- AEM 6.5 Forms Guide
- Release Notes
- Getting Started
- Introduction to AEM Forms
- Introduction to authoring adaptive forms
- Introduction to Interactive Communications
- Introduction to managing forms
- Introduction to Automated Forms Conversion service
- Tutorial: Create your First Adaptive Form
- Tutorial: Create your First Interactive Communication
- AEM Forms Reference Collaterals
- Set up and configure We.Gov and We.Finance reference site
- We.Gov and We.Finance reference site walkthrough
- Employee recruitment reference site walkthrough
- We.Finance Auto Insurance Renewal reference site
- We.Gov reference site FOIA walkthrough
- Reference adaptive form fragments
- Reference Themes
- Reference letter templates
- Configure Microsoft Dynamics 365 for the home mortgage workflow of the We.Finance reference site
- Install and configure AEM Forms
- Architecture and deployment topologies for AEM Forms
- Choosing a persistence type for an AEM Forms installation
- Install AEM Forms on OSGi
- Install AEM Forms on JEE
- Supported platforms for AEM forms on JEE
- Installing and Deploying AEM Forms on JEE Using JBoss Turnkey
- Installing and configuring AEM Forms Document Security server
- Preparing to install AEM Forms (Single Server)
- Installing and Deploying Adobe Experience Manager Forms on JEE for JBoss
- Installing and Deploying Adobe Experience Manager forms on JEE for WebSphere
- Installing and Deploying AEM Forms on JEE for WebLogic
- Install AEM Forms Workbench
- Install and configure Designer
- Preparing to Install AEM Forms (Server Cluster)
- Configuring Adobe Experience Manager Forms on JEE on JBoss Cluster
- Configuring Adobe Experience Manager Forms on JEE on WebSphere Cluster
- Configuring Adobe Experience Manager Forms on JEE on WebLogic Cluster
- Configure AEM Forms
- Performance tuning of AEM Forms server
- Configure adaptive forms cache
- Configuring AEM DS settings
- Configuring the synchronization scheduler
- Configuring the Connector for Microsoft SharePoint
- Connecting AEM Forms with Adobe LiveCycle
- Configuring AEM Forms to submit form data to an AEM Forms on JEE process
- AEM desktop app for AEM Forms
- Upgrade AEM Forms
- Available upgrade paths
- Upgrade AEM Forms on OSGi
- Upgrade AEM Forms on JEE
- Preparing to upgrade AEM Forms
- Adobe Experience Manager Forms on JEE upgrade checklist and planning
- Upgrade to AEM 6.5 forms on JEE
- Upgrading to Adobe Experience Manager Forms on JEE for JBoss
- Upgrading to AEM Forms on JEE for JBoss Turnkey
- Upgrading to Adobe Experience Manager Forms on JEE for WebSphere
- Upgrading to Adobe Experience Manager Forms on JEE for WebLogic
- Manage AEM Forms
- AEM Forms on OSGi Groups and Privileges
- Create new folders to categorize forms
- Searching for forms and assets
- Manage form metadata
- Download an XFA or a PDF form template
- Deleting forms and related resources
- Getting XDP and PDF documents in AEM Forms
- Importing and exporting assets to AEM Forms
- Supporting new locales for adaptive forms localization
- Handling user data
- Hardening AEM Forms Environment
- Form Data Model
- Adaptive Forms - Core Components
- Adaptive Forms - Basic Authoring
- Best practices for working with adaptive forms
- Creating an adaptive form
- Create or add an Adaptive Form to AEM Sites page
- Adaptive form fragments
- Configuring the Submit action
- Using CAPTCHA in adaptive forms
- Adaptive forms keywords
- Tables in adaptive forms
- Auto-save an adaptive form
- Configuring redirect page
- Creating accessible adaptive forms
- Creating forms with repeatable sections
- Embed an adaptive form or interactive communication in AEM sites page
- Embed adaptive form in external web page
- Inline styling of adaptive form components
- Introduction to multi-step form sequence
- Layout capabilities of adaptive forms
- Placeholder text in AEM Forms
- Previewing a form
- Reusing adaptive forms
- Separator component in adaptive forms
- Apply electronic signatures to a form using scribble signatures
- AEM Forms Keyboard Shortcuts
- Associating submission reviewers with a form
- Authoring in-context help for form fields
- Use Layout mode to resize components
- Connect and submit Adaptive Form data to Microsoft® Power Automate
- Adaptive Forms - Advanced Authoring
- Creating adaptive forms using JSON Schema
- Creating adaptive forms using XML Schema
- Using Adobe Sign in an adaptive form
- Creating and using themes
- Adaptive forms rule editor
- API to invoke form data model service from adaptive forms
- Asynchronous submission of adaptive forms
- Create an adaptive form using a set of adaptive forms
- Adaptive Form Templates
- Adaptive Form Expressions
- Generate Document of Record for adaptive forms
- Improve performance of large forms with lazy loading
- Prefill adaptive form fields
- Using SOM expressions in adaptive forms
- Adding information from user data to form submission metadata
- XFA support in XDP-based adaptive forms
- Grant rule editor access to select user groups
- Using AEM translation workflow to localize adaptive forms and document of record
- Styling constructs for adaptive forms
- Synchronizing Adaptive Forms with XFA Form Templates
- Integrate Adobe Sign with AEM Forms
- Creating and managing reviews for assets in forms
- Embed an adaptive form or Interactive Communication in AEM Sites Single Page Application
- Create and use custom error handler for Adaptive Forms
- Interactive Communications
- Introduction to Interactive Communication authoring UI
- Create an Interactive Communication
- Using charts in Interactive Communications
- Texts in Interactive Communications
- Conditions in Interactive Communications
- Prepare and send Interactive Communication using the Agent UI
- Print channel and web channel
- Interactive Communications configuration properties
- Generate multiple interactive communications
- Use Layout mode to resize components
- Workflows
- Forms-centric workflow on OSGi
- Forms-centric workflow on OSGi - Step Reference
- Dynamically select a user or group for AEM Forms-centric workflow steps
- Actions and capabilities of Form-centric AEM Workflows on OSGi and AEM Forms JEE workflows
- Initiate Document Services APIs from AEM Workflow
- Logging in AEM Forms workflows
- Variables in AEM workflows
- Share and request access to Inbox items of a user
- Configure Out of Office
- AEM Forms Workspace
- Introduction to AEM Forms workspace
- Working with AEM Forms workspace
- AEM Forms Workspace Architecture
- Features of AEM Forms workspace not available in Flex workspace
- Features of Flex workspace not available in AEM Forms workspace
- Backbone interaction
- Description of reusable components
- Document details for renderer
- Integrating AEM Forms workspace components in web applications
- New render and submit service
- Understanding the folder structure
- Integrating third-party applications in AEM Forms workspace
- AEM Forms workspace JSON object description
- Introduction to Customizing AEM form workspace
- Generic steps for AEM Forms workspace customization
- Changing the locale of AEM Forms workspace user interface
- Creating a new login screen
- Customizing error dialogs
- Customizing tabs for a task
- Customizing the task details page
- Customizing the listing of process instances
- Customizing Task Actions
- Displaying additional data in ToDo list
- Getting Task Variables in Summary URL
- Customize images used in route actions
- Minification of the JavaScript files
- Customize tracking tables
- Updating the link to the documentation
- Working with Formsets in AEM Forms workspace
- APIs used in AEM Forms workspace
- Initiating a new process with existing process data in AEM Forms workspace
- Hosting two AEM Forms workspace instances on one server
- Changing the color scheme of the interface
- Changing the font on the interface
- Changing the organization logo for branding
- Displaying information in the Task Summary pane
- Displaying the user avatar
- Getting started with AEM Forms workspace
