How to Add the Decrypt PDF Context Menu Item?

Make sure you have downloaded pdftk.
Follow all the steps in the previous post, except name the action Decrypt and replace the cmd.exe arguments in step 4 with:

C:\windows\system32\cmd.exe

/C C:\windows\system32\pdftk.exe "%1" input_pw PROMPT

output "%1.decrypted.pdf"

How to Add the Encrypt PDF Context Menu Item?

Make sure you have downloaded pdftk

Windows XP and Windows 2000:

1. In the Windows File Explorer menu, select Tools > Folder Options . . . and click the File Types tab. Select the PDF file type and click the Advanced button.
2. Click the New . . . button and a New Action dialog appears. Give the new action the name Encrypt.
3. Give the action an application to open by clicking the Browse . . . button and selecting cmd.exe, which lives somewhere such as C:\windows\system32\ (Windows XP) or C:\winnt\system32\ (Windows 2000).
4. Add these arguments after cmd.exe, changing the path to suit, like so:

C:\windows\system32\cmd.exe

/C C:\windows\system32\pdftk.exe "%1" output "%1.encrypted.pdf"

encrypt_128bits user_pw PROMPT


5. Click OK, OK, OK and you should be done with the configuration.

PDF Encryption with pdftk

You can encrypt any PDF created with pdftk by simply adding encryption parameters after the output filename, like so:

... output

\
[encrypt_40bit | encrypt_128bit] [allow ] \
[owner_pw ] [user_pw ]

Here are the details:

[encrypt_40bit | encrypt_128bit]
Specify an encryption strength. If this strength is not given along with other encryption parameters, it defaults to encrypt_128bit.

[allow ]
List the permissions to grant users. If this section is omitted, no permissions are granted. See Tables Table 5-1 and Table 5-2 for a complete list of available permissions.

[owner_pw ]
Use this combination to set the owner password. It can be omitted; in which case no owner password is set.

[user_pw ]
Use this parameter to set the user password. It can be omitted; in which case no user password is set.

Adding these parameters yields :

pdftk A=in1.pdf B=in2.pdf C=in3.pdf \
cat A1 B1-end C5 output out.pdf \
encrypt_128bit allow CopyContents Printing \
owner_pw ownpass

Standard Security Permissions

Set the user password if you don't want people to see your PDF. If they don't have the user password, it simply won't open.

You also have some control over what people can do with your document once they have it open. The permissions associated with 128-bit security (Acrobat 5 and 6) are more precise than those associated with 40-bit security (Acrobat 3 and 4). Tables Table 1 and Table 2 list all available permissions for each security model.

Table 1. Permissions available under 40-bit security

To allow readers to . . .	Apply this pdftk permission
Print—pages are top quality	Printing
Modify page or document contents,insert or remove pages, rotate pages or add bookmarks	ModifyContents
Copy text and graphics from pages, extract text and graphics data for use by accessibility devices	CopyContents
Change or add annotations or fill form fields with data	ModifyAnnotations
Reconfigure or add form fields	ModifyContents and ModifyAnnotations
All of the above	AllFeatures

2. Permissions available under 128-bit security

To allow readers to . . .	Apply this pdftk permission
Print—pages are top quality	Printing
Print—pages are of lower quality	DegradedPrinting
Modify page or document contents, insert or remove pages, rotate pages or add bookmarks	ModifyContents
Insert or remove pages, rotate pages or add bookmarks	Assembly
Copy text and graphics from pages	CopyContents
Extract text and graphics data for use by accessibility devices	ScreenReaders
Change or add annotations or fill form fields with data	ModifyAnnotations
Fill form fields with data	FillIn
Reconfigure or add form fields	ModifyContents and ModifyAnnotations
All of the above, and top-quality printing	AllFeatures

Comparing these two tables, you can see that Assembly is a weaker version ofModifyContents and FillIn is a weaker version of ModifyAnnotations.

DegradedPrinting sends pages to the printer as rasterized images, whereas Printing sends pages as PostScript. A PostScript stream can be intercepted and turned back into (unsecured) PDF, so the Printing permission is a security risk. However, DegradedPrinting reduces the clarity of printed pages, so you should test your document to make sure DegradedPrinting yields acceptable, printed pages.

After setting these permissions and/or a user password, changing them requires the owner password, if it is set.

PDF Passwords

Acrobat Standard Security enables you to set two passwords on a PDF: the user password and the owner password. In Acrobat 6, these are also called the Open password and the Permissions password, respectively.

The user password, if set, is necessary for viewing the document pages. The PDF encryption key is derived from the user password, so it really is required. When a PDF viewer tries to open a PDF that was secured with a user password, it will prompt the reader to supply the correct password.

The owner password, if set, is necessary for changing the document security settings. A PDF with both its user and owner passwords set can be opened with either password, so you should choose both with equal care.

An owner password by itself does not provide any real PDF security. The content is encrypted, but the key, which is derived from the (empty) user password, is known. By itself, an owner password is a polite but firm request to respect the author's wishes. A rogue program could strip this security in a second.

About PDF Encryption

You can use PDF encryption to lock a file's content behind a password, but more often it is used to enforce lighter restrictions imposed by the author. For example, the author might permit printing pages but prohibit making changes to the document. Here, we continue from and explain how pdftk can encrypt and decrypt PDF documents. We'll begin by describing the Acrobat Standard Security model (called Password Security in Acrobat 6) and the permissions you can grant or revoke.

PDF file attachments get encrypted, too. After opening an encrypted PDF, document file attachments can be opened, changed, or deleted only if the owner granted ModifyAnnotations permission.

Page file attachments behave differently than document file attachments. Once you open an encrypted document, you can open files attached to PDF pages regardless of the permissions. Changing or deleting one of these attachments requires the ModifyAnnotations permission. Of course, if you have the owner password, you can do anything you want.