What is PDF email encryption?

The gateway supports three different encryption methods: S/MIME, OpenPGP and PDF. Although S/MIME or PGP encryption is the most secure ways to encrypt email, the problem with S/MIME (or PGP) is that it requires the recipient and sender to use an S/MIME or PGP capable email client. Although installing a certificate or PGP key is not hard it may still be too cumbersome for some recipients. Especially when only a few secure email messages need to be exchanged over a longer period.

As an alternative to S/MIME or PGP, PDF encryption can be used. The PDF standard allows a PDF to be encrypted with a password. Files can be added to the PDF and are encrypted as well. Because most recipients already have a PDF reader installed, they do not need to install or configure any software.

Note

The PDF is encrypted with AES128. The AES128 key is generated from the password.

When the gateway PDF encrypts a message, it converts the complete email message, including all attachments, to a PDF. The PDF is then password encrypted and attached to a new message (which is based on a template). This message does not contain any information other than a general note that the message contains an encrypted PDF.

With PDF encryption, are attachments encrypted as well?

All attachments are added to the PDF document before the PDF is encrypted. The attachments are therefore encrypted as well. To open the attachments, a PDF reader which supports attachment, for example Adobe Acrobat, is required.

Is PDF encryption safe? Some companies claim they can crack PDFs?

PDF encryption is safe just as long as the password is long enough and the PDF is encrypted with AES128. PDF password crackers try to guess the password using different techniques. For example, some of the password crackers use a large list of common words and names. The gateway can automatically generate a random password for every PDF. The default password length is 16 bytes (128 bits) of random data which is practically uncrackable.

With PDF encryption, how can the recipient securely reply ?

The gateway can be configured to add a reply link. When the recipient clicks on the reply link, the recipients web browser connects to the CipherMail gateway and opens a page on which the recipient can write the reply message.

There are different password modes for PDF encryption. Which mode is the most secure?

There are different modes to password encrypt the PDF:

  • The PDF can be encrypted using a pre-defined static password.

  • The PDF can be encrypted using randomly generated password. The password will be sent by SMS Text to the recipient.

  • The PDF can be encrypted using randomly generated password. The password will be sent back by email to the sender of the message.

  • The PDF can be encrypted using a One Time Password (OTP) algorithm.

For all password modes, it’s important that the password with which the PDF is encrypted is long enough to withstand a brute force attack.

Note

With a brute force attack, the attacker tries to guess the password by trying all possible passwords.

Which password mode is the most secure is not easy to answer since this depends on a lot of factors. For example, the static password mode can be very secure if the password is long enough. However, with the static password mode, every PDF sent to one recipient will always be encrypted with the same password. If an attacker somehow knows what the password is, all PDFs can be read. The pros and cons of each mode will now be briefly discussed.

Static password

Pros:

  • Easy to setup. The recipient only requires one password.

Cons:

  • The password has to be securely exchanged with the recipient.

  • All PDFs are encrypted with the same password.

  • Long passwords required to protect against brute force attacks.

Random password via SMS

Pros:

  • The password is sent via a different channel (SMS) than email. An attacker needs access to the email and SMS to read the email.

  • Every PDF can be encrypted with a different randomly generated password.

Cons:

  • The recipients needs a telephone number to which the SMS can be delivered.

  • The sender has to provide the SMS telephone number.

  • Reading the password from the SMS can be cumbersome, especially with long passwords.

  • If the password for the PDF is lost, the recipient can no longer open the PDF.

  • SMS messages are not free.

Random password, sent back to sender

Pros:

  • The password can be sent via a different communication channel.

  • Every PDF can be encrypted with a different randomly generated password.

Cons:

  • The sender somehow needs to exchange the password with the recipient using a secure channel.

  • Typing the password into the PDF password dialog can be cumbersome, especially with long passwords.

  • If the password for the PDF is lost, the recipient can no longer open the PDF.

One Time Password (OTP) using the online portal

Pros:

  • Every PDF is encrypted with a different randomly generated password.

  • The generated password can be copied and paste into the password dialog. The password can therefore be very long.

  • Because the recipient has to log into the portal to generate the password, online security against brute force attacks can be used.

  • Since the password is generated using a server stored client secret, the PDF password can always be generated.

  • The recipient has to log into the portal to generate the password. The account can be disabled if required.

  • Using the invite mechanism, setting up secure email communication is very easy.

Cons:

  • The recipient has to login to generate the password.

  • If the recipient forgets the portal password, the recipient cannot login and the password has to be reset.

  • The account for the recipient has to be pre-configured or the recipient has to be invited.

  • The gateway portal functionality must be accessible to external users.

With the One Time Password (OTP) mode, a recipient can be invited. Is this not insecure? What happens if the invite is intercepted?

The hardest part in setting up a secure channel is the exchange of the first secret (this is true for every encryption product). To do this in a secure way, a different channel should be used. With the one time password mode, you can choose to pre-configure the portal password. The portal password should then be securely transported to the recipient using a different channel (i.e., not using email).

From a practical perspective, it is however not always easy to exchange the password via a different channel or, pre-configuring passwords for every recipient might be too cumbersome. For cases where pre-configuring the portal password is not feasible, the auto invite mode was introduced.

When the auto invite option is enabled and there is not yet a portal password for the recipient, an invite link will be added to the email. After clicking the invite link, the recipient can choose a portal password for the portal account.

If however, an attacker somehow manages to intercept the email containing the invite link, and clicks on the link before the real recipient does, the attacker can choose a password before the real recipient can. Using the new password, the attacker can generate the one time password and read the first encrypted PDF.

While this in theory (and practice) is possible, the real recipient however will be able to detect that this has happened because the real recipient can no longer log into the account since the real recipient does not know which password the attacker has selected. If the attacker clicks on the link after the real recipient has selected a password, the attacker cannot log into the account since the real recipient already selected a password.

The window of opportunity for the attacker is therefore limited: If the real recipient has selected a password, the link in the invite email is no longer usable, if the attacker successfully intercepted the email and selected a password, the real recipient will immediately notice this the first time the recipient tries to login.

If you need to be absolutely certain the password is set by the correct recipient before sending sensitive information, you can send an email containing a keyword. To validate whether the password was selected by the recipient and not by the attacker, you should call the recipient and ask for the keyword.