimized:      no
PDF version:    1.4
$ qpdf --show-encryption foo-ownerpw.pdf
R = 3
P = -3904
User password =
extract for accessibility: not allowed
extract for any purpose: not allowed
print low resolution: not allowed
print high resolution: not allowed
modify document assembly: not allowed
modify forms: not allowed
modify annotations: not allowed
modify other: not allowed
modify anything: not allowed

上のように pdftk を使ってオーナーパスワードを設定した場合はユーザパスワードは空文字列になる。

$ pdfcrack foo-ownerpw.pdf
PDF version 1.4
Security Handler: Standard
V: 2
R: 3
P: -3904
Length: 128
Encrypted Metadata: True
FileID: e12488bc3810977cdbe8cde97b90e375
U: e0c395434ba3b925b02d008b58af27d200000000000000000000000000000000
O: 77b8fb098022d3ab34237ea5643c08710ea5123fc5f88bf993a68cca5f12b40f
found user-password: ''
$ pdfcrack -o foo-ownerpw.pdf
PDF version 1.4
Security Handler: Standard
V: 2
R: 3
P: -3904
Length: 128
Encrypted Metadata: True
FileID: e12488bc3810977cdbe8cde97b90e375
U: e0c395434ba3b925b02d008b58af27d200000000000000000000000000000000
O: 77b8fb098022d3ab34237ea5643c08710ea5123fc5f88bf993a68cca5f12b40f
found owner-password: 'o'
found user-password: ''

ファイル内容閲覧の可否を制御するために、pdf ファイルにはユーザパスワードをつけることができる。このようなファイルの詳細を見るには、ユーザパスワードを与える必要がある。これをするためには、以下のようにする。

$ pdftk foo.pdf output foo-userpw.pdf user_pw u
$ pdfinfo foo-userpw.pdf
Error: Incorrect password
$ qpdf --show-encryption foo-userpw.pdf
foo-userpw.pdf: invalid password
$ pdfinfo -upw u foo-userpw.pdf
Title:          stdin
Author:         ********
Creator:        a2ps version 4.14
Producer:       GPL Ghostscript 9.05
CreationDate:   Fri Jul  4 19:38:28 2014
ModDate:        Fri Jul  4 19:38:28 2014
Tagged:         no
Pages:          1
Encrypted:      yes (print:no copy:no change:no addNotes:no)
Page size:      612 x 792 pts (letter)
File size:      3317 bytes
Optimized:      no
PDF version:    1.4
$ qpdf --show-encryption --password=u foo-userpw.pdf
R = 3
P = -3904
User password = u
extract for accessibility: not allowed
extract for any purpose: not allowed
print low resolution: not allowed
print high resolution: not allowed
modify document assembly: not allowed
modify forms: not allowed
modify annotations: not allowed
modify other: not allowed
modify anything: not allowed

上のように pdftk を使った場合はユーザパスワードとオーナーパスワードが同じものになる。

$ pdfcrack foo-userpw.pdf
PDF version 1.4
Security Handler: Standard
V: 2
R: 3
P: -3904
Length: 128
Encrypted Metadata: True
FileID: 6c6a7b4eade4f52384beed616d6500ba
U: 6d87fd2be539a5b3fd60d9cb3bc9ef1300000000000000000000000000000000
O: 2c538c6d5d88f1991de5b3c993e3d4f783bc0e84c2bcf05f5e3449abfe69ffcc
found user-password: 'u'
$ pdfcrack -o foo-userpw.pdf
PDF version 1.4
Security Handler: Standard
V: 2
R: 3
P: -3904
Length: 128
Encrypted Metadata: True
FileID: 6c6a7b4eade4f52384beed616d6500ba
U: 6d87fd2be539a5b3fd60d9cb3bc9ef1300000000000000000000000000000000
O: 2c538c6d5d88f1991de5b3c993e3d4f783bc0e84c2bcf05f5e3449abfe69ffcc
found owner-password: 'u'
found user-password: 'u'

