Deutsch Intern
  • 50-jähriges Jubiläum des Rechenzentrums
Information Technology Centre

PDF encryption

When exchanging documents with sensitive content that requires special protection, the usual exchange channels (e.g. unencrypted email or storage on a web server) only offer insufficient protection against unauthorised access. If only individual files and documents are to be protected, effective protection can be provided by encryption at file level. This encryption can be set up relatively easily, especially for PDF documents, provided that Adobe Acrobat Pro, which is available in the IT Service Center's web shop, is installed. In principle, there are 2 encryption types to choose from: Password-based encryption and certificate-based encryption. Detailed instructions are provided below for each of the two methods of encrypting a PDF document.

Instructions for encrypting a PDF document with a password

Instructions for encrypting a PDF document with a certificate

 

Important note

Without knowing the password used for encryption or the matching private key when using certificates, an encrypted document cannot be viewed again. There are therefore a few basic things to bear in mind:

  • If local regulations prescribe, for example, centralised archiving or storage of documents, then the document should also be stored LOCALLY in unencrypted form. Depending on the procedure, this applies to the PDF document or the underlying source data, e.g. Word files.
  • If documents are only stored in encrypted form, make sure that the availability of the passwords or private certificate keys used is guaranteed in the event of a change of personnel.
  • Back up your own certificate and private key using the corresponding export options of the respective application in the form of a password-protected PKCS12 file. Keep the backup in a safe place (e.g. store it on a CD or USB stick and lock the data carrier away) and use a sufficiently secure password. Otherwise, anyone who gains access to the backup copy for whatever reason can decrypt your data and sign files in your name. You can find out how to back up your personal certificate here.
  • Although certificates have a limited validity period (maximum 3 years for user certificates within the university's PKI), encrypted documents can be decrypted even after the validity period has expired. This means that different documents may have been encrypted over time with the user's certificate that was valid at the time, but different certificates were used.