- Managing tasks in an organizational hierarchy using Manager View
- Starting processes
- Tracking processes
- Single Sign On and timeout handlers
- Using an adaptive form in HTML Workspace
- Integrating AEM forms workspace with Microsoft Office SharePoint Server
- Working with To-do lists
- Troubleshooting guidelines for AEM Forms workspace
- AEM Forms app
- Introduction to AEM Forms app
- Set up environment for AEM Forms app
- Set up the Xcode project and build the iOS app
- Building a secure AEM Forms app for iOS
- Set up the Visual Studio project and build the Windows app
- Set up the Android studio project and build the Android app
- Build the AEM Forms Android app
- Distribute AEM Forms app
- Gesture customization
- Branding Customization
- Theme Customization
- Logging in to AEM Forms app
- Home screen
- Synchronizing the app
- Working with a Form
- Working with Startpoints
- Opening a task
- Saving a task or form as a draft
- Using autosave in AEM Forms app
- Save forms as templates
- Adding attachments
- Working in the offline mode
- Updating general settings
- Troubleshoot AEM Forms app
- HTML5 Forms
- Introduction to HTML5 forms
- Getting started with HTML5 forms
- Architecture of HTML5 forms
- Feature differentiation between HTML5 forms and PDF forms
- Frequently asked questions (FAQ) for HTML5 forms
- Designing form templates for HTML5 forms
- Best practices for HTML5 forms
- Designing accessible HTML5 forms
- Generate HTML5 preview of an XDP form
- Rendering form template for HTML5 forms
- Enabling attachments for an HTML5 form
- HTML5 forms service proxy
- Optimizing HTML5 forms
- Screen readers for HTML5 forms
- Creating a custom profile for HTML5 forms
- Right-to-left languages in HTML5 forms
- Integrating Form Bridge with custom portal for HTML5 forms
- Create custom appearances in HTML5 forms
- Changing default styles of HTML5 forms
- Picture clause support for HTML5 forms
- Create accessible complex tables in HTML5 forms
- Creating CSS styles for HTML5 forms
- Customizing error messages for HTML5 forms
- Saving an HTML5 form as a draft
- Enable logging for HTML5 forms
- Debugging HTML5 forms
- Scripting support for HTML5 forms
- Form set in AEM Forms
- Letters and Correspondences
- Correspondence Management Overview
- Layout Design
- Data Dictionary
- Document Fragments
- Create Letter
- Create Correspondence
- Remote functions in Expression Builder
- Manage agent signature images
- Post processing of letters and interactive communications
- Add custom action to the Asset Listing view
- Add custom action/button in Create Correspondence UI
- Add custom properties to Correspondence Management assets
- Customize create correspondence UI
- Customize text editor
- Correspondence Management: Troubleshooting
- APIs to access letter instances
- Integrating Create Correspondence UI with your custom portal
- Custom special characters in Correspondence Management
- Custom watermark in letter PDF preview
- Configuring a Correspondence Management solution
- Inline condition and repeat in Interactive Communications and letters
- Document Fragments
- Correspondence Management Configuration Properties
- Integrate AEM Forms with Experience Cloud solutions
- Publish and process AEM Forms
- Introduction to publishing forms on a portal
- Sample for integrating drafts & submissions component with database
- Configuring storage services for drafts and submissions
- Manage Forms applications and tasks in AEM Inbox
- Watched folder in AEM Forms
- Drafts and submissions component
- Embedding link component in a page
- Publishing and unpublishing forms and documents
- Listing forms on a web page using APIs
- Accessing and filling published forms
- Sending a form submission acknowledgement via email
- Create or Configure a watched folder
- Use custom email templates in an Assign Task step
- Use metadata in an email notification
- Forms Portal
- Document Services
- Document Security
- Document security offerings
- Enable AEM to search document security protected PDF documents
- Reader extending policy-protected PDF documents using Portable Protection Library
- Enable AEM to search document security protected PDF and Microsoft Office documents
- Protect a document on behalf of another user
- Forms Designer
- Customize AEM Forms
- Appearance framework for adaptive and HTML5 forms
- Creating a custom adaptive form template
- Creating custom layout components for adaptive forms
- Adding custom action on form lister items
- Customize layout and positioning of error messages of an adaptive form
- Creating a custom toolbar action
- Customizing form event tracking
- Create custom appearances for adaptive form fields
- Customizing Draft and Submission data services
- Dynamically populating drop-down lists
- Writing custom Submit action for adaptive forms
- Creating custom toolbar layout
- Displaying components based on the template used
- Creating custom adaptive form themes
- Transaction Reports
- Administrator help for AEM Forms on JEE
- Get Started
- Setting up and managing domains
- Configuring User Management
- Change the order of evaluation for authentication
- Configure the LDAP bind password
- Configure AEM forms to prefetch domain information
- Configuring certificate-based authentication
- Configure SAML service provider settings
- Enabling single sign-on in AEM forms
- Configure User Management for an SSL-enabled LDAP server
- Importing and exporting the configuration file
- Configure advanced system attributes
- Preventing CSRF attacks
- Setting up and organizing users
- Connecting to a content management system
- Managing certificates and credentials
- Importing and managing applications and archives
- Managing Services
- Managing Endpoints
- Configuring Acrobat Reader DC extensions
- Certificate types used by Acrobat Reader DC extensions
- Recognizing valid and expired certificates in PDF documents
- Configuring Acrobat Reader DC extensions for data capture
- Review credential use information
- Configuring credentials for use with Acrobat Reader DC extensions
- Review the usage rights of a PDF file
- Enabling online commenting for Adobe Reader web browser plug-in
- Setting timeout values for use with Acrobat Reader DC extensions
- Updating expired Reader Extension service certificates
- Working with PDF Generator
- Introduction to working with PDF Generator
- Enabling multi-threaded file conversions
- Configuring Adobe PDF settings
- Configuring security settings
- Configuring file type settings
- Importing and exporting PDF Generator configuration files
- Enable PDF/A support
- Setting up a PDFG Network Printer (Windows only)
- Configuring fallback fonts
- Modifying the PDF Export conversion settings
- Converting files using PDF Generator
- Configuring SSL
- Working with document security
- About document security
- High-volume secure information delivery
- Configuring client and server options
- Managing invited and local user accounts
- Controlling access to policy-protected documents
- Monitoring events
- Creating and managing policies
- Using the document security webpages
- Creating and managing policy sets
- Registering as a User
- Configuring Forms
- Configuring Output
- Configuring forms workflow
- About administration and process terminology
- Managing Processes
- Configuring Business Calendars
- Overview of Forms workflow
- Configuring Out of Office Settings
- Searching for process instances
- Configuring Server Settings
- Working with stalled operations and branches
- Configuring Shared Queues
- Working with tasks
- Configuring Workspace
- Health Monitor
- Maintaining AEM forms
- Maintaining the AEM forms Database
- Maintaining the Application Server
- AEM forms Backup and Recovery
- Backing up and recovering the EMC Documentum repository
- Enabling and disabling safe backup mode
- Backing up the AEM forms data
- Files to back up and recover
- Backup and recovery strategy for AEM forms
- PDF Generator backup limitations
- Backup strategies for watched folders
- Recovering the AEM forms data
