Adding Certificate Security to a PDF
📌 Overview
From Mako 6.4.0, digital certificates can be used to encrypt documents and verify a digital signature. They can assure the recipient that the document came from you, ensuring that only the intended recipient can view the contents. A certificate stores the public key component of a digital ID.
📗 Instructions
When a PDF is secured using a certificate, you specify the recipients and define the file access level for each recipient or group.
🪜 Steps
Create streams and private pkcs12 data: Create streams from certificate files (attached below).
Create recipients info: Create a
CEDLVectorIPDFOutput::CPDFRecipientsInfoobject and add certificates and permissions. See code snippet below.
recipientsInfo[0].certificates.append(cert1);
recipientsInfo[0].certificates.append(cert2);
recipientsInfo[0].permissions = permissions;Set encryption using recipients info: Finally, you can set the encryption using
IPdfOutput::setPublicKeyEncryption()withrecipientsInfoas the second argument.
⌨️ Sample Code
Below is sample code to show how to set the encryption for two users (Generator and Recipient) when creating an encrypted PDF.
Digital Encryption
// Get the assembly from the input.
IDocumentAssemblyPtr assembly = input->open("Example.pdf");
// Streams for the two input certificates
IRAInputStreamPtr cert1;
cert1 = IInputStream::createFromFile(jawsMako, "Generator.cer");
IRAInputStreamPtr cert2;
cert2 = IInputStream::createFromFile(jawsMako, "Recipient.cer");
// And the private pkcs12 data for both
IRAInputStreamPtr pkcs12_1;
pkcs12_1 = IInputStream::createFromFile(jawsMako, "Generator.p12");
IRAInputStreamPtr pkcs12_2;
pkcs12_2 = IInputStream::createFromFile(jawsMako, "Recipient.p12");
uint32 permissions = 1 << 0;
// Build the recipients list
CEDLVector<IPDFOutput::CPDFRecipientsInfo> recipientsInfo;
// Create a single recipients array sharing the same permissions.
recipientsInfo.resize(1);
recipientsInfo[0].certificates.append(cert1);
recipientsInfo[0].certificates.append(cert2);
recipientsInfo[0].permissions = permissions;
IPDFOutputPtr pdfOutput = obj2IPDFOutput(output);
if (pdfOutput)
{
pdfOutput->setPublicKeyEncryption(128, recipientsInfo, false);
pdfOutput->setLinearize(false);
}
// Write to the output as a batch
output->writeAssembly(assembly, "Encrypted.pdf");using var assembly = input.open("Example.pdf");
// Streams for the two input certificates
using var cert1 = IInputStream.createFromFile(jawsMako, "Generator.cer");
using var cert2 = IInputStream.createFromFile(jawsMako, "Recipient.cer");
// And the private pkcs12 data for both (not used directly in encryption here)
using var pkcs12_1 = IInputStream.createFromFile(jawsMako, "Generator.p12");
using var pkcs12_2 = IInputStream.createFromFile(jawsMako, "Recipient.p12");
uint permissions = 1 << 0; // Example: allow printing only
// Build the recipients list
var recipientsInfo = new CEDLVectPDFRecipientsInfo();
recipientsInfo.resize(1);
recipientsInfo[0].certificates.append(cert1);
recipientsInfo[0].certificates.append(cert2);
recipientsInfo[0].permissions = permissions;
// Create PDF output
using var output = IOutput.create(jawsMako, eFileFormat.eFFPDF);
var pdfOutput = IPDFOutput.fromRCObject(output);
if (pdfOutput != null)
{
// Apply certificate-based (public key) encryption
pdfOutput.setPublicKeyEncryption(128, recipientsInfo, false);
// Disable linearization (optional)
pdfOutput.setLinearize(false);
}
// Write the encrypted PDF
output.writeAssembly(assembly, "Encrypted.pdf");The code refers to certificates that you can download from here:
☑️ Conclusion
Adding certificate security in Mako from version 6.4.0 onwards allows users to encrypt documents and verify digital signatures effectively. By following the provided steps, users can ensure that their PDFs are securely encrypted, with access restricted to specified recipients. The sample code illustrates how to implement this feature, enhancing document security and authenticity.
📚 Additional Resources
If you need additional help, see our API documentation for detailed information on class/method usage, or raise a support ticket via our customer portal.