我可以使用iText将PDF与权限合并 [英] Can I use iText to merge PDF's with Permissions

问题描述

我想将多个PDF文档合并为一个。源文档可以包含由我创建的PDF和由其他组织创建的其他文档。我无法控制附加到我不创建的文档的权限。其中一些文档（非我创建的文档）可能设置了权限。如果文档需要密码才能打开它，我不会尝试合并它。

我正在使用iText 5.5.1（我认为这是最新的）来创建一个PDFCopy对象包含结果文档和循环中每个源PDF的阅读器（我传递要合并的文档列表）。我检查每个文档的页数，然后使用PDFCopy对象导入每个页面，然后将其添加到PDFCopy对象（这两个步骤分开的原因是由于我用来处理java的语言的复杂性对象，IBM iSeries上的RPG）。问题是我可以将读者附加到具有权限的PDF并获取页数，但是一旦我尝试将页面导入到复制对象中，程序就会抱怨并终止，并显示消息PdfReader未使用所有者密码打开。我无法让那些提供其他组织文件的人不保护文件（这是保护原始文件不受更改的非常好的理由）但我需要将这些文件合并为一份。 / p>

我的问题是，我是否可以使用iText将带有权限的PDF复制到新文档中，我可以在不知道所有者密码的情况下进行操作吗？除此之外，我猜其他问题是合法的吗？

谢谢
GarryM

解决方案

简介：可以使用公共证书加密PDF文件。如果您有这样的PDF，则需要相应的私有证书才能解密。可以使用两个密码对PDF文件进行加密：用户密码和所有者密码。如果使用用户密码加密PDF，则至少需要两个密码中的一个才能解密。

假设：我认为只使用所有者密码加密PDF。您可以在PDF查看器中打开这些文档，而无需提供用户密码，这意味着可以访问内容，但根据所设置的权限，存在一些限制。

情况： iText是一个库，允许您以非常低的级别访问PDF，而无需GUI。它可以轻松访问使用所有者密码加密的PDF，但无法检查您是否尊重为PDF定义的权限。为了确保您了解自己的职责，会抛出异常，说 PdfReader未使用所有者密码打开。这通常过于严格：有时您有权汇编一个PDF文件，但是使用iText它全部或全部。您可以打开文件，也可以不打开。 iText不会检查你之后正在做什么。

解决方案：有一个名为的非静态布尔参数默认设置为 false 。您可以这样更改：

  PdfReader.unethicalreading = true; 
  

从现在开始，就好像PDF没有加密一样。

这是合法的吗？这不是很明确，我不是律师，但是：

它当Adobe仍然拥有PDF规范的版权时，以前是非法的。 Adobe在某些条件下授予任何开发者使用该版权的权利。其中一个条件是您没有破解PDF。从PDF中删除密码打破了与Adobe的合同以使用PDF规范，您可能会被起诉。

当Adobe向社区捐赠PDF规范时，这一情况发生了变化为了使其成为ISO标准。现在每个人都可以使用这个国际标准，以上（Adobe因侵犯版权而被起诉的风险）不再存在。

由于ISO标准记录了该机制使用所有者密码进行加密并且很容易使用ISO标准来解密文档而无需使用该密码，从技术角度来看，将所有者密码引入强制权限的概念存在缺陷。这只是一种心理方式，可以阻止人们对你的文件做一些你作为作者不想要的东西。

这就像在荒芜的道路上停车标志。它说：你应该停在这里，但是如果没有人在附近，没有人/没有人会阻止你。

建议的方法：
我的方法是使用 unethicalreading 参数解密PDF，并查看设置的权限。如果权限不允许汇编，我拒绝该文档。我还在生成的PDF上设置了权限，我试图找到尊重原始文档上设置的权限的权限组合。

在某些情况下，它并不难：人们不知道PDF通常是忘记用于加密密码的文档的所有者。在这种情况下，文档所有者的简单许可就足以解密它们。

最后评论：我是原始的开发者iText和我负责介绍不道德的参数。我选择名称 unethicalreading 只是为了确保人们知道他们在做什么。这并不意味着使用该参数总是不道德或非法。

I want to merge several PDF documents into one. The source documents can consist of PDFs created by me and others created by other organisations. I have no control over the permissions attached to documents not created by me. Some of these documents (those not created by me) may have permissions set. If a document requires a password to open it I do not attempt to merge it.