- Backup strategy for Connector for EMC Documentum users
- Strategy for backup and restore in a clustered environment
- System information service
- Process Reporting
- Developer Reference
- Developer basics
- HTML Template Language
- AEM plug-in to debug adaptive forms
- AEM Forms Java API Reference
- AEM Forms on JEE Java API Reference
- Form Bridge APIs for HTML5 forms
- JavaScript Library API reference for Adaptive Forms
- Assembler Service and DDX Reference
- Workbench Help
- Programming with AEM Forms on JEE
- Introduction to programming with AEM Forms on JEE
- Developing SPIs for AEM Forms
- Java API Quick Start - Code Examples
- Application Manager Client JavaAPI Quick Start(SOAP)
- Application Manager Service JavaAPI Quick Start(SOAP)
- Assembler Service Java API QuickStart(SOAP)
- Acrobat Reader DC extensions Service Java API Quick Start(SOAP)
- Backup and Restore Service APIQuick Starts
- Barcoded Forms Service Java APIQuick Start(SOAP)
- Components and Services Java APIQuick Start(SOAP)
- Convert PDF Service Java API QuickStart(SOAP)
- Credential Service Java API QuickStart(SOAP)
- Distiller Service Java API QuickStart(SOAP)
- DocConverter Service Java API QuickStart(SOAP)
- Document Management Service (Deprecated)Java API Quick Start(SOAP)
- Document Security Service JavaAPI Quick Start(SOAP)
- Encryption Service Java API QuickStart(SOAP)
- Endpoint Registry Java API QuickStart(SOAP)
- Form Data Integration Service JavaAPI Quick Start(SOAP)
- Forms Service API Quick Starts
- Generate PDF Service Java API QuickStart(SOAP)
- Invocation API Quick Starts
- LiveCycleProcess Java API(SOAP)Quick Start
- Output Service Java API Quick Start(SOAP)
- PDF Utilities Service Java APIQuick Start(SOAP)
- Repository Service API Quick Starts
- Signature Service Java API QuickStart(SOAP)
- Task Manager Service Java API QuickStart(SOAP)
- User Manager Java API Quick Start(SOAP)
- XMP Utilities Service Java APIQuick Start(SOAP)
- Invoking AEM Forms on JEE using APIs
- Performing Service Operations using APIs
- Performing Service Operations Using APIs
- Rendering Forms
- Assembling PDF Documents
- Programmatically Assembling PDF Documents
- Converting Between File Formats and PDF
- Programmatically Disassembling PDF Documents
- Assembling Encrypted PDF Documents
- Assembling Multiple XDP Fragments
- Assembling Documents Using Bates Numbering
- Assembling Non-Interactive PDF Documents
- Assembling PDF Documents with Bookmarks
- Assigning Usage Rights
- Assembling PDF Portfolios
- Calculating Form Data
- Creating Web Applications thatRenders Forms
- Creating PDF Documents with SubmittedXML Data
- Disassemble a PDF document using the web service API
- Determining Whether Documents Are PDF/A-Compliant
- Dynamically Creating DDX Documents
- Handling Submitted Forms
- Optimizing the Performance of theForms Service
- Passing Documents to the FormsService
- Prepopulating Forms with Flowable Layouts
- Rendering Forms Based on Fragments
- Rendering Forms By Value
- Rendering Forms as HTML
- Rendering Forms at the Client
- Rendering HTML Forms Using Custom CSS Files
- Rendering HTML Forms with CustomToolbars
- Rendering Interactive PDF Forms
- Rendering Rights-Enabled Forms
- Validating DDX Documents
- Converting PDF to Postscript andImage Files
- Converting Postscript to PDF Documents
- Creating Document Output Streams
- Digitally Signing and Certifying Documents
- Encrypting and Decrypting PDF Documents
- Importing and Exporting Data
- Managing Users
- Working with AEM Forms Repository
- Working with barcoded forms
- Working with Credentials
- Working with PDF/A Documents
- Working with PDF Utilities
- Working with XMP Utilities
- Preparing AEM Forms for Backup
- Programmatically Managing Endpoints
- Programmatically managing the Preferences Nodes
- Protecting Documents with Policies
- Validate a DDX document using the web service API
- Troubleshooting
- Unable to use some forms features with certain versions of Oracle JDK
- Additional Steps to get Email with Attachment for Adaptive Forms On JEE version
- Unable to convert Word or Excel file to PDF on Windows Server
- Unable to open XFA-based PDF forms in Google Chrome, Firefox, Microsoft Edge, Microsoft Internet Explorer, or Apple Safari
- Unable to restore CRX Repository
- Service unavailable errors after installing AEM 6.5.15.0 service pack
- AEM Forms JEE 6.5.15.0 service pack installation issue on JBoss Linux environment
- Legacy documentation
- Using the execute script service in AEM Forms on JEE Workbench to build XML data
- Compressing and decompressing files using a AEM Forms on JEE Custom DSC
- Configuring and troubleshooting an AEM Forms on JEE server cluster
- Generating and working with Hashes in dynamic PDF forms
- Passing credentials using WS-Security headers
Encrypting and Decrypting PDF Documents
Samples and examples in this document are only for AEM Forms on JEE environment.
About the Encryption Service
The Encryption service lets you encrypt and decrypt documents. When a document is encrypted, its contents become unreadable. An authorized user can decrypt the document to obtain access to the contents. If a PDF document is encrypted with a password, the user must specify the open password before the document can be viewed in Adobe Reader or Adobe Acrobat. Likewise, if a PDF document is encrypted with a certificate, the user must decrypt the PDF document with the public key that corresponds to the certificate (private key) that was used to encrypt the PDF document.
You can accomplish these tasks using the Encryption service:
- Encrypt a PDF document with a password. (See Encrypting PDF Documents with a Password.)
- Encrypt a PDF document with a certificate. (See Encrypting PDF Documents with Certificates.)
- Remove password-based encryption from a PDF document. (See Removing Password Encryption.)
- Remove certificate-based encryption from a PDF document. (See Removing Certificate Based Encryption.)
- Unlock the PDF document so that other service operations can be performed. For example, after a password-encrypted PDF document is unlocked, you can apply a digital signature to it. (See Unlocking Encrypted PDF Documents.)
- Determine the encryption type of a secured PDF document. (See Determining Encryption Type.)
For more information about the Encryption service, see Services Reference for AEM Forms.
Encrypting PDF Documents with a Password
When you encrypt a PDF document with a password, a user must specify the password to open the PDF document in Adobe Reader or Acrobat. Also, before another AEM Forms operation, such as digitally signing the PDF document, can be performed on the document, a password-encrypted PDF document must be unlocked.
If you upload an encrypted PDF document to the AEM Forms repository, it cannot decrypt the PDF document and extract the XDP content. It is recommended that you do not encrypt a document prior to uploading it to the AEM Forms repository. (See Writing Resources.)
For more information about the Encryption service, see Services Reference for AEM Forms.
Summary of steps
To encrypt a PDF document with a password, perform the following steps:
- Include project files.
- Create an Encryption Client API object.
- Get a PDF document to encrypt.
- Set encryption run-time options.
- Add the password.
- Save the encrypted PDF document as a PDF file.
Include project files
Include necessary files in your development project. If you are creating a client application using Java, include the necessary JAR files. If you are using web services, ensure that you include the proxy files.
The following JAR files must be added to your project’s class path:
- adobe-livecycle-client.jar
- adobe-usermanager-client.jar
- adobe-encryption-client.jar
- adobe-utilities.jar (required if AEM Forms is deployed on JBoss)
- jbossall-client.jar (required if AEM Forms is deployed on JBoss)
Create an Encryption Client API object
To programmatically perform an Encryption service operation, you must create an Encryption service client.