異なるユーザパスワードとオーナーパスワードを設定する場合は両方を明示的に指定する。

$ pdftk foo.pdf output foo-userownerpw.pdf user_pw u owner_pw o
$ pdfinfo -upw u foo-userownerpw.pdf
Title:          stdin
Author:         ********
Creator:        a2ps version 4.14
Producer:       GPL Ghostscript 9.05
CreationDate:   Fri Jul  4 19:38:28 2014
ModDate:        Fri Jul  4 19:38:28 2014
Tagged:         no
Pages:          1
Encrypted:      yes (print:no copy:no change:no addNotes:no)
Page size:      612 x 792 pts (letter)
File size:      3320 bytes
Optimized:      no
PDF version:    1.4
$ pdfinfo -opw o foo-userownerpw.pdf
Title:          stdin
Author:         ********
Creator:        a2ps version 4.14
Producer:       GPL Ghostscript 9.05
CreationDate:   Fri Jul  4 19:38:28 2014
ModDate:        Fri Jul  4 19:38:28 2014
Tagged:         no
Pages:          1
Encrypted:      yes (print:no copy:no change:no addNotes:no)
Page size:      612 x 792 pts (letter)
File size:      3320 bytes
Optimized:      no
PDF version:    1.4
$ qpdf --show-encryption --password=u foo-userownerpw.pdf
R = 3
P = -3904
User password = u
extract for accessibility: not allowed
extract for any purpose: not allowed
print low resolution: not allowed
print high resolution: not allowed
modify document assembly: not allowed
modify forms: not allowed
modify annotations: not allowed
modify other: not allowed
modify anything: not allowed
$ qpdf --show-encryption --password=o foo-userownerpw.pdf
R = 3
P = -3904
User password = u
extract for accessibility: not allowed
extract for any purpose: not allowed
print low resolution: not allowed
print high resolution: not allowed
modify document assembly: not allowed
modify forms: not allowed
modify annotations: not allowed
modify other: not allowed
modify anything: not allowed
$ pdfcrack foo-userownerpw.pdf
PDF version 1.4
Security Handler: Standard
V: 2
R: 3
P: -3904
Length: 128
Encrypted Metadata: True
FileID: 54bc213f42cea08c4576012783069c0b
U: 2ef76bd2a3733a52f5e2f73ae8e9dfd700000000000000000000000000000000
O: 2a2f0a1990192c60114730bdcd39f37828a53c89a340dd473c85299dc5258e1c
found user-password: 'u'
$ pdfcrack -o foo-userownerpw.pdf
PDF version 1.4
Security Handler: Standard
V: 2
R: 3
P: -3904
Length: 128
Encrypted Metadata: True
FileID: 54bc213f42cea08c4576012783069c0b
U: 2ef76bd2a3733a52f5e2f73ae8e9dfd700000000000000000000000000000000
O: 2a2f0a1990192c60114730bdcd39f37828a53c89a340dd473c85299dc5258e1c
found owner-password: 'o'
found user-password: 'u'

pdftkでパスワードを入れる場合はinput_pwを使う。

$ pdftk foo-userownerpw.pdf input_pw o output foo-.pdf
$ pdftk foo-userownerpw.pdf input_pw u output foo-.pdf
WARNING: The creator of the input PDF:
   foo-userownerpw.pdf
   has set an owner password (which is not required to handle this PDF).
   You did not supply this password. Please respect any copyright.

リファレンス

  1. Remove passwords from PDF files | At The Core
  2. Does PDFTK respect PDF security flags? - Super User
  3. PDFの標準セキュリティ機能
  4. QPDF Manual
  5. Linux / FreeBSD: PDFCrack A Command Line Password Recovery Tool For PDF Files - nixCraft
  6. pdftk で切出したらOWNER PASSWORD REQUIRED - それマグで!
  7. HowTo: Linux Remove a PDF File Password Using Command Line Options
  8. linux - Remove the last page of a pdf file using PDFTK? - Stack Overflow
  9. #531529 - pdftk needs owner password to handle DRM'd PDFs - Debian Bug report logs
  10. PDFtk Version History
  11. pdftk and qpdf to reset PDF commenting security - Stack Overflow

ソーシャルブックマーク

  1. はてなブックマーク
  2. Google Bookmarks
  3. del.icio.us

ChangeLog

  1. Posted: 2008-12-13T21:06:43+09:00
  2. Modified: 2008-12-13T21:06:43+09:00
  3. Generated: 2017-01-21T23:09:22+09:00