PDF security can be maintained by controlling access to PDF documents by encrypting PDF and setting permission levels that will prevent unauthorized users from stealing information in your PDF document. For more information on PDF security, see PDF specification 2.0 (Section 7.6.4).
The DsPdf library supports some of the standard security options in the PDF file format. The following section describes the different types of security features.
PDF documents with sensitive or confidential information require encryption to restrict access to intruders. DsPdf provides Security class to encrypt a document and decline access to unauthorized users.
To encrypt a PDF file using Standard Security Handler Revision 4:
C# |
Copy Code
|
---|---|
public void CreatePDF(Stream stream) { GcPdfDocument doc = new GcPdfDocument(); var page = doc.NewPage(); var g = page.Graphics; const float In = 150; //Add Encryption var std = new StandardSecurityHandlerRev4(); std.OwnerPassword = "abc"; std.UserPassword = "qwe"; // Set EncyptionAlgorithm std.EncryptionAlgorithm = EncryptionAlgorithm.RC4; std.EncryptionKeyLength = 128; // Set the EncryptHandler property. doc.Security.EncryptHandler = std; // Render text using DrawString method g.DrawString("Welcome", new TextFormat() { Font = StandardFonts.TimesBold, FontSize = 12 }, new PointF(In, In)); // Save document doc.Save(stream); } |
DsPdf also supports Standard Security Handler Revision 6 (defined in the PDF 2.0 specification) which uses AES encryption with 256 bit key length.
To encrypt a PDF file using Standard Security Handler Revision 6:
C# |
Copy Code
|
---|---|
public void CreatePDF(Stream stream) { GcPdfDocument doc = new GcPdfDocument(); var page = doc.NewPage(); var g = page.Graphics; const float In = 150; //Add Encryption var ssh = new StandardSecurityHandlerRev6(); ssh.OwnerPassword = "password"; ssh.PrintingPermissions = PrintingPermissions.Enabled; // Set the EncryptHandler property doc.Security.EncryptHandler = ssh; // Render text using DrawString method g.DrawString("Welcome", new TextFormat() { Font = StandardFonts.TimesBold, FontSize = 12 }, new PointF(In, In)); // Save document doc.Save(stream); } |
Setting permissions restricts users from copying, printing and editing the contents in a PDF document. The Security class of the DsPdf library allows a user to set up permissions in a PDF document.
To set permissions in a PDF document:
C# |
Copy Code
|
---|---|
public void CreatePDF(Stream stream) { GcPdfDocument doc = new GcPdfDocument(); var page = doc.NewPage(); var g = page.Graphics; int In = 72; // Create a security handler variable var std = new StandardSecurityHandlerRev3(); std.EditingPermissions = EditingPermissions.Enabled; std.OwnerPassword = "abc"; std.UserPassword = "qwe"; // Set permissions std.EditingPermissions = EditingPermissions.Enabled; std.CopyContentPermissions = CopyContentPermissions.Enabled; std.PrintingPermissions = PrintingPermissions.Disabled; doc.Security.EncryptHandler = std; // Render text using DrawString method g.DrawString("Welcome", new TextFormat() { Font = StandardFonts.TimesBold, FontSize = 12 }, new PointF(In, In)); // Save document doc.Save(stream); } |
Sometimes you might want to load encrypted PDF files without specifying the password. DsPdf allows you to open a password-protected PDF file without specifying the password using Load(Stream stream, DecryptionOptions decryptionOptions) overload of GcPdfDocument class after setting the ThrowExceptionIfInvalidPassword property (flag) of DecryptionOptions class to false (by default, it is true). While there are many limitations to what you can do with a PDF opened in this way, you can:
The PDF format has the "object stream" feature. An object stream is a stream object in which a sequence of indirect objects is stored, rather than at the outermost file level. In the case of encrypted PDF, the object stream is also encrypted so that the PDF objects it contains are not accessible. As a result, DsPdf cannot open the PDF files with the object stream function without knowing the password, and raises an exception. When working with password-protected PDFs without specifying the password, you cannot:
The following sections demonstrate some useful scenarios when working with encrypted PDF files without specifying the password.