Get a PDF document to encrypt
You must obtain an unencrypted PDF document to encrypt the document with a password. If you attempt to secure a PDF document that is already encrypted, you cause an exception.
Set encryption run-time options
To encrypt a PDF document with a password, you specify four values, including two password values. The first password value is used to encrypt the PDF document and must be specified when opening the PDF document. The second password value, named the master password value, is used to remove encryption from the PDF document. Password values are case sensitive, and these two password values cannot be the same values.
You must specify the PDF document resources to encrypt. You can encrypt the entire PDF document, everything except for the document’s metadata, or just the document’s attachments. If you encrypt only the document’s attachments, a user is prompted for a password when they attempt to access the file attachments.
When encrypting a PDF document, you can specify permissions that are associated with the secured document. By specifying permissions, you can control the actions that a user who opens a password-encrypted PDF document is allowed to perform. For example to successfully extract form data, you must set the following permissions:
- PASSWORD_EDIT_ADD
- PASSWORD_EDIT_MODIFY
Permissions are specified as PasswordEncryptionPermission enumeration values.
Add the password
After you retrieve an unsecured PDF document and set encryption run-time values, you can add a password to the PDF document.
Save the encrypted PDF document as a PDF file
You can save the password-encrypted PDF document as a PDF file.
See also
Encrypt a PDF document using the Java API
Encrypting a PDF document using the web service API
Including AEM Forms Java library files
Encryption Service API Quick Starts
Encrypting PDF Documents with Certificates
Encrypt a PDF document using the Java API
Encrypt a PDF document with a password by using the Encryption API (Java):
-
Include project files.
Include client JAR files, such as adobe-encryption-client.jar, in your Java project’s class path.
-
Create an Encryption Client API.
- Create a
ServiceClientFactoryobject that contains connection properties. - Create an
EncryptionServiceClientobject by using its constructor and passing theServiceClientFactoryobject.
- Create a
-
Get a PDF document to encrypt.
- Create a
java.io.FileInputStreamobject that represents the PDF document to encrypt by using its constructor and passing a string value that specifies the location of the PDF document. - Create a
com.adobe.idp.Documentobject by using its constructor and passing thejava.io.FileInputStreamobject.
- Create a
-
Set encryption run-time options.
- Create a
PasswordEncryptionOptionSpecobject by invoking its constructor. - Specify the PDF document resources to encrypt by invoking the
PasswordEncryptionOptionSpecobject’ssetEncryptOptionmethod and passing aPasswordEncryptionOptionenumeration value that specifies the document resources to encrypt. For example, to encrypt the entire PDF document, including its metadata and its attachments, specifyPasswordEncryptionOption.ALL. - Create a
java.util.Listobject that stores the encryption permissions by using theArrayListconstructor. - Specify a permission by invoking the
java.util.Listobject ‘saddmethod and passing an enumeration value that corresponds to the permission that you want to set. For example, to set the permission that lets a user copy data located in the PDF document, specifyPasswordEncryptionPermission.PASSWORD_EDIT_COPY. (Repeat this step for each permission to set). - Specify the Acrobat compatibility option by invoking the
PasswordEncryptionOptionSpecobject’ssetCompatabilitymethod and passing an enumeration value that specifies the Acrobat compatibility level. For example, you can specifyPasswordEncryptionCompatability.ACRO_7. - Specify the password value that lets a user open the encrypted PDF document by invoking the
PasswordEncryptionOptionSpecobject’ssetDocumentOpenPasswordmethod and passing a string value that represents the open password. - Specify the master password value that lets a user remove encryption from the PDF document by invoking the
PasswordEncryptionOptionSpecobject’ssetPermissionPasswordmethod and passing a string value that represents the master password.
- Create a
-
Add the password.
Encrypt the PDF document by invoking the
EncryptionServiceClientobject’sencryptPDFUsingPasswordmethod and passing the following values:- The
com.adobe.idp.Documentobject that contains the PDF document to encrypt with the password. - The
PasswordEncryptionOptionSpecobject that contains encryption run-time options.
The
encryptPDFUsingPasswordmethod returns acom.adobe.idp.Documentobject that contains a password-encrypted PDF document. - The
-
Save the encrypted PDF document as a PDF file.
- Create a
java.io.Fileobject and ensure that the file extension is .pdf. - Invoke the
com.adobe.idp.Documentobject’scopyToFilemethod to copy the contents of thecom.adobe.idp.Documentobject to the file. Ensure that you use thecom.adobe.idp.Documentobject that was returned by theencryptPDFUsingPasswordmethod.
- Create a
See also
Quick Start (SOAP mode): Encrypting a PDF document using the Java API
Including AEM Forms Java library files
Encrypting a PDF document using the web service API
Encrypt a PDF document with a password by using the Encryption API (web service):
-
Include project files.
Create a Microsoft .NET project that uses MTOM. Ensure that you use the following WSDL definition:
http://localhost:8080/soap/services/EncryptionService?WSDL&lc_version=9.0.1.NOTEReplace
localhostwith the IP address of the server hosting AEM Forms. -
Create an Encryption Client API object.
-
Create an
EncryptionServiceClientobject by using its default constructor. -
Create an
EncryptionServiceClient.Endpoint.Addressobject by using theSystem.ServiceModel.EndpointAddressconstructor. Pass a string value that specifies the WSDL to the AEM Forms service (for example,http://localhost:8080/soap/services/EncryptionService?WSDL.) You do not need to use thelc_versionattribute. This attribute is used when you create a service reference.) -
Create a
System.ServiceModel.BasicHttpBindingobject by getting the value of theEncryptionServiceClient.Endpoint.Bindingfield. Cast the return value toBasicHttpBinding. -
Set the
System.ServiceModel.BasicHttpBindingobject’sMessageEncodingfield toWSMessageEncoding.Mtom. This value ensures that MTOM is used. -
Enable basic HTTP authentication by performing the following tasks:
- Assign the AEM forms user name to the field
EncryptionServiceClient.ClientCredentials.UserName.UserName. - Assign the corresponding password value to the field
EncryptionServiceClient.ClientCredentials.UserName.Password. - Assign the constant value
HttpClientCredentialType.Basicto the fieldBasicHttpBindingSecurity.Transport.ClientCredentialType. - Assign the constant value
BasicHttpSecurityMode.TransportCredentialOnlyto the fieldBasicHttpBindingSecurity.Security.Mode.
- Assign the AEM forms user name to the field
-
-
Get a PDF document to encrypt.
- Create a
BLOBobject by using its constructor. TheBLOBobject is used to store a PDF document that is encrypted with a password. - Create a
System.IO.FileStreamobject by invoking its constructor and passing a string value that represents the file location of the PDF document to encrypt and the mode in which to open the file. - Create a byte array that stores the content of the
System.IO.FileStreamobject. You can determine the size of the byte array by getting theSystem.IO.FileStreamobject’sLengthproperty. - Populate the byte array with stream data by invoking the
System.IO.FileStreamobject’sReadmethod and passing the byte array, the starting position, and the stream length to read. - Populate the
BLOBobject by assigning the contents of the byte array to theBLOBobject’sMTOMdata member.
- Create a
-
Set encryption run-time options.
