How to encrypt PDF using a certificate?

We need to encrypt a PDF with a certificate. I've found something using iText some months ago, but I cannot find it any more. The certs are on a smart card.

30th October 2015
admin-marketing

Posted on StackOverflow on May 21, 2014 by user2946593

Encrypting a PDF is done with a public certificate. Once a PDF is encrypted, only the person with the corresponding private certificate can open the PDF. In your scenario, this would mean that only the person who owns the smart card can open the document.

First you need to extract the public certificate from the smart card. The main question here is: do you want to do this in Java? If so, do you want to do this using PKCS#11? Using MSCAPI? Using a smart card API? I honestly don't think that's what you want to do. I think you want the owners of the smart card to extract their public certificate manually and to send it to you. If this assumption is wrong, you need to post another question: how to get a public certificate from a smart card.

Once you have this certificate, you can encrypt the PDF like this:

 PdfReader reader = new PdfReader(src);
 PdfStamper stamper = new PdfStamper(reader, new FileOutputStream(dest));
 Certificate cert = getPublicCertificate("resources/encryption/public.cer");
 stamper.setEncryption(new Certificate[]{cert},
     new int[]{PdfWriter.ALLOW_PRINTING}, PdfWriter.ENCRYPTION_AES_128);
 stamper.close();
 reader.close();

The public certificate is stored in the file public.cer. That's the file your end user extracted from the smart card.


Share this article

Contact

Still have questions? 

We're happy to answer your questions. Reach out to us and we'll get back to you shortly.

Contact us
Stay updated

Join 11,000+ subscribers and become an iText PDF expert by staying up to date with our new products, updates, tips, technical solutions and happenings.

Subscribe Now