Encrypting PDF Documents with a Password

When you encrypt a PDF document with a password, a user must specify the password to open the PDF document in Adobe Reader or Acrobat. Also, before another LiveCycle operation, such as digitally signing the PDF document, can be performed on the document, a password-encrypted PDF document must be unlocked.

Wichtig: If you upload an encrypted PDF document to the LiveCycle repository, it cannot decrypt the PDF document and extract the XDP content. It is recommended that you do not encrypt a document prior to uploading it to the LiveCycle repository. (See Writing Resources.)
Hinweis: For more information about the Encryption service, see Services Reference for LiveCycle.

Summary of steps

To encrypt a PDF document with a password, perform the following steps:

  1. Include project files.

  2. Create an Encryption Client API object.

  3. Get a PDF document to encrypt.

  4. Set encryption run-time options.

  5. Add the password.

  6. Save the encrypted PDF document as a PDF file.

Include project files

Include necessary files in your development project. If you are creating a client application using Java, include the necessary JAR files. If you are using web services, ensure that you include the proxy files.

The following JAR files must be added to your project’s class path:

  • adobe-livecycle-client.jar

  • adobe-usermanager-client.jar

  • adobe-encryption-client.jar

  • adobe-utilities.jar (required if LiveCycle is deployed on JBoss)

  • jbossall-client.jar (required if LiveCycle is deployed on JBoss)

Create an Encryption Client API object

To programmatically perform an Encryption service operation, you must create an Encryption service client.

Get a PDF document to encrypt

You must obtain an unencrypted PDF document to encrypt the document with a password. If you attempt to secure a PDF document that is already encrypted, you cause an exception.

Set encryption run-time options

To encrypt a PDF document with a password, you specify four values, including two password values. The first password value is used to encrypt the PDF document and must be specified when opening the PDF document. The second password value, named the master password value, is used to remove encryption from the PDF document. Password values are case sensitive, and these two password values cannot be the same values.

You must specify the PDF document resources to encrypt. You can encrypt the entire PDF document, everything except for the document’s metadata, or just the document’s attachments. If you encrypt only the document’s attachments, a user is prompted for a password when they attempt to access the file attachments.

When encrypting a PDF document, you can specify permissions that are associated with the secured document. By specifying permissions, you can control the actions that a user who opens a password-encrypted PDF document is allowed to perform. For example to successfully extract form data, you must set the following permissions:

  • PASSWORD_EDIT_ADD

  • PASSWORD_EDIT_MODIFY

Hinweis: Permissions are specified as PasswordEncryptionPermission enumeration values.

Add the password

After you retrieve an unsecured PDF document and set encryption run-time values, you can add a password to the PDF document.

Save the encrypted PDF document as a PDF file

You can save the password-encrypted PDF document as a PDF file.

Encrypt a PDF document using the Java API

Encrypt a PDF document with a password by using the Encryption API (Java):

  1. Include project files.

    Include client JAR files, such as adobe-encryption-client.jar, in your Java project’s class path.

  2. Create an Encryption Client API.

    • Create a ServiceClientFactory object that contains connection properties.

    • Create an EncryptionServiceClient object by using its constructor and passing the ServiceClientFactory object.

  3. Get a PDF document to encrypt.

    • Create a java.io.FileInputStream object that represents the PDF document to encrypt by using its constructor and passing a string value that specifies the location of the PDF document.

    • Create a com.adobe.idp.Document object by using its constructor and passing the java.io.FileInputStream object.

  4. Set encryption run-time options.

    • Create a PasswordEncryptionOptionSpec object by invoking its constructor.

    • Specify the PDF document resources to encrypt by invoking the PasswordEncryptionOptionSpec object’s setEncryptOption method and passing a PasswordEncryptionOption enumeration value that specifies the document resources to encrypt. For example, to encrypt the entire PDF document, including its metadata and its attachments, specify PasswordEncryptionOption.ALL.

    • Create a java.util.List object that stores the encryption permissions by using the ArrayList constructor.

    • Specify a permission by invoking the java.util.List object ‘s add method and passing an enumeration value that corresponds to the permission that you want to set. For example, to set the permission that lets a user copy data located in the PDF document, specify PasswordEncryptionPermission.PASSWORD_EDIT_COPY. (Repeat this step for each permission to set).

    • Specify the Acrobat compatibility option by invoking the PasswordEncryptionOptionSpec object’s setCompatability method and passing an enumeration value that specifies the Acrobat compatibility level. For example, you can specify PasswordEncryptionCompatability.ACRO_7.

    • Specify the password value that lets a user open the encrypted PDF document by invoking the PasswordEncryptionOptionSpec object’s setDocumentOpenPassword method and passing a string value that represents the open password.

    • Specify the master password value that lets a user remove encryption from the PDF document by invoking the PasswordEncryptionOptionSpec object’s setPermissionPassword method and passing a string value that represents the master password.

  5. Add the password.

    Encrypt the PDF document by invoking the EncryptionServiceClient object’s encryptPDFUsingPassword method and passing the following values:

    • The com.adobe.idp.Document object that contains the PDF document to encrypt with the password.