C# |
Copy Code
|
---|---|
using (FileStream fs = new FileStream("Sample.pdf", FileMode.Open, FileAccess.Read, FileShare.Read)) { // Initialize GcPdfDocument. GcPdfDocument doc = new GcPdfDocument(); // Load the PDF file and set the decryption options to false. doc.Load(fs, new DecryptionOptions() { ThrowExceptionIfInvalidPassword = false, ThrowExceptionIfUnsupportedSecurityOptions = false }); // Set first page of PDF file as active page. var page = doc.Pages[0]; // Get page size. var pageSize = page.Size; // Add square annotation. SquareAnnotation sa = new SquareAnnotation(); sa.Page = page; /* Remove the UserName it is initialized by default and will cause an exception when the document is saved because strings cannot be encrypted. */ sa.UserName = null; // Add square to the page. sa.Rect = new RectangleF(10, 10, pageSize.Width - 20, pageSize.Height - 20); // Set color of the square. sa.Color = Color.Red; // Save the PDF file. doc.Save("Annotation.pdf"); } |
C# |
Copy Code
|
---|---|
using (FileStream fs = new FileStream("Sample.pdf", FileMode.Open, FileAccess.Read, FileShare.Read)) { // Initialize GcPdfDocument. GcPdfDocument doc = new GcPdfDocument(); // Load the PDF file and set the decryption options to false. doc.Load(fs, new DecryptionOptions() { ThrowExceptionIfInvalidPassword = false, ThrowExceptionIfUnsupportedSecurityOptions = false }); // Check if the metadata is encrypted or not, and if not, change the metadata. bool encryptMetadata = true; if (doc.Security.EncryptHandler is StandardSecurityHandlerRev4 ssh) encryptMetadata = ssh.EncryptMetadata; if (!encryptMetadata) { // Metadata is not encrypted. Metadata m = doc.Metadata; Console.WriteLine("The document has not encrypted metadata:"); Console.WriteLine($"CreatorTool: {m.CreatorTool}"); Console.WriteLine($"CreateDate: {m.CreateDate}"); } else { Console.WriteLine("The document metadata is ENCRYPTED"); } } |
C# |
Copy Code
|
---|---|
using (FileStream fs = new FileStream("Sample.pdf", FileMode.Open, FileAccess.Read, FileShare.Read)) { // Initialize GcPdfDocument. GcPdfDocument doc = new GcPdfDocument(); // Load the PDF file and set the decryption options to false. doc.Load(fs, new DecryptionOptions() { ThrowExceptionIfInvalidPassword = false, ThrowExceptionIfUnsupportedSecurityOptions = false }); // Check if the metadata is encrypted or not, and if not, change the metadata. bool encryptMetadata = true; if (doc.Security.EncryptHandler is StandardSecurityHandlerRev4 ssh) encryptMetadata = ssh.EncryptMetadata; if (!encryptMetadata) { // Metadata is not encrypted. Metadata m = doc.Metadata; Console.WriteLine("The document has not encrypted metadata:"); Console.WriteLine($"CreatorTool: {m.CreatorTool}"); Console.WriteLine($"CreateDate: {m.CreateDate}"); // Change the creator tool value. m.CreatorTool = "New value of CreatorTool"; doc.Save(@"MetaData.pdf"); } else { Console.WriteLine("The document metadata is ENCRYPTED"); } } |
C# |
Copy Code
|
---|---|
using (FileStream fs = new FileStream("Sample.pdf", FileMode.Open, FileAccess.Read, FileShare.Read)) { // Initialize GcPdfDocument. GcPdfDocument doc = new GcPdfDocument(); // Load the PDF file and set the decryption options to false. doc.Load(fs, new DecryptionOptions() { ThrowExceptionIfInvalidPassword = false, ThrowExceptionIfUnsupportedSecurityOptions = false }); // Swap the first and second pages. doc.Pages.Swap(0, 1); // Save the PDF file. doc.Save("PageOrder.pdf"); } |
C# |
Copy Code
|
---|---|
using (FileStream fs = new FileStream("Sample.pdf", FileMode.Open, FileAccess.Read, FileShare.Read)) { // Initialize GcPdfDocument. GcPdfDocument doc = new GcPdfDocument(); // Load the PDF file and set the decryption options to false. doc.Load(fs, new DecryptionOptions() { ThrowExceptionIfInvalidPassword = false, ThrowExceptionIfUnsupportedSecurityOptions = false }); // Change the value of CheckBoxField. var cbf = (CheckBoxField)doc.AcroForm.Fields[0]; cbf.Checked = true; // Change the value of RadioButtonField. var rbf = (RadioButtonField)doc.AcroForm.Fields[1]; var values = rbf.GetCheckedAppearanceStreamNames(); rbf.Value = values[0]; // Save the PDF file. doc.Save("FieldValue.pdf"); } |
C# |
Copy Code
|
---|---|
using (FileStream fs = new FileStream("Sample.pdf", FileMode.Open, FileAccess.Read, FileShare.Read)) { // Initialize GcPdfDocument. GcPdfDocument doc = new GcPdfDocument(); // Load the PDF file and set the decryption options to false. doc.Load(fs, new DecryptionOptions() { ThrowExceptionIfInvalidPassword = false, ThrowExceptionIfUnsupportedSecurityOptions = false }); // Change the value of CheckBoxField. var tf = (TextField)doc.AcroForm.Fields[2]; tf.PdfValue = new PdfName("New Value"); // Change the value of CombTextField. var ctf = (CombTextField)doc.AcroForm.Fields[3]; ctf.PdfValue = new PdfName("NEW"); // Set the NeedAppearances entry of AcroForm. doc.AcroForm.Set(PdfName.Std.NeedAppearances, PdfBool.True); // Save the PDF file. doc.Save("TextField.pdf"); } |
C# |
Copy Code
|
---|---|
using (FileStream fs = new FileStream("Sample.pdf", FileMode.Open, FileAccess.Read, FileShare.Read)) { // Initialize GcPdfDocument. GcPdfDocument doc = new GcPdfDocument(); // Load the PDF file and set the decryption options to false. doc.Load(fs, new DecryptionOptions() { ThrowExceptionIfInvalidPassword = false, ThrowExceptionIfUnsupportedSecurityOptions = false }); // Get the page count and size of the pages. Console.WriteLine($"Page count: {doc.Pages.Count}"); Console.WriteLine(); foreach (Page page in doc.Pages) { var sz = page.GetRenderSize(); Console.WriteLine($"Size of {page.Index} page: {sz.Width}x{sz.Height}"); } } |
Note: When using DsPdf without a license key, working with a password-protected PDF without specifying the password has many additional limitations (e.g., any attempt to change and save the PDF will fail due to the addition of the license nag text). You can ask for an evaluation license key by sending an email to us.sales@mescius.com and evaluate the product for 30 days without any limitations.
For more information on applying security using DsPdf, see DsPdf sample browser.