PDF form with JavaScript and password, signatures, esignatures

Report · Oct 27, 2022

I have a question regarding the security of PDF forms.
The forms I create contain a lot of script code. I would like to secure access to scripts. Of course, I can set up a password that prohibits editing the document without knowing it, but here there is a problem, because I cannot sign the form with the password electronically with a trusted signature.
The forms that I create for the city hall obviously require the possibility of digital signing, because this is, as we say in Poland, "the salt of this earth". However, I do not want to share the script code for two reasons: the first is security, and the second is, of course, to protect my work as a developer.
I've read a lot about passwords in PDF but I feel a bit lost, I haven't found it anywhere (maybe I was looking wrong). On the helpx.adobe.com website, in the topic of password protection, I found the information that "Passwords cannot be added to signed or certified documents." OK, sure, and vice versa? Can I add a signature to a document with a password?

Basically the question is:
How to protect a PDF form against unauthorized access to scripts while maintaining the possibility of signing and certifying the file?

The script code protection should remain active even if the document expires the signature.

Report · Oct 27, 2022

There's no real way of doing it, I'm afraid. If you want to protect your code the closest you can get to it is to obfuscate it. There are free tools online that will help you do that. Just make sure you keep a copy of the original code, in case you want to edit it in the future.

Report · Oct 27, 2022

Hope told me that I would get a different answer, but the intellect told me that ...
I must admit that I considered such obfuscation myself (I used similar to Basic code back in the 90 ') but I did not expect that there are such extensive tools for this purpose ... I am shocked.
I'm testing now: https://obfuscator.io/

Thank you very much for your answer.

Report · Oct 27, 2022

Beware that antiviruses consider obfuscated scripts as malicious, so they reject the PDF document or they prevent any download.

You should also know that obfuscated scripts can be "beautified", which means decrypted (https://codebeautify.org/jsviewer).

I prefer to minify the scripts which avoids any problem with antiviruses.

A good protection for minified or obfuscated scripts is to drown them in lots of other useless lines of code. 😉

Acrobate du PDF, InDesigner et Photoshoptographe

Report · Oct 27, 2022

You should also know that the control password - which is not requested on open - is advisory only. All respectful apps honours the control password, but many apps just ignore it. There is no realistic way to keep your JavaScript's out of the hands of people who want to see it. Of course you must make sure it contains no sensitive info (such as passwords) - sometimes things become impossible if you want security.

Report · Oct 27, 2022

I will not win with professionals, if they want, they will get what they want. It's enough for me that most typical code copiers say "it's easier to write it myself" and let them get tired 🙂
After many years of work, I know very well that if I do not take care of my job, it will be used by others without scruples. I help others for free in what I do, but I want to be in control of who and what I share.

Report · Nov 07, 2022

You can certify the document with settings that allow only form filling and signing but the signature fields must be placed on the document first. The code is then encrypted along with the document. You won't be able to protect your code if you allow others to certify.

PDF form with JavaScript and password, signatures, esignatures

li.media.uploader-dialog.title