Protect PDF with Password and save the PW into a .rtf file with Timestamp

As the title shows i want to protect .pdf files with a password and save the PW automatically within a .rtf file. Does somebody know a common or easy way to archive this?

Best Fabian

In case of few documents either printing the documents to PDF (and specifying the password via the print options) or opening the documents in Preview and exporting them with a password should be sufficient.

If you don’t mind me asking: what’s the point of that? RTF is a clear text format, so your password is basically legible to anyone getting access to the file. Which is probably the same group of people getting access to the PDF.

Why not use Apple’s keychain for that or another password manager?

Of course I don’t mind. I regularly have to share reasonable documents with clients, so I have an original document in Word/textedit etc. and convert this into pdf to send it via email. The PW comes via SMS/Threema etc. I am really looking for a one-click solution to secure the PW in a file and the pdf itself, without having a long work around.

Personally, I’d go with asymmetric encryption in this case, aka PGP/GnuPG. Which of course requires the receiver of your files to generate a key pair and make their public key available to you.

Which is probably more of a pain than your solution. I’d still go for keychain, 1Password or something like that for secure password storage. But may be I’m being paranoid.

The thing is I don’t want to use the Passwort for securing the files in my system.
I just want to secure the files for the mail attachment.

Does somebody know if this could be possible with AppleScript?

Because DT cannot encrypt documents, it won’t be possible to directly script DT to do this. I don’t know about scripting the print dialogue, but I’m going to guess no. Both Preview and Mail are only scriptable on a pretty basic level. The only idea I can come up with is PDFpenPro 10, which seems to be intensely scriptable; from the dictionary:

document n : A document.
contains pages; contained by application.
info (document info, r/o) : Document information
path (text) : The document's path.
modified (boolean, r/o) : Has the document been modified since the last save?
name (text) : The document's name.
performing ocr (boolean, r/o) : Application is currently performing OCR on the document.
performing search (boolean, r/o) : Application is currently performing a search.
performing redaction (boolean, r/o) : Application is currently performing redaction.
needs ocr (boolean, r/o) : Does application think the document is a candidate for OCR?
top margin (integer, w/o) : Top margin in points.
bottom margin (integer, w/o) : Bottom margin in points.
left margin (integer, w/o) : Left margin in points.
right margin (integer, w/o) : Right margin in points.
levels (integer, w/o) : Maximum levels to descend in URL path hierarchy.
maximum pages (integer, w/o) : Maximum pages to process.
follow (subtree/‌server/‌any links, w/o) : Method for following links when importing from HTML.
plain text (text, r/o) : Plain text of entire document.
text content (rich text, r/o) : Rich text of entire document.
permissions (list of permissions) : Document permissions.
owner password (text, w/o) : Owner password (write only).
selected page (page, r/o) : Currently selected page.
encryption methods enum
RC4 : 40-bit RC4
AES128 : 128-bit AES-128
AES256 : 256-bit AES-256
none : no encryption
permissions enum
can print : document allows printing
can print high resolution : document alows high resolution printing
can modify content : document allows modifying content
can modify pages : document allows modifying pages
can copy text and objects : document allows copying text and objects
can fill forms : document allows filling in forms
can annotate : document allows annotating
is accessible : document allows accessibility access
save v : Save an object.
save specifier : the object to save, usually a document or window
[in file] : The file in which to save the object.
[as text] : The file type in which to save the data.
[password text] : Password with which to encrypt document.
[encrypt using RC4/‌AES128/‌AES256/‌none] : Encryption method with which to encrypt document. Default is AES-128.

I could imagine you could send the document from DT to PDFpenPro 10, set permissions if required, save it using a password, all using a script. Whether AppleScript has a random generator, I don’t know; if so, the password would be easy. Appending it to a list (or even saving the password as custom metadata in DT) should be easy. I can’t find a command to mail the document from PDFpenPro, but you could either save it back to DT and mail it from there with the script, or save it to a folder, and then mail it from there; apple mail is certainly scriptable enough to be able to send a mail with a text and an attachment.

I found this here, but it is a Python script:

and this very old post

and a youtube video

Of course,@Blanc’s suggestion is valid, too, but then you’d need PDFPen.

nice one @chrillek - the python script looks like a neat solution :slight_smile: @ft.knorr please let us know how you fare.

Off the top of my head if I had this problem to solve I’d probably want to share the password via The service has an API which looks to be easily scriptable.

… time passes …

So, I decided to AppleScript this out, but instead of encrypting the PDF directly, I create an encrypted zip file. This script will prompt you for a password, zip the file using that password, and then return a one-time URL for OneTimeSecret that contains the password. Just copy the URL and send it to whoever needs to open the file.

set thePassword to the text returned of (display dialog "Password:" default answer "")
tell application "Finder"
	set theItem to selection as alias
	set itemPath to quoted form of POSIX path of theItem
	log itemPath
	set fileName to name of theItem
	log fileName
	set theFolder to POSIX path of (container of theItem as alias)
	set zipFile to quoted form of (theFolder & fileName & ".zip")
	log zipFile
	do shell script "zip -jr --encrypt --password " & thePassword & " " & zipFile & " " & itemPath
end tell

set jsonReturn to do shell script "curl -F 'secret=" & thePassword & "'"

# Delimit text fields using comma
set the text item delimiters to ","
set Arr to the text items of jsonReturn

# Trim quotes of each item in Arr
repeat with a in Arr
	set contents of a to text 2 thru -2 of a
end repeat

set secretKeyString to item 3 of Arr
set the text item delimiters to "\":"
set secretArray to the text items of secretKeyString
set secretCode to text 2 thru -1 of item 2 of secretArray

display dialog "" & secretCode with icon caution

There’s no error handling in this script, so… caveat emptor. If anyone finds this useful perhaps I’ll improve it a bit.

Cool approach (although I’d go with JavaScript if I had a JSON object to parse :wink:

According to their website, onetimesecret requires username & password for their API. Did you leave them out in this script by purpose, coincidentially or is the authentication no longer required?

1 Like

Script should work as is, I didn’t need a username or password. And I keep forgetting about Javascript automation, I should really look into that more.