Certificate encryption
encryptwithcertificate
JAVA
JAVA
/*
This file is part of the iText (R) project.
Copyright (c) 1998-2023 Apryse Group NV
Authors: Apryse Software.
For more information, please contact iText Software at this address:
sales@itextpdf.com
*/
package com.itextpdf.samples.sandbox.security;
import com.itextpdf.kernel.pdf.EncryptionConstants;
import com.itextpdf.kernel.pdf.PdfDocument;
import com.itextpdf.kernel.pdf.PdfReader;
import com.itextpdf.kernel.pdf.PdfWriter;
import com.itextpdf.kernel.pdf.WriterProperties;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class EncryptWithCertificate {
public static final String DEST
= "./target/sandbox/security/encrypt_with_certificate.pdf";
public static final String SRC
= "./src/main/resources/pdfs/hello.pdf";
public static final String PUBLIC
= "./src/main/resources/encryption/test.cer";
public static void main(String[] args) throws Exception {
File file = new File(DEST);
file.getParentFile().mkdirs();
new EncryptWithCertificate().manipulatePdf(DEST);
}
public Certificate getPublicCertificate(String path) throws IOException, CertificateException {
try (FileInputStream is = new FileInputStream(path)) {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(is);
return cert;
}
}
protected void manipulatePdf(String dest) throws Exception {
Security.addProvider(new BouncyCastleProvider());
// The file created by this example can not be opened, unless
// you import the private key stored in test.p12 in your certificate store.
// The password for the p12 file is kspass.
Certificate cert = getPublicCertificate(PUBLIC);
PdfDocument pdfDoc = new PdfDocument(
new PdfReader(SRC),
new PdfWriter(dest, new WriterProperties().setPublicKeyEncryption(
new Certificate[] {cert},
new int[] {EncryptionConstants.ALLOW_PRINTING},
// Due to import control restrictions by the governments of a few countries,
// the encryption libraries shipped by default with the Java SDK restrict
// the length, and as a result the strength, of encryption keys. Be aware
// that in this sample you need to replace the default security JARs in your
// Java installation with the Java Cryptography Extension (JCE) Unlimited
// Strength Jurisdiction Policy Files. These JARs are available for download
// from http://java.oracle.com/ in eligible countries.
EncryptionConstants.ENCRYPTION_AES_256))
);
pdfDoc.close();
}
}
C#
C#
using System;
using System.IO;
using iText.Bouncycastle.Cert;
using iText.Bouncycastle.X509;
using iText.Kernel.Pdf;
using Org.BouncyCastle.X509;
namespace iText.Samples.Sandbox.Security
{
public class EncryptWithCertificate
{
public static readonly String DEST = "results/sandbox/security/encrypt_with_certificate.pdf";
public static readonly String SRC = "../../../resources/pdfs/hello.pdf";
public static readonly String PUBLIC = "../../../resources/encryption/test.cer";
public static void Main(String[] args)
{
FileInfo file = new FileInfo(DEST);
file.Directory.Create();
new EncryptWithCertificate().ManipulatePdf(DEST);
}
public X509Certificate GetPublicCertificate(String path)
{
using (FileStream stream = File.Open(path, FileMode.Open))
{
X509CertificateParser parser = new X509CertificateParser();
X509Certificate readCertificate = parser.ReadCertificate(stream);
return readCertificate;
}
}
protected void ManipulatePdf(String dest)
{
// The file created by this example can not be opened, unless
// you import the private key stored in test.p12 in your certificate store.
// The password for the p12 file is kspass.
X509Certificate cert = GetPublicCertificate(PUBLIC);
PdfDocument document = new PdfDocument(new PdfReader(SRC), new PdfWriter(dest,
new WriterProperties().SetPublicKeyEncryption(
new[] {new X509CertificateBC(cert)},
new[] {EncryptionConstants.ALLOW_PRINTING},
EncryptionConstants.ENCRYPTION_AES_256)));
document.Close();
}
}
}