Encrypting & securing PDFs using JavaScript

To secure a PDF document with password protection and adjusting permissions on the document.

1<html>
2 <script src="../lib/core/webviewer-core.min.js"></script>
3 <script src="../lib/core/pdf/PDFNet.js"></script>
4 <script>
5 (async function() {
6 Core.setWorkerPath('../lib/core');
7 const doc = await PDFNet.PDFDoc.createFromURL(filename);
8
9 // Apply a new security handler with given security settings.
10 // In order to open saved PDF you will need a user password 'test'.
11 const newHandler = await PDFNet.SecurityHandler.createDefault();
12
13 // Set a new password required to open a document
14 const user_password = 'test';
15 newHandler.changeUserPasswordUString(user_password);
16
17 // Set Permissions
18 newHandler.setPermission(PDFNet.SecurityHandler.Permission.e_print, false);
19 newHandler.setPermission(PDFNet.SecurityHandler.Permission.e_extract_content, true);
20
21 // Note: document takes the ownership of newHandler.
22 doc.setSecurityHandler(newHandler);
23 })()
24 </script>
25</html>

Encrypt and Decrypt PDF Files
Full sample code which illustrates some of our encryption support.

About securing a document with encryption

Although Apryse SDK offers an extension mechanism through which users can register custom security handlers, it also provides a standard security handler.

This built-in security handler is the Standard Security Handler (StdSecurityHandler). The Standard Security Handler supports two passwords:

  • A user password that permits a user to open and read a protected document only with whatever permissions the owner chose.
  • An owner password can grant a document owner free reign over what permissions are granted to users.

An application can also create its own implementation of SecurityHandler. For example, a custom SecurityHandler could perform user authorization requiring the presence of a hardware dongle or even feedback from a biometric system.

A Security Handler is used when:

  • A document is opened. The security handler must determine whether a user is authorized to open the file. It must also set up the RC4 decryption key used to decrypt the file.
  • A document is saved. The security handler must set up the RC4 encryption key and write security information into the PDF file's encryption dictionary.
  • A user tries to change a document's security settings. Note that the Standard Security Handler in Apryse SDK does not enforce a document's permissions. For example, it is possible to edit a document although document modification permission is not granted. Therefore, it is up to the application to respect PDF permissions.

The number of security handlers associated with a document change over time. When the document is first opened it isn't associated with any security handlers. When InitSecurityHandler (or InitStdSecurityHandler) is called on the document, that security handler is associated with the document. And when SetSecurityHandler is called on a document, that security handler is also associated with the document—albeit in a pending state until the document is saved. Until the document is saved with the new security handler, the old security handler rules the document's security.

Custom security

Besides providing full support for standard PDF security, Apryse SDK allows users to work with custom security handlers and proprietary encryption algorithms. For most use cases where the extra security of custom encryption is desired, it is recommended to use the Apryse Custom Security Handler . However, it is also possible to create a user-defined custom security handler by deriving a class from SecurityHandler and implementing its interface.

Please see the Apryse SDK Net Knowledge Base or contact support@apryse.com for more details.

Did you find this helpful?

Trial setup questions?

Ask experts on Discord

Need other help?

Contact Support

Pricing or product questions?

Contact Sales