GemBox.Pdf.Security Namespace

Contains classes, structures, and enumerations that implement:

• PDF encryption as specified in the PDF Specification ISO 32000-1:2008, section '7.6 Encryption'.
• X.509 Internet Public Key Infrastructure as specified in the RFC 5280 (PdfCertificate and PdfCertificateRevocationList), RFC 6960 (PdfOnlineCertificateStatusProtocolResponse) and RFC 3161 (PdfTimestamper).
• Document security store as specified in the ETSI EN 319 142-1 (PdfDocumentSecurityStore).
• Cryptographic device that stores cryptographic information and possibly performs cryptographic functions as specified in the PKCS #11 Cryptographic Token Interface (PdfPkcs11Module and PdfPkcs11Token).

Encryption-related information is stored in the PdfEncryption class and for password-based encryption, it is stored in the PdfPasswordEncryption class. PDF encryption is used with the Password property when loading a PDF document from an encrypted PDF file and with the Encryption property and SetPasswordEncryption() method when saving a PDF document to an encrypted PDF file.

Classes

InvalidPdfPasswordException	Exception that occurs when DocumentOpenPassword or PermissionsPassword is not correctly specified.
PdfCertificate	Represents an X.509 certificate sent to others so that they can verify your digital signature with a public key contained in the certificate.
PdfCertificateRevocationList	Represents an X.509 Certificate Revocation List (CRL) that is a time-stamped list identifying revoked certificates that is signed by a Certificate Authority (CA) or CRL issuer and made freely available in a public repository.
PdfDelayOrReSignDigitalId	Represents a digital ID used to delay-sign (deferred-sign) or re-sign a PDF file. A PdfDelayOrReSignDigitalId does not perform the actual signing because it contains only a PdfCertificate (with a public key) and no private key. Instead, a PdfDelayOrReSignDigitalId is used in the following process: Delay-sign a PDF file by using the Sign(PdfSigner) method followed by any of the Save() methods. The Signature property must be null and after the signing is done, the Hash property contains the hash of the (delay-)signed PDF file. The Content of the delay-signed signature is empty (a sequence of bytes whose value is zero), thus the signature is not valid. But the signature content is replaced with the valid signature content when re-signing the PDF file. Sign the Hash using an external signer. Re-sign the PDF file by using the Sign(PdfSigner) method on the same PdfSignatureField on which delay-sign was performed (the Save() method should not be called after as explained in the note of the Sign(PdfSigner) method). The Signature property must be set to a value returned by the external signer and after the signing is done, the Hash property contains the hash of the re-signed PDF file (that should be the same as the hash of the delay-signed PDF file). The PdfSigner instances used in the delay-sign and re-sign should have equal properties so that the signature content created by re-signing fits into the delay-signed signature content that it replaces. Delay-signing is also possible with Sign(Func<Stream, Byte[]>, PdfSignatureFormat, Int32) method, but then you must take care to provide the appropriate value of the estimatedSignatureContentsLength parameter that should be large enough to contain the entire signature content created when re-signing the PDF file. If the PdfCertificate is not available when performing the delay-sign, then delay-signing must be done by using the Sign(Func<Stream, Byte[]>, PdfSignatureFormat, Int32) method. The first parameter of that method should return an array of bytes whose value is zero of the estimatedSignatureContentsLength length. Note that if Format is not PKCS7, then delay-signing with Sign(Func<Stream, Byte[]>, PdfSignatureFormat, Int32) method is difficult because hash provided to the external signer is not ComputeHash(PdfHashAlgorithm) as explained in the Message Digest Calculation Process.
PdfDigitalId	A digital ID used to sign and encrypt documents. The certificate that comes with your digital ID is sent to others so that they can verify your signature. The most secure digital IDs are issued by trusted Certificate authorities and are based on secure devices like smart card or token. Some are based on files.
PdfDocumentSecurityStore	Represents a container that may contain: a collection of all certificates used for the signatures, including timestamp signatures, that occur in the document. It shall also hold all the auxiliary certificates required to validate the certificates participating in certificate chain validations. a collection of all Certificate Revocation Lists (CRLs) (see RFC 5280) used for some of the signatures, and a collection of all Certificate Status Protocol (OCSP) responses (see RFC 6960) used for some of the signatures.
PdfEncryptedPayload	Identifies that the file specified in the EmbeddedFile of a PdfFileSpecification is an encrypted payload.
PdfEncryption	Stores encryption-related information.
PdfLoadingEncryptedEventArgs	Represents data for an event that occurs when a PDF document is being loaded from an encrypted PDF file.
PdfOnlineCertificateStatusProtocolResponse	Represents an X.509 Online Certificate Status Protocol Response useful in determining the current status of a digital certificate without requiring Certificate Revocation Lists.
PdfPasswordEncryption	Stores encryption-related information for a PDF's standard security handler that shall allow up to two passwords to be specified for a document: a DocumentOpenPassword and a PermissionsPassword with access Permissions.
PdfPkcs11DigitalId	Represents a digital ID that is stored on a cryptographic device accessible through PKCS#11 application programming interface called "Cryptoki".
PdfPkcs11Module	Represents a cryptographic device that stores cryptographic information and possibly performs cryptographic functions accessible through PKCS#11 application programming interface called "Cryptoki". Cryptographic device may be implemented as a smart card, smart disk, PCMCIA card, or with some other technology, including software-only. note GemBox.Pdf uses Pkcs11Interop to communicate with a cryptographic device from a .NET runtime so your project must reference NuGet package Pkcs11Interop in order to use this class. important After you are finished using PdfPkcs11Module make sure you either dispose it or call its Close() method.
PdfPkcs11Token	Represents the logical view of a cryptographic device defined by Cryptoki. Various objects can be stored on a token. These include data, certificates and keys. Stored objects can be accessed and cryptographic functions performed only after the session (a logical connection between an application and a token) is opened.
PdfRSASignaturePadding	Represents the padding to use with RSA signature.
PdfTimestamper	Represents a timestamper that gets the TimeStampToken as specified in RFC 3161 as updated by RFC 5816. The value of the messageImprint field within the TimeStampToken shall be a hash of either: the bytes of the signature field within SignerInfo for the CMS-based Content if the generated timestamp token is included as a unsigned attribute of that SignerInfo (signature timestamp). the bytes of the document indicated by the ByteRange and the ByteRange shall specify the complete PDF file contents (excepting the Content value) if the generated timestamp token is included as a content of a signature dictionary (whose Type entry has a value of DocTimeStamp) that is a value of a signature field added as an incremental update (document timestamp).

Structs

PdfEncryptionLevel

Represents a symmetric encryption algorithm used in a PDF file and the length of the encryption key used in that algorithm.

Enums

PdfEncryptionAlgorithm	Represents an encryption algorithm used in a PDF file.
PdfEncryptionOptions	Represents options for PDF file password-based encryption.
PdfHashAlgorithm	Represents a hash algorithm used in GemBox.Pdf cryptographic operations.
PdfUserAccessPermissions	Represents user access permissions.