Encrypt
This command encrypts inFile
using the standard security handler as defined in PDF 32000-1:2008. If provided the encrypted PDF will be written to outFile
and inFile
remains untouched. Have a look at some examples.
Usage
usage: pdfcpu encrypt [-v(erbose)|vv] [-mode rc4|aes] [-key 40|128|256] [perm none|all] [-upw userpw] -opw ownerpw inFile [outFile]
Flags
name | description | required | values | default |
---|---|---|---|---|
verbose | turn on logging | no | ||
vv | verbose logging | no | ||
mode | encryption | no | rc4, aes | aes |
key | key length | no | rc4:40,128 aes:40,128,256 | 256 |
perm | permissions | no | none, all | none |
upw | user password | no | ||
opw | owner password | yes, must not be empty! |
Arguments
name | description | required |
---|---|---|
inFile | PDF input file | yes |
outFile | encrypted PDF output file | no |
mode
The symmetric encryption algorithm to be used for encrypting and decrypting a document. The PDF standard security handler defines two algorithms to be used:
The default mode for pdfcpu
is AES.As of 2019 AES is still considered secure and an effective federal US government standard.
NOTE: As AES-256 is the most recent algorithm the PDF 1.7 specification defines, more secure algorithms will be needed and provided in a future release.
key
The length of the cryptographic key) used for encryption and decryption.
Possible values for RC4:
- 40
128Possible values for AES:
40
- 128
- 256
perm
The set of permissions that apply once a document has been opened.
Possible values:
none
clears all permission bits. This is the most restrictive way of presenting an open document to a user.all
sets all permission bits allowing full access to all operations that may be applied to an open document.
NOTE: These quick primitives will be followed up by finer grained control over the permission bits in a future release.
Examples
Encrypt test.pdf
using the default encryption AES with a 256-bit key and the default permissions.Set the owner password to opw
. This password also known as the master password or the set permissions password may be used to change the permissions. Since there is no user password set any PDF Reader may open this document:
pdfcpu encrypt -opw opw test.pdf
writing test.pdf ...
Encrypt test.pdf
using the default encryption AES with a 256-bit key and the default permissions.Set the user password to upw
. This password must be used to open the decrypted file. It is also known as the open doc password, thenset the owner password to opw
:
pdfcpu encrypt -upw upw -opw opw test.pdf
writing test.pdf ...
Encrypt test.pdf
and write the encrypted output file to test_enc.pdf
. Use AES with a 40-bit key and default permissions.Set the mandatory owner password to opw
which will also be needed to change the permissions of test_enc.pdf
:
pdfcpu encrypt -opw opw -mode aes -key 40 test.pdf test_enc.pdf
writing test_enc.pdf ...
Encrypt test.pdf
and write the encrypted output file to test_enc.pdf
. Use RC4 with a 128-bit key and set all permissions for full access.Set the user password to upw
which will be needed to open test_enc.pdf
, also set the owner password to opw
:
pdfcpu encrypt -upw upw -opw opw -mode rc4 -key 128 -perm all test.pdf test_enc.pdf
writing test_enc.pdf ...