    • The PasswordEncryptionOptionSpec object that contains encryption run-time options.

    The encryptPDFUsingPassword method returns a com.adobe.idp.Document object that contains a password-encrypted PDF document.

  6. Save the encrypted PDF document as a PDF file.

    • Create a java.io.File object and ensure that the file extension is .pdf.

    • Invoke the com.adobe.idp.Document object’s copyToFile method to copy the contents of the com.adobe.idp.Document object to the file. Ensure that you use the com.adobe.idp.Document object that was returned by the encryptPDFUsingPassword method.

Encrypting a PDF document using the web service API

Encrypt a PDF document with a password by using the Encryption API (web service):

  1. Include project files.

    Create a Microsoft .NET project that uses MTOM. Ensure that you use the following WSDL definition: http://localhost:8080/soap/services/EncryptionService?WSDL&lc_version=9.0.1.

    Hinweis: Replace localhost with the IP address of the server hosting LiveCycle.
  2. Create an Encryption Client API object.

    • Create an EncryptionServiceClient object by using its default constructor.

    • Create an EncryptionServiceClient.Endpoint.Address object by using the System.ServiceModel.EndpointAddress constructor. Pass a string value that specifies the WSDL to the LiveCycle service (for example, http://localhost:8080/soap/services/EncryptionService?WSDL.) You do not need to use the lc_version attribute. This attribute is used when you create a service reference.)

    • Create a System.ServiceModel.BasicHttpBinding object by getting the value of the EncryptionServiceClient.Endpoint.Binding field. Cast the return value to BasicHttpBinding.

    • Set the System.ServiceModel.BasicHttpBinding object’s MessageEncoding field to WSMessageEncoding.Mtom. This value ensures that MTOM is used.

    • Enable basic HTTP authentication by performing the following tasks:

      • Assign the LiveCycle user name to the field EncryptionServiceClient.ClientCredentials.UserName.UserName.

      • Assign the corresponding password value to the field EncryptionServiceClient.ClientCredentials.UserName.Password.

      • Assign the constant value HttpClientCredentialType.Basic to the field BasicHttpBindingSecurity.Transport.ClientCredentialType.

      • Assign the constant value BasicHttpSecurityMode.TransportCredentialOnly to the field BasicHttpBindingSecurity.Security.Mode.

  3. Get a PDF document to encrypt.

    • Create a BLOB object by using its constructor. The BLOB object is used to store a PDF document that is encrypted with a password.

    • Create a System.IO.FileStream object by invoking its constructor and passing a string value that represents the file location of the PDF document to encrypt and the mode in which to open the file.

    • Create a byte array that stores the content of the System.IO.FileStream object. You can determine the size of the byte array by getting the System.IO.FileStream object’s Length property.

    • Populate the byte array with stream data by invoking the System.IO.FileStream object’s Read method and passing the byte array, the starting position, and the stream length to read.

    • Populate the BLOB object by assigning the contents of the byte array to the BLOB object’s MTOM data member.

  4. Set encryption run-time options.

    • Create a PasswordEncryptionOptionSpec object by using its constructor.

    • Specify the PDF document resources to encrypt by assigning a PasswordEncryptionOption enumeration value to the PasswordEncryptionOptionSpec object’s encryptOption data member. To encrypt the entire PDF, including its metadata and its attachments, assign PasswordEncryptionOption.ALL to this data member.

    • Specify the Acrobat compatibility option by assigning a PasswordEncryptionCompatability enumeration value to the PasswordEncryptionOptionSpec object’s compatability data member. For example, assign PasswordEncryptionCompatability.ACRO_7 to this data member.

    • Specify the password value that lets a user open the encrypted PDF document by assigning a string value that represents the open password to the PasswordEncryptionOptionSpec object’s documentOpenPassword data member.

    • Specify the password value that lets a user remove encryption from the PDF document by assigning a string value that represents the master password to the PasswordEncryptionOptionSpec object’s permissionPassword data member.

  5. Add the password.

    Encrypt the PDF document by invoking the EncryptionServiceClient object’s encryptPDFUsingPassword method and passing the following values:

    • The BLOB object that contains the PDF document to encrypt with the password.

    • The PasswordEncryptionOptionSpec object that contains encryption run-time options.

    The encryptPDFUsingPassword method returns a BLOB object that contains a password-encrypted PDF document.

  6. Save the encrypted PDF document as a PDF file.

    • Create a System.IO.FileStream object by invoking its constructor and passing a string value that represents the file location of the secured PDF document.

    • Create a byte array that stores the data content of the BLOB object that was returned by the encryptPDFUsingPassword method. Populate the byte array by getting the value of the BLOB object’s MTOM data member.

    • Create a System.IO.BinaryWriter object by invoking its constructor and passing the System.IO.FileStream object.

    • Write the contents of the byte array to a PDF file by invoking the System.IO.BinaryWriter object’s Write method and passing the byte array.