distribution and use of the pdf file

[ghost]

Hey everyone.

Initial problem

One of the current problems with pdf, I believe, is its distribution. To some extent, people distribute files without having a proprietary license or prior legal approval to do so or without authorization from the author of some work, content, ebook as well. It is worth mentioning that there are cases of some people distributing the pdf file with viruses in order to infect machines. Or there are cases where the distribution of the pdf file is for phishing purposes. That is, to make some kind of fraud or corruption scheme, where people are involved and deceived as a kind of bait. You open the file, and this file infects your computer, or it has some kind of false information that can lead to error, as with bank slip pdf files. And there are several other sub-problems in this initial problem I report, like pdf being used for spam, click bait etc. in pdf files.

Possible solution

Currently, some companies use the password feature to prevent any phishing on the pdf file or to ensure that the pdf file is the one that will be opened. The idea would be to add a second factor in the pdf file, besides the password, it could have a check of the device that can open the file. This could avoid phishing as it would have to have some form of offline/online validation of the pdf with some public/private key.

Reason

My question regarding the context of distributing the pdf file is whether there is any way to feasibly improve certain security, usability and privacy of the pdf file for most people.

Possible implementation

Initially I would like to know if there is a possibility to use webauthn to verify if the file is digitally signed or if there is a possibility to attach a device that can be opened by webauthn with pdf. I would like to know if it would be possible to have a verification of the pdf file with webauthn, so that when opening a pdf file in your browser, your browser will recognize that you have permission to open the pdf file through an external device with validation key, a token - so to speak.

Image

image-description: As we can see in the image, I need to authenticate some device to open the PDF file.

Note
One way to prevent pdfs from being altered and losing reliability is for the pdf file provider to manage them in the cloud. In theory, as the files are read remotely, there is no physical access to them. For example, a provider can disable options for downloading and sharing the file, as well as the option for copying and pasting text.

For example, when we are going to pay bank slips in pdf format, usually some bank has an application mobile where the user can access their information and can pay directly using the application. This prevents the user from opening an unknown pdf or being tricked in any way when paying a bill.

Doubt

• Would it be possible to have a special key or device, offline, to verify the file pdf and guarantee some minimum security for that? something like a webauthn for this?*

[MatthiasValvekens]

Would it be possible to have a special key or device, offline, to verify the file pdf and guarantee some minimum security for that? something like a webauthn for this?

WebAuthn isn't really the right technology to do this, but there are other tools available.

PDF already allows encrypting a document with one or more public keys (see ISO 32000-2, 7.6.5), so that you need a matching private key to open the file. In principle, this private key could be stored on a hardware device. I couldn't tell you how widely supported that is, though---there aren't that many viewers with built-in support for public-key encrypted documents as-is. In combination with this upcoming extension to the standard and/or a digital signature (see ISO 32000-2, 12.8), you can already get somewhere.

Having said that, doing access control on "offline" data is different from "online" authentication: (a) it's impossible to revoke someone's access after you've sent them the data encrypted with their key, (b) there's no interactive key exchange so you can forget about perfect forward secrecy, (c) you can't prevent someone with access from decrypting and disclosing the file, etc. The number of use cases where distributing public-key encrypted PDFs makes sense is fairly limited; you should think carefully about your threat model first.

[ghost]

Hi MatthiasValvekens, thank you for feedback.