I am using iText 5.5.1 (I think that is the latest) to create a PDFCopy object to contain the resulting document and a reader for each source PDF in a loop (I am passing a list of the documents to be merged). I check each document for the number of pages and then using the PDFCopy object import each page and then add it to the PDFCopy object (the reason these two steps are separate is due to the intricacies of the language I am using to work with the java objects, RPG on an IBM iSeries). The problem is I can attach a reader to a PDF with permissions and get the page count, but as soon as I try to import a page into the copy object the program complains and terminates with the message 'PdfReader not opened with owner password'. I am not able to get the person(s) providing the documents from other organisations to not protect the documents (there a very, very good reasons why the original document is protected from change) but I need to consolidate these documents into one.

My question is, can I copy PDF's with permissions into a new document using iText and can I do it without knowing the owner password? In addition to that I guess the other question would be, is it legal?

Thanks GarryM

解决方案

Introduction: A PDF file can be encrypted using a public certificate. If you have such a PDF, you need the corresponding private certificate to decrypt it. A PDF file can be encrypted using two passwords: a user password and an owner password. If the PDF is encrypted using a user password, you need at least one of the two passwords to decrypt it.

Assumption: I assume that the PDFs are encrypted with nothing but an owner password. You can open these documents in a PDF viewer without having to provide a user password, which means the content can be accessed, but there are some restrictions in place depending on the permissions that are set.

Situation: iText is a library that allows you to access PDFs at a very low level, without a GUI. It can easily access a PDF that is encrypted with nothing but an owner password, but it can't check if you respect the permissions that are defined for the PDF. To make sure that you are aware of your responsibilities, an exception is thrown saying PdfReader not opened with owner password. This is often too strict: sometimes you have the permission to assemble a PDF file, but with iText it's all or nothing. Either you can open the file, or you can't. iText doesn't check what you're doing afterwards.

Solution: There is a static Boolean parameter called unethicalreading that is set to false by default. You can change it like this:

PdfReader.unethicalreading = true;

From now on, it will be as if the PDFs aren't encrypted.

Is this legal? It's not that clear and I am not a lawyer, but:

It used to be illegal when Adobe still owner the copyright on the PDF specification. Adobe granted the right to use that copyright to any developer on certain conditions. One of these conditions was that you didn't "crack" a PDF. Removing the password from a PDF broke your "contract" with Adobe to use the PDF specification and you risked being sued.

This changed when Adobe donated the PDF specification to the community in order to make it an ISO standard. Now every one can use this international standard, and the above (risk of being sued by Adobe for infringing the copyright) no longer exists.

As the ISO standard documents the mechanism of encryption with an owner password and it is very easy to use the ISO standard to decrypt a document without having that password, the concept of introducing an owner password to enforce permissions is flawed from a technical point of view. It's merely a psychological way to prevent people to do something with your document that you, as an author, do not want.

It's like a stop sign on a deserted road. It says: you should stop here, but nobody/nothing is going to stop you if no one is around.

Suggested approach: My approach is to decrypt the PDF using the unethicalreading parameter, and to look at the permissions that are set. If the permissions don't allow assembly, I refuse the document. I also set permissions on the resulting PDF where I try to find the combination of permissions that respect the permissions set on the original documents.

In some cases, it's not that hard: the people don't know the PDFs are often the owners of the documents who forgot the passwords that were used to encrypt them. In that case, simple permission of the owners of the documents is sufficient to decrypt them.

Final remark: I'm the original developer of iText and I'm responsible for introducing the unethicalreading parameter. I've chosen the name unethicalreading only to make sure people are aware of what they are doing. It doesn't mean that using that parameter is always unethical or illegal.

这篇关于我可以使用iText将PDF与权限合并的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！