- Create a
PasswordEncryptionOptionSpecobject by using its constructor. - Specify the PDF document resources to encrypt by assigning a
PasswordEncryptionOptionenumeration value to thePasswordEncryptionOptionSpecobject’sencryptOptiondata member. To encrypt the entire PDF, including its metadata and its attachments, assignPasswordEncryptionOption.ALLto this data member. - Specify the Acrobat compatibility option by assigning a
PasswordEncryptionCompatabilityenumeration value to thePasswordEncryptionOptionSpecobject’scompatabilitydata member. For example, assignPasswordEncryptionCompatability.ACRO_7to this data member. - Specify the password value that lets a user open the encrypted PDF document by assigning a string value that represents the open password to the
PasswordEncryptionOptionSpecobject’sdocumentOpenPassworddata member. - Specify the password value that lets a user remove encryption from the PDF document by assigning a string value that represents the master password to the
PasswordEncryptionOptionSpecobject’spermissionPassworddata member.
- Create a
-
Add the password.
Encrypt the PDF document by invoking the
EncryptionServiceClientobject’sencryptPDFUsingPasswordmethod and passing the following values:- The
BLOBobject that contains the PDF document to encrypt with the password. - The
PasswordEncryptionOptionSpecobject that contains encryption run-time options.
The
encryptPDFUsingPasswordmethod returns aBLOBobject that contains a password-encrypted PDF document. - The
-
Save the encrypted PDF document as a PDF file.
- Create a
System.IO.FileStreamobject by invoking its constructor and passing a string value that represents the file location of the secured PDF document. - Create a byte array that stores the data content of the
BLOBobject that was returned by theencryptPDFUsingPasswordmethod. Populate the byte array by getting the value of theBLOBobject’sMTOMdata member. - Create a
System.IO.BinaryWriterobject by invoking its constructor and passing theSystem.IO.FileStreamobject. - Write the contents of the byte array to a PDF file by invoking the
System.IO.BinaryWriterobject’sWritemethod and passing the byte array.
- Create a
See also
Invoking AEM Forms using SwaRef
Encrypting PDF Documents with Certificates
Certificate-based encryption lets you encrypt a document for specific recipients by means of public key technology. Various recipients can be given different permissions for the document. Many aspects of encryption are made possible by public key technology. An algorithm is used to generate two large numbers, known as keys, that have the following properties:
- One key is used to encrypt a set of data. Subsequently, only the other key can be used to decrypt the data.
- It is impossible to distinguish one key from the other.
One of the keys acts as a user’s private key. It is important that only the user has access to this key. The other key is the user’s public key, which can be shared with others.
A public key certificate contains a user’s public key and identifying information. The X.509 format is used for storing certificates. Certificates are typically issued and digitally signed by a certificate authority (CA), which is a recognized entity that provides a measure of confidence in the validity of the certificate. Certificates have an expiration date, after which they are no longer valid. In addition, certificate revocation lists (CRLs) provide information about certificates that were revoked prior to their expiration date. CRLs are published periodically by certificate authorities. The revocation status of a certificate can also be retrieved through Online Certificate Status Protocol (OCSP) over the network.
If you upload an encrypted PDF document to the AEM Forms repository, it cannot decrypt the PDF document and extract the XDP content. It is recommended that you do not encrypt a document prior to uploading it to the AEM Forms repository. (See Writing Resources.)
Before you can encrypt a PDF document with a certificate, you must ensure that you add the certificate to AEM Forms. A certificate is added using administration console or programmatically using the Trust Manager API. (See Importing Credentials by using the Trust Manager API.)
For more information about the Encryption service, see Services Reference for AEM Forms.
Summary of steps
To encrypt a PDF document with a certificate, perform the following steps:
- Include project files.
- Create an Encryption Client API object.
- Get a PDF document to encrypt.
- Reference the certificate.
- Set encryption run-time options.
- Create a certificate-encrypted PDF document.
- Save the encrypted PDF document as a PDF file.
Include project files
Include the necessary files in your development project. If you are creating a client application by using Java, include the necessary JAR files. If you are using web services, ensure that you include the proxy files.
The following JAR files must be added to your project’s class path:
- adobe-livecycle-client.jar
- adobe-usermanager-client.jar
- adobe-encryption-client.jar
- adobe-utilities.jar (required if AEM Forms is deployed on JBoss Application Server)
- jbossall-client.jar (required if AEM Forms is deployed on JBoss Application Server)
Create an Encryption Client API object
To programmatically perform an Encryption service operation, you must create an Encryption service client. If you are using the Java Encryption Service API, create an EncrytionServiceClient object. If you are using the web service Encryption Service API, create an EncryptionServiceService object.
Get a PDF document to encrypt
You must obtain an unencrypted PDF document to encrypt. If you attempt to secure a PDF document that is already encrypted, an exception is thrown.
Reference the certificate
To encrypt a PDF document with a certificate, reference a certificate that is used to encrypt a PDF document. The certificate is a .cer file, a .crt file, or a .pem file. A PKCS#12 file is used to store private keys with corresponding certificates.
When encrypting a PDF document with a certificate, specify permissions that are associated with the secured document. By specifying permissions, you can control the actions that a user who opens a certificate-encrypted PDF document can perform.
Set encryption run-time options
Specify the PDF document resources to encrypt. You can encrypt the entire PDF document, everything except the document’s metadata, or only the document’s attachments.
Create a certificate-encrypted PDF document
After you retrieve an unsecured PDF document, reference the certificate, and set run-time options, you can create a certificate-encrypted PDF document. After the PDF document is encrypted, you need the corresponding public key to decrypt it.
Save the encrypted PDF document as a PDF file
You can save the encrypted PDF document as a PDF file.
See also
Encrypt a PDF document with a certificate using the Java API
Encrypt a PDF document with a certificate using the web service API
Including AEM Forms Java library files
Encryption Service API Quick Starts
Encrypting PDF Documents with a Password
Encrypt a PDF document with a certificate using the Java API
Encrypt a PDF document with a certificate by using the Encryption API (Java):
-
Include project files.
Include client JAR files, such as adobe-encryption-client.jar, in your Java project’s class path.
-
Create an Encryption Client API object.
- Create a
ServiceClientFactoryobject that contains connection properties. - Create an
EncryptionServiceClientobject by using its constructor and passing theServiceClientFactoryobject.
- Create a
-
Get a PDF document to encrypt.
- Create a
java.io.FileInputStreamobject that represents the PDF document to encrypt by using its constructor and passing a string value that specifies the location of the PDF document. - Create a
com.adobe.idp.Documentobject by using its constructor and passing thejava.io.FileInputStreamobject.
- Create a
-
Reference the certificate.
- Create a
java.util.Listobject that stores permission information by using its constructor. - Specify the permission associated with the encrypted document by invoking the
java.util.Listobject’saddmethod and passing aCertificateEncryptionPermissionsenumeration value that represents the permissions that are granted to the user who opens the secured PDF document. For example, to specify all permissions, passCertificateEncryptionPermissions.PKI_ALL_PERM. - Create a
Recipientobject by using its constructor. - Create a
java.io.FileInputStreamobject that represents the certificate that is used to encrypt the PDF document by using its constructor and passing a string value that specifies the location of the certificate. - Create a
com.adobe.idp.Documentobject by using its constructor and passing thejava.io.FileInputStreamobject that represents the certificate. - Invoke the
Recipientobject’ssetX509Certmethod and pass thecom.adobe.idp.Documentobject that contains the certificate. (In addition, theRecipientobject can have a Truststore certificate alias or LDAP URL as a certificate source.) - Create a
CertificateEncryptionIdentityobject that stores permission and certificate information by using its constructor. - Invoke the
CertificateEncryptionIdentityobject’ssetPermsmethod and pass thejava.util.Listobject that stores permission information. - Invoke the
CertificateEncryptionIdentityobject’ssetRecipientmethod and pass theRecipientobject that stores certificate information. - Create a
java.util.Listobject that stores certificate information by using its constructor. - Invoke the
java.util.Listobject’s add method and pass theCertificateEncryptionIdentityobject. (Thisjava.util.Listobject is passed as a parameter to theencryptPDFUsingCertificatesmethod.)
