or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

content-stream-processing.mdcos-operations.mddocument-operations.mdindex.mdinteractive-forms.mdmulti-pdf-operations.mdrendering-graphics.mdsecurity-encryption.mdtext-operations.md

security-encryption.mddocs/

0
# Security and Encryption
1


2
Comprehensive PDF security features including encryption, decryption, access permissions, password protection, and digital signatures for document integrity and confidentiality.
3


4
## Document Encryption
5


6
Encrypt PDF documents with password protection and access control.
7


8
```java { .api }
9
// Encryption methods in org.apache.pdfbox.pdmodel.PDDocument
10
public void encrypt(AccessPermission ap, StandardProtectionPolicy spp) throws IOException;
11
public boolean isEncrypted();
12
public void decrypt(String password) throws IOException;
13
public AccessPermission getCurrentAccessPermission();
14
```
15


16
## Access Permissions
17


18
Control what operations are allowed on encrypted PDF documents.
19


20
```java { .api }
21
// Constructor and methods in org.apache.pdfbox.pdmodel.encryption.AccessPermission
22
public AccessPermission();
23
public AccessPermission(int permissions);
24


25
// Permission queries
26
public boolean canPrint();
27
public boolean canPrintDegraded();
28
public boolean canModify();
29
public boolean canModifyAnnotations();
30
public boolean canFillInForm();
31
public boolean canExtractContent();
32
public boolean canExtractForAccessibility();
33
public boolean canAssembleDocument();
34


35
// Permission setters
36
public void setCanPrint(boolean canPrint);
37
public void setCanPrintDegraded(boolean canPrintDegraded);
38
public void setCanModify(boolean canModify);
39
public void setCanModifyAnnotations(boolean canModifyAnnotations);
40
public void setCanFillInForm(boolean canFillInForm);
41
public void setCanExtractContent(boolean canExtractContent);
42
public void setCanExtractForAccessibility(boolean canExtractForAccessibility);
43
public void setCanAssembleDocument(boolean canAssembleDocument);
44


45
// Permission value
46
public int getPermissionBytes();
47
public void setPermissionBytes(int permissions);
48
```
49


50
## Protection Policies
51


52
Configure encryption settings and password policies.
53


54
```java { .api }
55
// Constructor and methods in org.apache.pdfbox.pdmodel.encryption.StandardProtectionPolicy
56
public StandardProtectionPolicy(String ownerPassword, String userPassword, AccessPermission permissions);
57


58
// Password management
59
public String getOwnerPassword();
60
public String getUserPassword();
61
public AccessPermission getPermissions();
62


63
// Encryption configuration
64
public void setEncryptionKeyLength(int encryptionKeyLength);
65
public int getEncryptionKeyLength();
66
public void setPreferAES(boolean preferAES);
67
public boolean isPreferAES();
68
```
69


70
## Digital Signatures
71


72
Add and verify digital signatures for document authenticity and integrity.
73


74
```java { .api }
75
// Constructor and methods in org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature
76
public PDSignature();
77
public PDSignature(COSDictionary dict);
78


79
// Signature information
80
public String getName();
81
public void setName(String name);
82
public Calendar getSignDate();
83
public void setSignDate(Calendar signDate);
84
public String getLocation();
85
public void setLocation(String location);
86
public String getReason();
87
public void setReason(String reason);
88
public String getContactInfo();
89
public void setContactInfo(String contactInfo);
90


91
// Signature data
92
public byte[] getContents();
93
public void setContents(byte[] contents);
94
public int[] getByteRange();
95
public void setByteRange(int[] byteRange);
96


97
// Signature properties
98
public COSName getFilter();
99
public void setFilter(COSName filter);
100
public COSName getSubFilter();
101
public void setSubFilter(COSName subFilter);
102
```
103


104
## Signature Management
105


106
Manage document signatures and verification.
107


108
```java { .api }
109
// Signature access in PDDocument
110
public List<PDSignature> getSignatureDictionaries();
111
public void addSignature(PDSignature signature) throws IOException;
112
public void addSignature(PDSignature signature, SignatureInterface signatureInterface) throws IOException;
113
public void addSignature(PDSignature signature, SignatureInterface signatureInterface, SignatureOptions signatureOptions) throws IOException;
114


115
// Signature validation
116
public boolean verifySignature(PDSignature signature) throws IOException;
117
public byte[] getSignedContent(PDSignature signature) throws IOException;
118
```
119


120
## Signature Interfaces
121


122
Define signature creation behavior.
123


124
```java { .api }
125
// Interface in org.apache.pdfbox.pdmodel.interactive.digitalsignature.SignatureInterface
126
public byte[] sign(InputStream content) throws IOException;
127
```
128


129
## Signature Options
130


131
Configure signature appearance and behavior.
132


133
```java { .api }
134
// Constructor and methods in org.apache.pdfbox.pdmodel.interactive.digitalsignature.SignatureOptions
135
public SignatureOptions();
136


137
// Page and positioning
138
public void setPage(int page);
139
public int getPage();
140
public void setVisualSignature(PDFormXObject visualSignature);
141
public PDFormXObject getVisualSignature();
142


143
// Signature field configuration
144
public void setPrefferredSignatureSize(int size);
145
public int getPreferredSignatureSize();
146
```
147


148
## Security Handlers
149


150
Access low-level security implementations.
151


152
```java { .api }
153
// Methods in org.apache.pdfbox.pdmodel.encryption.SecurityHandler
154
public void prepareDocumentForEncryption(PDDocument doc) throws IOException;
155
public void decryptDocument(PDDocument doc, DecryptionMaterial decryptionMaterial) throws IOException;
156
public AccessPermission getCurrentAccessPermission();
157
public boolean hasProtectionPolicy();
158
```
159


