Removing Certificate Based Encryption

Certificate-based encryption can be removed from a PDF document so that users can open the PDF document in Adobe Reader or Acrobat. To remove encryption from a PDF document that is encrypted with a certificate, a public key must be referenced. After encryption is removed from a PDF document, it is no longer secure.

Note: For more information about the Encryption service, see Services Reference for LiveCycle.

Summary of steps

To remove certificate-based encryption from a PDF document, perform the following steps:

  1. Include project files.

  2. Create an encryption service client.

  3. Get the encrypted PDF document.

  4. Remove encryption.

  5. Save the PDF document as a PDF file.

Include project files

Include necessary files into your development project. If you are creating a client application using Java, include the necessary JAR files. If you are using web services, ensure that you include the proxy files.

The following JAR files must be added to your project’s class path:

  • adobe-livecycle-client.jar

  • adobe-usermanager-client.jar

  • adobe-encryption-client.jar

  • adobe-utilities.jar (required if LiveCycle is deployed on JBoss Application Server)

  • jbossall-client.jar (required if LiveCycle is deployed on JBoss Application Server)

Create an encryption service client

To programmatically perform an Encryption service operation, you must create an Encryption service client. If you are using the Java Encryption Service API, create an EncrytionServiceClient object. If you are using the web service Encryption Service API, create an EncryptionServiceService object.

Get the encrypted PDF document

You must obtain an encrypted PDF document to remove certificate-based encryption. If you attempt to remove encryption from a PDF document that is not encrypted, an exception is thrown. Likewise, if you attempt to remove certificate-based encryption from a password-encrypted document, an exception is thrown.

Remove encryption

To remove certificate-based encryption from an encrypted PDF document, you require both an encrypted PDF document and the private key that corresponds to the key that was used to encrypt the PDF document. The alias value of the private key is specified when removing certificate-based encryption from an encrypted PDF document. For information about the public key, see Encrypting PDF Documents with Certificates.

Note: A private key is stored in the LiveCycle Trust Store. When a certificate is placed there, an alias value is specified.

Save the PDF document

After certificate-based encryption is removed from an encrypted PDF document, you can save the PDF document as a PDF file. Users can open the PDF document in Adobe Reader or Acrobat.

Remove certificate-based encryption using the Java API

Remove certificate-based encryption from a PDF document by using the Encryption API (Java):

  1. Include project files.

    Include client JAR files, such as adobe-encryption-client.jar, in your Java project’s class path.

  2. Create an encryption service client.

    • Create a ServiceClientFactory object that contains connection properties.

    • Create an EncryptionServiceClient object by using its constructor and passing the ServiceClientFactory object.

  3. Get the encrypted PDF document.

    • Create a java.io.FileInputStream object that represents the encrypted PDF document by using its constructor and passing a string value that specifies the location of the encrypted PDF document.

    • Create a com.adobe.idp.Document object by using its constructor and passing the java.io.FileInputStream object.

  4. Remove encryption.

    Remove certificate-based encryption from the PDF document by invoking the EncryptionServiceClient object’s removePDFCertificateSecurity method and passing the following values:

    • The com.adobe.idp.Document object that contains the encrypted PDF document.

    • A string value that specifies the alias name of the private key that corresponds to the key used to encrypt the PDf document.

    The removePDFCertificateSecurity method returns a com.adobe.idp.Document object that contains an unsecured PDF document.

  5. Save the PDF document.

    • Create a java.io.File object and ensure that the file extension is .pdf.

    • Invoke the com.adobe.idp.Document object’s copyToFile method to copy the contents of the Document object to the file. Ensure that you use the com.adobe.idp.Document object that was returned by the removePDFCredentialSecurity method.

Remove certificate-based encryption using the web service API

Remove certificate-based encryption by using the Encryption API (web service):

  1. Include project files.

    Create a Microsoft .NET project that uses MTOM. Ensure that you use the following WSDL definition: http://localhost:8080/soap/services/EncryptionService?WSDL&lc_version=9.0.1.

    Note: Replace localhost with the IP address of the server hosting LiveCycle.
  2. Create an encryption service client.

    • Create an EncryptionServiceClient object by using its default constructor.

    • Create an EncryptionServiceClient.Endpoint.Address object by using the System.ServiceModel.EndpointAddress constructor. Pass a string value that specifies the WSDL to the LiveCycle service (for example, http://localhost:8080/soap/services/EncryptionService?WSDL.) You do not need to use the lc_version attribute. This attribute is used when you create a service reference.)

    • Create a System.ServiceModel.BasicHttpBinding object by getting the value of the EncryptionServiceClient.Endpoint.Binding field. Cast the return value to BasicHttpBinding.

    • Set the System.ServiceModel.BasicHttpBinding object’s MessageEncoding field to WSMessageEncoding.Mtom. This value ensures that MTOM is used.

    • Enable basic HTTP authentication by performing the following tasks:

      • Assign the LiveCycle user name to the field EncryptionServiceClient.ClientCredentials.UserName.UserName.

      • Assign the corresponding password value to the field EncryptionServiceClient.ClientCredentials.UserName.Password.

      • Assign the constant value HttpClientCredentialType.Basic to the field BasicHttpBindingSecurity.Transport.ClientCredentialType.

      • Assign the constant value BasicHttpSecurityMode.TransportCredentialOnly to the field BasicHttpBindingSecurity.Security.Mode.

  3. Get the encrypted PDF document.

    • Create a BLOB object by using its constructor. The BLOB object is used to store the encrypted PDF document.

    • Create a System.IO.FileStream object by invoking its constructor and passing a string value that represents the file location of the encrypted PDF document and the mode in which to open the file.

    • Create a byte array that stores the content of the System.IO.FileStream object. You can determine the size of the byte array by getting the System.IO.FileStream object’s Length property.

    • Populate the byte array with stream data by invoking the System.IO.FileStream object’s Read method and passing the byte array, the starting position, and the stream length to read.

    • Populate the BLOB object by assigning the contents of the byte array to the BLOB object’s MTOM data member.

  4. Remove encryption.

    Invoke the EncryptionServiceClient object’s removePDFCertificateSecurity method and pass the following values:

    • The BLOB object that contains file stream data that represents an encrypted PDF document.

    • A string value that specifies the alias name of the public key that corresponds to the private key used to encrypt the PDf document.

    The removePDFCredentialSecurity method returns a BLOB object that contains an unsecured PDF document.

  5. Save the PDF document.

    • Create a System.IO.FileStream object by invoking its constructor and passing a string value that represents the file location of the unsecured PDF document.

    • Create a byte array that stores the content of the BLOB object that was returned by the removePDFPasswordSecurity method. Populate the byte array by getting the value of the BLOB object’s MTOM data member.

    • Create a System.IO.BinaryWriter object by invoking its constructor and passing the System.IO.FileStream object.

    • Write the contents of the byte array to a PDF file by invoking the System.IO.BinaryWriter object’s Write method and passing the byte array.

// Ethnio survey code removed