- Create a
-
Set encryption run-time options.
- Create a
CertificateEncryptionOptionSpecobject by invoking its constructor. - Specify the PDF document resources to encrypt by invoking the
CertificateEncryptionOptionSpecobject’ssetOptionmethod and passing aCertificateEncryptionOptionenumeration value that specifies the document resources to encrypt. For example, to encrypt the entire PDF document, including its metadata and its attachments, specifyCertificateEncryptionOption.ALL. - Specify the Acrobat compatibility option by invoking the
CertificateEncryptionOptionSpecobject’ssetCompatmethod and passing aCertificateEncryptionCompatibilityenumeration value that specifies the Acrobat compatibility level. For example, you can specifyCertificateEncryptionCompatibility.ACRO_7.
- Create a
-
Create a certificate-encrypted PDF document.
Encrypt the PDF document with a certificate by invoking the
EncryptionServiceClientobject’sencryptPDFUsingCertificatesmethod and passing the following values:- The
com.adobe.idp.Documentobject that contains the PDF document to encrypt. - The
java.util.Listobject that stores certificate information. - The
CertificateEncryptionOptionSpecobject that contains encryption run-time options.
The
encryptPDFUsingCertificatesmethod returns acom.adobe.idp.Documentobject that contains a certificate-encrypted PDF document. - The
-
Save the encrypted PDF document as a PDF file.
- Create a
java.io.Fileobject and ensure that the file name extension is .pdf. - Invoke the
com.adobe.idp.Documentobject’scopyToFilemethod to copy the contents of thecom.adobe.idp.Documentobject to the file. Ensure that you use thecom.adobe.idp.Documentobject that was returned by theencryptPDFUsingCertificatesmethod.
- Create a
See also
Quick Start (SOAP mode): Encrypting a PDF document with a certificate using the Java API
Including AEM Forms Java library files
Encrypt a PDF document with a certificate using the web service API
Encrypt a PDF document with a certificate by using the Encryption API (web service):
-
Include project files.
Create a Microsoft .NET project that uses MTOM. Ensure that you use the following WSDL definition:
http://localhost:8080/soap/services/EncryptionService?WSDL&lc_version=9.0.1.NOTEReplace
localhostwith the IP address of the server hosting AEM Forms. -
Create an Encryption Client API object.
-
Create an
EncryptionServiceClientobject by using its default constructor. -
Create an
EncryptionServiceClient.Endpoint.Addressobject by using theSystem.ServiceModel.EndpointAddressconstructor. Pass a string value that specifies the WSDL to the AEM Forms service (for example,http://localhost:8080/soap/services/EncryptionService?WSDL.) You do not need to use thelc_versionattribute. This attribute is used when you create a service reference.) -
Create a
System.ServiceModel.BasicHttpBindingobject by getting the value of theEncryptionServiceClient.Endpoint.Bindingfield. Cast the return value toBasicHttpBinding. -
Set the
System.ServiceModel.BasicHttpBindingobject’sMessageEncodingfield toWSMessageEncoding.Mtom. This value ensures that MTOM is used. -
Enable basic HTTP authentication by performing the following tasks:
- Assign the AEM forms user name to the field
EncryptionServiceClient.ClientCredentials.UserName.UserName. - Assign the corresponding password value to the field
EncryptionServiceClient.ClientCredentials.UserName.Password. - Assign the constant value
HttpClientCredentialType.Basicto the fieldBasicHttpBindingSecurity.Transport.ClientCredentialType. - Assign the constant value
BasicHttpSecurityMode.TransportCredentialOnlyto the fieldBasicHttpBindingSecurity.Security.Mode.
- Assign the AEM forms user name to the field
-
-
Get a PDF document to encrypt.
- Create a
BLOBobject by using its constructor. TheBLOBobject is used to store a PDF document that is encrypted with a certificate. - Create a
System.IO.FileStreamobject by invoking its constructor and passing a string value that represents the file location of the PDF document to encrypt and the mode in which to open the file. - Create a byte array that stores the content of the
System.IO.FileStreamobject. You can determine the size of the byte array by getting theSystem.IO.FileStreamobject’sLengthproperty. - Populate the byte array with stream data by invoking the
System.IO.FileStreamobject’sReadmethod and passing the byte array, the starting position, and the stream length to read. - Populate the
BLOBobject by assigning itsMTOMproperty with the contents of the byte array.
- Create a
-
Reference the certificate.
- Create a
Recipientobject by using its constructor. This object will store certificate information. - Create a
BLOBobject by using its constructor. ThisBLOBobject will store the certificate that encrypts the PDF document. - Create a
System.IO.FileStreamobject by invoking its constructor and passing a string value that represents the file location of the certificate and the mode in which to open the file. - Create a byte array that stores the content of the
System.IO.FileStreamobject. You can determine the size of the byte array by getting theSystem.IO.FileStreamobject’sLengthproperty. - Populate the byte array with stream data by invoking the
System.IO.FileStreamobject’sReadmethod and passing the byte array, the starting position, and the stream length to read. - Populate the
BLOBobject by assigning the contents of the byte array to theBLOBobject’sMTOMdata member. - Assign the
BLOBobject that stores the certificate to theRecipientobject’sx509Certdata member. - Create a
CertificateEncryptionIdentityobject that stores certificate information by using its constructor. - Assign the
Recipientobject that stores the certificate to theCertificateEncryptionIdentityobject’s recipient data member. - Create an
Objectarray and assign theCertificateEncryptionIdentityobject to the first element of theObjectarray. ThisObjectarray is passed as a parameter to theencryptPDFUsingCertificatesmethod.
- Create a
-
Set encryption run-time options.
- Create a
CertificateEncryptionOptionSpecobject by using its constructor. - Specify the PDF document resources to encrypt by assigning a
CertificateEncryptionOptionenumeration value to theCertificateEncryptionOptionSpecobject’soptiondata member. To encrypt the entire PDF document, including its metadata and its attachments, assignCertificateEncryptionOption.ALLto this data member. - Specify the Acrobat compatibility option by assigning a
CertificateEncryptionCompatibilityenumeration value to theCertificateEncryptionOptionSpecobject’scompatdata member. For example, assignCertificateEncryptionCompatibility.ACRO_7to this data member.
- Create a
-
Create a certificate-encrypted PDF document.
Encrypt the PDF document with a certificate by invoking the
EncryptionServiceServiceobject’sencryptPDFUsingCertificatesmethod and passing the following values:- The
BLOBobject that contains the PDF document to encrypt. - The
Objectarray that stores certificate information. - The
CertificateEncryptionOptionSpecobject that contains encryption run-time options.
The
encryptPDFUsingCertificatesmethod returns aBLOBobject that contains a certificate-encrypted PDF document. - The
-
Save the encrypted PDF document as a PDF file.
- Create a
System.IO.FileStreamobject by invoking its constructor and passing a string value that represents the file location of the secured PDF document. - Create a byte array that stores the data content of the
BLOBobject that was returned by theencryptPDFUsingCertificatesmethod. Populate the byte array by getting the value of theBLOBobject’sbinaryDatadata member. - Create a
System.IO.BinaryWriterobject by invoking its constructor and passing theSystem.IO.FileStreamobject. - Write the contents of the byte array to a PDF file by invoking the
System.IO.BinaryWriterobject’sWritemethod and passing the byte array.
