Making PDFs More Secure in LibreOffice Writer
LO Writer – PDF Security
Depending on your needs, LibreOffice Writer offers varying degrees of security for PDFs.
PDFs date from a less security-conscious era than our own. However, over the years, the PDF format has added security features. Today, if you need security, you have two choices: passwords and permissions for casual security of digital certificates or GNU Privacy Guard (GPG) keys for serious encryption. Both are available from tabs on LibreOffice's PDF Options window when exporting to PDF.
Passwords and Permissions
PDFs have their own system of passwords and permissions, which are available from File | Export As | Export As PDF… | PDF Options | Security (Figure 1). To set them up, begin by entering a password to open the exported file, and a second one to alter the permissions (in other words, how the files can be used). After the second password is entered, three kinds of permissions are available: Printing, Changes, and Contents. Together, options can be as strict as allowing a user only to view the file, as loose as allowing any user to alter the file at will, or something in-between.
Dating from a less security-conscious era, the reasons for these restrictions may seem arbitrary today. For example, why restrict printing to 150dpi, a resolution that is low, but still allows printed pages to be scanned and enhanced? The inability to print in high resolution seems trivial compared to the ability to print at all. Similarly, the combinations of allowable changes seem inconvenient. For instance, while you may not want users to fill in forms, why is there no way to allow comments on forms alone?
In fact, before setting permissions on a PDF file, you might ask if doing so is worth the effort. Over the years, PDFs have been notorious for security weaknesses; unsurprisingly, numerous ways to bypass a password are available. On Windows, proprietary applications like PDFelement or iSumsoft PDF Password Refixer are available for downloading. On Linux, PDFCrack does dictionary-supported brute force attacks to open a password-protected PDF. Easier still, Ghostscript can bypass the password:
gs -q -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sOutputFile=[unencrypted.pdf] -c .setpdfwrite -f [encrypted.pdf]
And these are just the available tools I found in a five minute search. Undoubtedly, other tools are available, no matter what operating system you use. Moreover, once the file is opened, of course, all the carefully set permissions can be altered without any problem.
PDF permissions can be classified as a subset of security through obscurity – the practice of not mentioning security risks and hoping no one notices, which is widely condemned by security experts. Better yet, PDF permissions could be described as security through ignorance, working only so long as users have no idea how wide-open they are to anyone who can do a web search. All they are really useful for is controlling unsophisticated users' behavior. Anyone who really wants to bypass the password and the permissions will find a way to do so.
Digital Certificates and GPG
Two secure alternatives to permissions are available from File | Export As | Export As PDF… | PDF Options | Digital Signatures (Figure 2). These alternatives do not allow you to fine-tune how a PDF file can be used or edited, but they do provide stronger security than permissions. In addition, they guarantee that a sent file is actually from you.
These alternatives are to obtain a digital certificate from a certificate authority or to generate personal keys yourself. Certificates and keys are simply alternative names for the same tool: a passphrase-protected system of encryption. They both consist of a private certificate or key and a public one that the recipient must be sent in order to read the files you send. As the originator, you can use the certificate or key to read your own encrypted files.
Digital certificates are probably best-known in corporate circles. They require interacting with a certificate authority, whose reputation presumably adds weight to the authenticity of the certificate you receive from it. The exact details of using a certificate vary with the certificate authority, your browser, and your version of LibreOffice, but here is a summary of the general steps:
Sign into a free-cost certificate authority site like the Linux Foundation's Let's Encrypt [1] (Figure 3) and follow the steps to generate a certificate.
- Locate the certificate in your web browser's preferences or set up and make it available for files.
- Depending on the version of LibreOffice, you may need to make Writer aware of the certificate using File | Digital Signature | Digital Signatures…, and then restart Writer.
- Add the certificate to the PDF file using File | Export As | Export As PDF … | PDF Options | Digital Signatures, and fill out the required information. Alternatively, use File | Digital Signature to add a certificate to an already generated PDF.
However, using a digital signature can be an involved process. Despite the name, in recent versions of Writer, the Digital Signatures tab also recognizes keys created using a variant of Pretty Good Privacy (PGP), such as GPG. By using GPG, in effect, you sacrifice whatever reassurances using a certificate authority may have for the convenience of doing everything yourself (Figure 4).
If you already used GPG, the process of adding a key to a PDF file is similar to any other use. To generate keys with GPG, run the command:
gpg --full-generate-key
GPG takes you through the five steps in creating keys: adding your name and email, creating a passphrase, choosing the algorithm, setting the key size, and assigning an expiration date. If you are unsure about some of the technical choices, you can always accept the defaults. As a last step, you should create a revocation certificate, which allows you to make the new key invalid if it is ever compromised, with the command:
gpg --armor --output revoke.asc --gen-revoke PUBLIC KEY ID
The key can be selected and details added on the Security tab of the PDF Options window. Once the key is created, you can send out the public key with
gpg --output YOURNAME.gpg --export KEY-EMAIL
or as a protected plain text file with the format:
gpg --armor --output YOURNAME.gpg --export KEY-EMAIL
Again, the key can be selected and details added on the Security tab of the PDF Options window. Recipients of the file can verify it is from you with:
gpg --fingerprint KEY-EMAIL
Then create a decrypted copy of the file with:
gpg --decrypt ENCRYPTED-FILE
The file's text appears in the command line, and an unencrypted version of the file in the same directory as the encrypted file.
Whether you choose a certificate or a GPG key depends on your preferences and convenience. From a security viewpoint, one is generally as secure as another, except that different certificate authorities may default to different levels of encryption.
Choosing the Security Method
Neither passwords and permissions nor certificates and keys are entirely satisfactory on their own. Passwords and permissions have the advantage of controlling access in particular ways, but as security features, they are so weak that in many cases they are pointless.
By contrast, certificates and keys have strong security, but their access is all or nothing – you either have access to the PDF, or you don't. However, their lack of choice is probably preferable in most cases to the lack of acceptable security with passwords and permissions.
Infos
- Let's Encrypt: https://letsencrypt.org/
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.
-
Fedora KDE Approved as an Official Spin
If you prefer the Plasma desktop environment and the Fedora distribution, you're in luck because there's now an official spin that is listed on the same level as the Fedora Workstation edition.
-
New Steam Client Ups the Ante for Linux
The latest release from Steam has some pretty cool tricks up its sleeve.
-
Gnome OS Transitioning Toward a General-Purpose Distro
If you're looking for the perfectly vanilla take on the Gnome desktop, Gnome OS might be for you.