Previous topic |
Next topic |
Contents |
Index |
Contact z/OS |
Library |
PDF
![]() Encrypting PDF documents IBM Print Transforms from AFP for Infoprint Server for z/OS G325-2634-02 |
|
Encrypting PDF documentsThe AFP to PDF transform can encrypt PDF documents. Encrypting PDF documents provides enhanced security for sensitive documents. In addition, the transform can associate user and owner passwords with encrypted PDF documents to prevent unauthorized access, and it can restrict copying, updating, and printing of encrypted PDF documents. For example, a nurse could use the transform to encrypt a patient's test results and send them to the doctor in a PDF document that only the doctor can open and print. Encryption methodsYou can use either or both of these methods to encrypt PDF documents:
Specifying user and owner passwordsFor security reasons, job submitters cannot specify user and owner passwords during job submission, and administrators cannot specify passwords in printer definitions. Instead, job submitters and administrators specify user and owner identifiers. The administrator can decide what identifiers to use. For example, identifiers can be z/OS® user IDs, email addresses, or a combination of different types of identifiers. Identifiers can contain any combination of 1-256 letters, numbers, blanks, and special characters. The administrator must write a Password exit that returns a password to the transform for each user and owner identifier. The Password exit can obtain these passwords from a password database. The password database can be in any format that your Password exit can use. For information, see Writing a Password exit. Job submitters can specify user and owner identifiers in job attributes pdf-user-identifier and pdf-owner-identifier. For example, you can specify this afpxpdf command:
As an alternative, the administrator can specify user and owner identifiers in printer definitions. For an example, see Example -- ISPF Processing panel for the AFP to PDF transform. Restricting actionsWhen you encrypt PDF documents with or without passwords, you can restrict copying, updating, and printing in the PDF documents. Adobe Reader does not permit users to do the restricted actions when they open the PDF document. However, users who open the PDF document with the owner password bypass restrictions. In Adobe Reader, actions that are restricted are not available. For example, if you restrict printing, the Adobe Reader "Print" menu action is not available. To fully understand what menu actions Adobe Reader makes not available when you restrict an action, open the PDF document that the transform creates and check what actions Adobe Reader has made not available. PDF viewers other than Adobe Reader might interpret restricted actions in different ways. You can restrict slightly different sets of actions when you encrypt documents with and without passwords. In addition, the way you specify restricted actions differs. Encrypting with passwordsWhen you encrypt PDF documents with passwords, job submitters can specify the restricted actions in the pdf-protect job attribute. For example, you can specify this afpxpdf command:
For information about the pdf-protect job attribute, see Job attributes for encrypting PDF documents. As an alternative, the administrator can specify restricted actions in printer definitions. For an example, see Example -- ISPF Processing panel for the AFP to PDF transform. The transform clears these bits in the encryption dictionary's P entry for each restricted action, depending on whether you select a high (128-bit) or low (40-bit) level of encryption:
For more information about bits in the encryption dictionary, see the Adobe PDF Reference, which is available on the Adobe website (www.adobe.com). Encrypting without passwordsWhen you encrypt PDF documents without passwords, the administrator must specify restricted actions in the AOP_PROTECT environment variable in the transform configuration file. For example, the administrator could create a transform class called "nomodify" that restricts users from modifying the PDF documents. To do this, the administrator would specify this environment variable for the transform class:
For information about the AOP_PROTECT environment variable, see Environment variables for the AFP to PDF transform. When you encrypt PDF documents without passwords, job submitters cannot specify restricted actions. However, job submitters can submit transform jobs to the transform class that has the restrictions they want. For example, you can specify this afpxpdf command:
As an alternative, the administrator can specify a transform class that restricts actions in printer definitions. The transform clears these bits in the encryption dictionary's P entry for each restricted action: For more information about bits in the encryption dictionary, see the Adobe PDF Reference, which is available on the Adobe website (www.adobe.com). ![]() ![]() ![]() |
![]() |