- Create a
See also
Invoking AEM Forms using SwaRef
Removing Certificate Based Encryption
Certificate-based encryption can be removed from a PDF document so that users can open the PDF document in Adobe Reader or Acrobat. To remove encryption from a PDF document that is encrypted with a certificate, a public key must be referenced. After encryption is removed from a PDF document, it is no longer secure.
For more information about the Encryption service, see Services Reference for AEM Forms.
Summary of steps
To remove certificate-based encryption from a PDF document, perform the following steps:
- Include project files.
- Create an encryption service client.
- Get the encrypted PDF document.
- Remove encryption.
- Save the PDF document as a PDF file.
Include project files
Include necessary files into your development project. If you are creating a client application using Java, include the necessary JAR files. If you are using web services, ensure that you include the proxy files.
The following JAR files must be added to your project’s class path:
- adobe-livecycle-client.jar
- adobe-usermanager-client.jar
- adobe-encryption-client.jar
- adobe-utilities.jar (required if AEM Forms is deployed on JBoss Application Server)
- jbossall-client.jar (required if AEM Forms is deployed on JBoss Application Server)
Create an encryption service client
To programmatically perform an Encryption service operation, you must create an Encryption service client. If you are using the Java Encryption Service API, create an EncrytionServiceClient object. If you are using the web service Encryption Service API, create an EncryptionServiceService object.
Get the encrypted PDF document
You must obtain an encrypted PDF document to remove certificate-based encryption. If you attempt to remove encryption from a PDF document that is not encrypted, an exception is thrown. Likewise, if you attempt to remove certificate-based encryption from a password-encrypted document, an exception is thrown.
Remove encryption
To remove certificate-based encryption from an encrypted PDF document, you require both an encrypted PDF document and the private key that corresponds to the key that was used to encrypt the PDF document. The alias value of the private key is specified when removing certificate-based encryption from an encrypted PDF document. For information about the public key, see Encrypting PDF Documents with Certificates.
A private key is stored in the AEM Forms Trust Store. When a certificate is placed there, an alias value is specified.
Save the PDF document
After certificate-based encryption is removed from an encrypted PDF document, you can save the PDF document as a PDF file. Users can open the PDF document in Adobe Reader or Acrobat.
See also
Remove certificate-based encryption using the Java API
Remove certificate-based encryption using the web service API
Including AEM Forms Java library files
Encryption Service API Quick Starts
Remove certificate-based encryption using the Java API
Remove certificate-based encryption from a PDF document by using the Encryption API (Java):
-
Include project files.
Include client JAR files, such as adobe-encryption-client.jar, in your Java project’s class path.
-
Create an encryption service client.
- Create a
ServiceClientFactoryobject that contains connection properties. - Create an
EncryptionServiceClientobject by using its constructor and passing theServiceClientFactoryobject.
- Create a
-
Get the encrypted PDF document.
- Create a
java.io.FileInputStreamobject that represents the encrypted PDF document by using its constructor and passing a string value that specifies the location of the encrypted PDF document. - Create a
com.adobe.idp.Documentobject by using its constructor and passing thejava.io.FileInputStreamobject.
- Create a
-
Remove encryption.
Remove certificate-based encryption from the PDF document by invoking the
EncryptionServiceClientobject’sremovePDFCertificateSecuritymethod and passing the following values:- The
com.adobe.idp.Documentobject that contains the encrypted PDF document. - A string value that specifies the alias name of the private key that corresponds to the key used to encrypt the PDf document.
The
removePDFCertificateSecuritymethod returns acom.adobe.idp.Documentobject that contains an unsecured PDF document. - The
-
Save the PDF document.
- Create a
java.io.Fileobject and ensure that the file extension is .pdf. - Invoke the
com.adobe.idp.Documentobject’scopyToFilemethod to copy the contents of theDocumentobject to the file. Ensure that you use thecom.adobe.idp.Documentobject that was returned by theremovePDFCredentialSecuritymethod.
- Create a
See also
Quick Start (SOAP mode): Removing certificate-based encryption using the Java API
Including AEM Forms Java library files
Remove certificate-based encryption using the web service API
Remove certificate-based encryption by using the Encryption API (web service):
-
Include project files.
Create a Microsoft .NET project that uses MTOM. Ensure that you use the following WSDL definition:
http://localhost:8080/soap/services/EncryptionService?WSDL&lc_version=9.0.1.NOTEReplace
localhostwith the IP address of the server hosting AEM Forms. -
Create an encryption service client.
-
Create an
EncryptionServiceClientobject by using its default constructor. -
Create an
EncryptionServiceClient.Endpoint.Addressobject by using theSystem.ServiceModel.EndpointAddressconstructor. Pass a string value that specifies the WSDL to the AEM Forms service (for example,http://localhost:8080/soap/services/EncryptionService?WSDL.) You do not need to use thelc_versionattribute. This attribute is used when you create a service reference.) -
Create a
System.ServiceModel.BasicHttpBindingobject by getting the value of theEncryptionServiceClient.Endpoint.Bindingfield. Cast the return value toBasicHttpBinding. -
Set the
System.ServiceModel.BasicHttpBindingobject’sMessageEncodingfield toWSMessageEncoding.Mtom. This value ensures that MTOM is used. -
Enable basic HTTP authentication by performing the following tasks:
- Assign the AEM forms user name to the field
EncryptionServiceClient.ClientCredentials.UserName.UserName. - Assign the corresponding password value to the field
EncryptionServiceClient.ClientCredentials.UserName.Password. - Assign the constant value
HttpClientCredentialType.Basicto the fieldBasicHttpBindingSecurity.Transport.ClientCredentialType. - Assign the constant value
BasicHttpSecurityMode.TransportCredentialOnlyto the fieldBasicHttpBindingSecurity.Security.Mode.
- Assign the AEM forms user name to the field
-
-
Get the encrypted PDF document.
- Create a
BLOBobject by using its constructor. TheBLOBobject is used to store the encrypted PDF document. - Create a
System.IO.FileStreamobject by invoking its constructor and passing a string value that represents the file location of the encrypted PDF document and the mode in which to open the file. - Create a byte array that stores the content of the
System.IO.FileStreamobject. You can determine the size of the byte array by getting theSystem.IO.FileStreamobject’sLengthproperty. - Populate the byte array with stream data by invoking the
System.IO.FileStreamobject’sReadmethod and passing the byte array, the starting position, and the stream length to read. - Populate the
BLOBobject by assigning the contents of the byte array to theBLOBobject’sMTOMdata member.
- Create a
-
Remove encryption.
Invoke the
EncryptionServiceClientobject’sremovePDFCertificateSecuritymethod and pass the following values:- The
BLOBobject that contains file stream data that represents an encrypted PDF document. - A string value that specifies the alias name of the public key that corresponds to the private key used to encrypt the PDf document.
The
removePDFCredentialSecuritymethod returns aBLOBobject that contains an unsecured PDF document. - The
-
Save the PDF document.
- Create a
System.IO.FileStreamobject by invoking its constructor and passing a string value that represents the file location of the unsecured PDF document. - Create a byte array that stores the content of the
BLOBobject that was returned by theremovePDFPasswordSecuritymethod. Populate the byte array by getting the value of theBLOBobject’sMTOMdata member. - Create a
System.IO.BinaryWriterobject by invoking its constructor and passing theSystem.IO.FileStreamobject. - Write the contents of the byte array to a PDF file by invoking the
System.IO.BinaryWriterobject’sWritemethod and passing the byte array.
