Adobe’s Portable Document Format, or PDF, has become the accepted standard for distributing documents in a non-editable, attractively-formatted way. PDF is ubiquitous, and because the Adobe Reader application is freely downloadable, it’s very easy for the recipient of a PDF to get hold of the software needed to read PDF files. One of the drawbacks with Acrobat, though, is that Adobe didn’t really give sufficient thought to document protection. Although you can password-protect documents, once someone has found the password they can open a document. Unless you’ve protected it with KeySec, that is. KeySec is an Acrobat add-on that allows you to encrypt PDF documents not just using a password but also by using a USB security token – so to read a KeySec-protected document you need to have the little USB dongle. The software is compatible with Acrobat 5, though support for Acrobat 6 will be along soon. Our review package came with two types of dongle. There is a parallel-port one, used as the ‘master’ (the one used to encrypt documents), and a USB equivalent, which you send out with the PDF file. Highly portable
Step one was to initialise the master key. You do this through some menu extensions that the KeySec installer makes to Acrobat (to repeat: it’s currently compatible with Acrobat 5, not 6), having looked up the cryptic-looking key information on Eutron’s website. Once you have activated the master token, you can go about encrypting the document. The security criteria are the normal Acrobat ones: you can choose whether to allow people to open the document at all without the key, and you can also configure some lesser parameters (such as whether you want people to be able to cut-and-paste from PDF documents). Once you’ve set the criteria for a document (or documents – Acrobat has the ability to apply settings to a whole batch of documents) you simply hit ‘Save’ and the PDF is encrypted. When you send the document to someone, assuming you’ve set the security parameters such that they’re not allowed to view it without the key, they’ll simply get the message: “Can’t locate a valid SmartKey: you are not allowed to open this document”. They therefore need to be given a properly validated USB token to allow them to read what you’ve sent them. Before you send out SmartKeys, you have to initialise them. So it’s off to another menu extension that KeySec has installed in Acrobat for you, this time to update the key’s security code. This includes both a lengthy decryption key (again, a quick visit to the website allows you to paste it into the Windows dialog box that the software throws at you) and some other information such as the key’s expiry date. It takes a few seconds for the software to program the token with the appropriate key information, and then you can provide the PDF’s recipient with their little bit of grey plastic so they can open the document. Assuming you programmed the key correctly (and it’s idiotproof so long as you don’t make a silly mistake) it’s largely invisible to the user. Before the first use, they have to install the KeySec reader software (which, like Acrobat Reader, can be freely distributed), and the first time they push the token into the USB socket, Windows alerts the user to its insertion, but from this point on you don’t notice anything. The difference is, of course, that instead of being told: “Go away, you can’t read this document” it simply opens it as it would any normal PDF. KeySec is an interesting idea, and one that provides an intriguing extra level of security for companies who send confidential material around between offices. In its current form we can’t really see its usefulness for the general market – for example sending out expensive documents to paying customers – because there’s no obvious way to say: “Customer X has key number Y, which gives him access to documents A, B and C”. If Eutron were to add this facility, though, the sky’s the limit with regard to what it could do. KeySec is sensibly implemented, simple to use and worked first time on our Windows 2000/XP installations.