Introduction: A PDF file can be encrypted using an open certificate. If you have such a PDF file, an appropriate private certificate is required to decrypt it. A PDF file can be encrypted using two passwords: user password and owner password. If the PDF is encrypted using the user's password, at least one of two passwords is required to decrypt it.
Assumption: I assume that PDF files are encrypted with nothing but the owner password. You can open these documents in the PDF viewer without having to enter a user password, which means that access to the content can be obtained, but there are some restrictions depending on the permissions set.
Situation: iText is a library that allows you to access PDF files at a very low level without a graphical interface. He can easily access a PDF file that is encrypted with nothing but an owner password, but he cannot check whether you respect the permissions defined for PDF. To ensure that you are aware of your responsibilities, an exception is thrown saying that PdfReader does not open with the owner password. This is often too strict: sometimes you have permission to collect the PDF file, but with iText it’s all or nothing. Either you can open the file, or you cannot. iText does not check what you do afterwards.
Decision. . By default, the static logical parameter unethicalreading is set, which is set to false . You can change it as follows:
PdfReader.unethicalreading = true;
From now on, it will be as if the PDF files were not encrypted.
Is it legal? This is not so clear, and I'm not a lawyer, but:
This used to be illegal when Adobe still retained copyrights for the PDF specification. Adobe granted the right to use this copyright to any developer on certain conditions. One of these conditions was that you did not “crack” the PDF. Removing the password from the PDF broke your Adobe “contract” to use the PDF specification, and you run the risk of getting a lawsuit.
This changed when Adobe donated the PDF specification to the community to make it an ISO standard. Now everyone can use this international standard, and above (the risk of suing Adobe for copyright infringement) no longer exists.
As the ISO standard documents the encryption mechanism with the owner’s password, and it’s very simple to use the ISO standard to decrypt the document without this password, the concept of entering the owner’s password to provide access rights is technically erroneous. This is just a psychological way to prevent people from doing something with your document, which you, as an author, do not want.
It is like a stop sign on a deserted road. It says: you must stay here, but no one / nothing will stop you if no one is around.
Suggested approach: My approach is to decrypt the PDF using the unethicalreading parameter and to view the installed permissions. If permissions do not allow assembly, I refuse the document. I also set permissions on the resulting PDF file, where I try to find a combination of permissions that match the permissions set in the source documents.
In some cases, this is not so difficult: people do not know that PDF files are often the owners of documents that have forgotten the passwords that were used to encrypt them. In this case, for their decryption, a simple permission of the document owners is enough.
Final note: I am the original iText developer, and I am responsible for introducing the unethicalreading parameter. I chose the name unethicalreading only so that people know what they are doing. This does not mean that using this option is always unethical or illegal.