Aspose.PDF FOSS
Aspose.PDF FOSS for Java
Developer Guide
Security

Security

AESCipher

AESCipher implements AES encryption in CBC mode for byte arrays embedded in PDF documents.

byte[] key = ...; // 128, 192, or 256-bit key
byte[] data = "sensitive data".getBytes();

byte[] ciphertext = AESCipher.encrypt(key, data);
byte[] plaintext  = AESCipher.decrypt(key, ciphertext);

For deterministic encryption with an explicit initialization vector:

byte[] iv = new byte[16]; // 128-bit IV
byte[] ciphertext = AESCipher.encryptWithIV(key, iv, data);
byte[] plaintext  = AESCipher.decryptWithIV(key, iv, ciphertext);

PdfFileSecurity

PdfFileSecurity manages document-level password encryption and access permissions. The encryptFile() method accepts a user password, owner password, DocumentPrivilege object, and key size.

try (PdfFileSecurity security = new PdfFileSecurity("input.pdf", "secured.pdf")) {
    DocumentPrivilege priv = DocumentPrivilege.getForbidAll();
    priv.setAllowPrint(true);
    security.encryptFile("userPass", "ownerPass", priv, KeySize.x256);
}

decryptFile(ownerPassword) removes encryption from an encrypted document.

DocumentPrivilege

DocumentPrivilege represents the permission flags for the encrypted document. Use getAllowAll() to grant all permissions, getForbidAll() to deny all, or set individual permissions via setAllowPrint(), setAllowModifyContents(), setAllowCopy(), and setAllowModifyAnnotations().

Algorithm Enum

The Algorithm enum selects the cryptographic algorithm family:

  • Algorithm.RC4 — legacy RC4 stream cipher
  • Algorithm.AES — AES block cipher (recommended)

See Also