160
## Usage Examples
161


162
### Encrypting a PDF Document
163


164
```java
165
PDDocument document = Loader.loadPDF(new File("document.pdf"));
166


167
// Create access permissions
168
AccessPermission permissions = new AccessPermission();
169
permissions.setCanPrint(true);
170
permissions.setCanModify(false);
171
permissions.setCanExtractContent(false);
172
permissions.setCanModifyAnnotations(false);
173


174
// Create protection policy
175
String ownerPassword = "owner123";
176
String userPassword = "user123";
177
StandardProtectionPolicy policy = new StandardProtectionPolicy(ownerPassword, userPassword, permissions);
178


179
// Configure encryption
180
policy.setEncryptionKeyLength(256); // AES-256
181
policy.setPreferAES(true);
182


183
// Apply encryption
184
document.encrypt(permissions, policy);
185


186
document.save("encrypted-document.pdf");
187
document.close();
188
```
189


190
### Opening Encrypted PDF
191


192
```java
193
File file = new File("encrypted-document.pdf");
194
String password = "user123";
195


196
// Load encrypted document with password
197
PDDocument document = Loader.loadPDF(file, password);
198


199
// Check if document is encrypted
200
if (document.isEncrypted()) {
201
    System.out.println("Document is encrypted");
202
    
203
    // Get current permissions
204
    AccessPermission permissions = document.getCurrentAccessPermission();
205
    System.out.println("Can print: " + permissions.canPrint());
206
    System.out.println("Can modify: " + permissions.canModify());
207
    System.out.println("Can extract: " + permissions.canExtractContent());
208
}
209


210
// Work with decrypted document
211
// ...
212


213
document.close();
214
```
215


216
### Creating Fine-grained Permissions
217


218
```java
219
PDDocument document = new PDDocument();
220
// ... add content to document
221


222
// Create restrictive permissions
223
AccessPermission permissions = new AccessPermission();
224
permissions.setCanPrint(true);                    // Allow printing
225
permissions.setCanPrintDegraded(false);           // No degraded printing
226
permissions.setCanModify(false);                  // No modifications
227
permissions.setCanModifyAnnotations(true);        // Allow annotation changes
228
permissions.setCanFillInForm(true);               // Allow form filling
229
permissions.setCanExtractContent(false);          // No content extraction
230
permissions.setCanExtractForAccessibility(true);  // Allow accessibility tools
231
permissions.setCanAssembleDocument(false);        // No page manipulation
232


233
// Apply with different user/owner passwords
234
StandardProtectionPolicy policy = new StandardProtectionPolicy("secret_owner", "public_user", permissions);
235
document.encrypt(permissions, policy);
236


237
document.save("restricted-document.pdf");
238
document.close();
239
```
240


241
### Adding Digital Signatures
242


243
```java
244
PDDocument document = Loader.loadPDF(new File("document.pdf"));
245


246
// Create signature dictionary
247
PDSignature signature = new PDSignature();
248
signature.setName("John Doe");
249
signature.setLocation("New York, NY");
250
signature.setReason("I approve this document");
251
signature.setSignDate(Calendar.getInstance());
252
signature.setFilter(COSName.getPDFName("Adobe.PPKLite"));
253
signature.setSubFilter(COSName.getPDFName("adbe.pkcs7.detached"));
254


255
// Implement signature interface
256
SignatureInterface signatureInterface = new SignatureInterface() {
257
    @Override
258
    public byte[] sign(InputStream content) throws IOException {
259
        // Implement actual signing logic here
260
        // This would typically involve:
261
        // 1. Reading the content to be signed
262
        // 2. Creating a digital signature using private key
263
        // 3. Returning the signature bytes
264
        return new byte[0]; // Placeholder
265
    }
266
};
267


268
// Configure signature options
269
SignatureOptions signatureOptions = new SignatureOptions();
270
signatureOptions.setPage(0); // Sign on first page
271


272
// Add signature to document
273
document.addSignature(signature, signatureInterface, signatureOptions);
274


275
document.save("signed-document.pdf");
276
document.close();
277
```
278


279
### Verifying Signatures
280


281
```java
282
PDDocument document = Loader.loadPDF(new File("signed-document.pdf"));
283


284
// Get all signatures
285
List<PDSignature> signatures = document.getSignatureDictionaries();
286


287
for (PDSignature signature : signatures) {
288
    System.out.println("Signature by: " + signature.getName());
289
    System.out.println("Date: " + signature.getSignDate().getTime());
290
    System.out.println("Location: " + signature.getLocation());
291
    System.out.println("Reason: " + signature.getReason());
292
    
293
    // Get signed content for verification
294
    byte[] signedContent = document.getSignedContent(signature);
295
    
296
    // Verify signature (implementation depends on your security provider)
297
    boolean isValid = verifySignature(signature, signedContent);
298
    System.out.println("Signature valid: " + isValid);
299
}
300


301
document.close();
302
```
303


304
### Working with Security Handlers
305


306
```java
307
PDDocument document = Loader.loadPDF(new File("encrypted-document.pdf"));
308


309
if (document.isEncrypted()) {
310
    // Access security handler for advanced operations
311
    SecurityHandler securityHandler = document.getEncryption().getSecurityHandler();
312
    
313
    if (securityHandler.hasProtectionPolicy()) {
314
        System.out.println("Document has protection policy");
315
        
316
        // Get current access permissions
317
        AccessPermission currentPermissions = securityHandler.getCurrentAccessPermission();
318
        
319
        // Check specific permissions
320
        if (!currentPermissions.canExtractContent()) {
321
            System.out.println("Content extraction is restricted");
322
        }
323
    }
324
}
325


326
document.close();
327
```