- Create a
See also
Invoking AEM Forms using SwaRef
Removing Password Encryption
Password-based encryption can be removed from a PDF document so that users can open the PDF document in Adobe Reader or Acrobat without having to specify a password. After password-based encryption is removed from a PDF document, the document is no longer secure.
For more information about the Encryption service, see Services Reference for AEM Forms.
Summary of steps
To remove password-based encryption from a PDF document, perform the following steps:
- Include project files
- Create an encryption service client.
- Get the encrypted PDF document.
- Remove the password.
- Save the PDF document as a PDF file.
Include project files
Include the necessary files into your development project. If you are creating a client application using Java, include the necessary JAR files. If you are using web services, make sure that you include the proxy files.
The following JAR files must be added to your project’s class path:
- adobe-livecycle-client.jar
- adobe-usermanager-client.jar
- adobe-encryption-client.jar
- adobe-utilities.jar (required if AEM Forms is deployed on JBoss)
- jbossall-client.jar (required if AEM Forms is deployed on JBoss)
Create an encryption service client
To programmatically perform an Encryption service operation, you must create an Encryption service client. If you are using the Java Encryption Service API, create an EncrytionServiceClient object. If you are using the web service Encryption Service API, create an EncryptionServiceService object.
Get the encrypted PDF document
You must obtain an encrypted PDF document to remove password-based encryption. If you attempt to remove encryption from a PDF document that is not encrypted, an exception is thrown.
Remove the password
To remove password-based encryption from an encrypted PDF document, you require both an encrypted PDF document and a master password value that is used to remove encryption from the PDF document. The password that is used to open a password-encrypted PDF document cannot be used to remove encryption. A master password is specified when the PDF document is encrypted with a password. (See Encrypting PDF Documents with a Password.)
Save the PDF document
After the Encryption service removes password-based encryption from a PDF document, you can save the PDF document as a PDF file. Users can open the PDF document in Adobe Reader or Acrobat without specifying a password.
See also
Including AEM Forms Java library files
Encryption Service API Quick Starts
Encrypting PDF Documents with a Password
Remove password-based encryption using the Java API
Remove password-based encryption from a PDF document by using the Encryption API (Java):
-
Include project files.
Include client JAR files, such as the adobe-encryption-client.jar, in your Java project’s class path.
-
Create an encryption service client.
- Create a
ServiceClientFactoryobject that contains connection properties. - Create an
EncryptionServiceClientobject by using its constructor and passing theServiceClientFactoryobject.
- Create a
-
Get the encrypted PDF document.
- Create a
java.io.FileInputStreamobject that represents the encrypted PDF document by using its constructor and passing a string value that specifies the location of the PDF document. - Create a
com.adobe.idp.Documentobject by using its constructor and passing thejava.io.FileInputStreamobject.
- Create a
-
Remove the password.
Remove password-based encryption from the PDF document by invoking the
EncryptionServiceClientobject’sremovePDFPasswordSecuritymethod and passing the following values:- A
com.adobe.idp.Documentobject that contains the encrypted PDF document. - A string value that specifies the master password value that is used to remove encryption from the PDF document.
The
removePDFPasswordSecuritymethod returns acom.adobe.idp.Documentobject that contains an unsecured PDF document. - A
-
Save the PDF document.
- Create a
java.io.Fileobject and ensure that the file name extension is .pdf. - Invoke the
com.adobe.idp.Documentobject’scopyToFilemethod to copy the contents of theDocumentobject to the file. Ensure that you use theDocumentobject that was returned by theremovePDFPasswordSecuritymethod.
- Create a
See also
Quick Start (SOAP mode): Removing password-based encryption using the Java API
Remove password-based encryption using the web service API
Remove password-based encryption by using the Encryption API (web service):
-
Include project files.
Create a Microsoft .NET project that uses MTOM. Ensure that you use the following WSDL definition:
http://localhost:8080/soap/services/EncryptionService?WSDL&lc_version=9.0.1.NOTEReplace
localhostwith the IP address of the server hosting AEM Forms. -
Create an encryption service client.
-
Create an
EncryptionServiceClientobject by using its default constructor. -
Create an
EncryptionServiceClient.Endpoint.Addressobject by using theSystem.ServiceModel.EndpointAddressconstructor. Pass a string value that specifies the WSDL to the AEM Forms service (for example,http://localhost:8080/soap/services/EncryptionService?WSDL.) You do not need to use thelc_versionattribute. This attribute is used when you create a service reference.) -
Create a
System.ServiceModel.BasicHttpBindingobject by getting the value of theEncryptionServiceClient.Endpoint.Bindingfield. Cast the return value toBasicHttpBinding. -
Set the
System.ServiceModel.BasicHttpBindingobject’sMessageEncodingfield toWSMessageEncoding.Mtom. This value ensures that MTOM is used. -
Enable basic HTTP authentication by performing the following tasks:
- Assign the AEM forms user name to the field
EncryptionServiceClient.ClientCredentials.UserName.UserName. - Assign the corresponding password value to the field
EncryptionServiceClient.ClientCredentials.UserName.Password. - Assign the constant value
HttpClientCredentialType.Basicto the fieldBasicHttpBindingSecurity.Transport.ClientCredentialType. - Assign the constant value
BasicHttpSecurityMode.TransportCredentialOnlyto the fieldBasicHttpBindingSecurity.Security.Mode.
- Assign the AEM forms user name to the field
-
-
Get the encrypted PDF document.
- Create a
BLOBobject by using its constructor. TheBLOBobject is used to store a password-encrypted PDF document. - Create a
System.IO.FileStreamobject by invoking its constructor and passing a string value that represents the file location of the encrypted PDF document and the mode in which to open the file. - Create a byte array that stores the content of the
System.IO.FileStreamobject. You can determine the size of the byte array by getting theSystem.IO.FileStreamobject’sLengthproperty. - Populate the byte array with stream data by invoking the
System.IO.FileStreamobject’sReadmethod and passing the byte array, the starting position, and the stream length to read. - Populate the
BLOBobject by assigning the contents of the byte array to theBLOBobject’sMTOMdata member.
- Create a
-
Remove the password.
Invoke the
EncryptionServiceServiceobject’sremovePDFPasswordSecuritymethod and pass the following values:- The
BLOBobject that contains file stream data that represents an encrypted PDF document. - A string value that specifies the password value that is used to remove encryption from the PDF document. This value is specified when encrypting the PDF document with a password.
The
removePDFPasswordSecuritymethod returns aBLOBobject that contains an unsecured PDF document. - The
-
Save the PDF document.
- Create a
System.IO.FileStreamobject by invoking its constructor and passing a string value that represents the file location of the unsecured PDF document. - Create a byte array that stores the content of the
BLOBobject that was returned by theremovePDFPasswordSecuritymethod. Populate the byte array by getting the value of theBLOBobject’sMTOMdata member. - Create a
System.IO.BinaryWriterobject by invoking its constructor and passing theSystem.IO.FileStreamobject. - Write the contents of the byte array to a PDF file by invoking the
System.IO.BinaryWriterobject’sWritemethod and passing the byte array.
- Create a
See also
Invoking AEM Forms using SwaRef
Unlocking Encrypted PDF Documents
A password-encrypted or certificate-encrypted PDF document must be unlocked before another AEM Forms operation can be performed on it. If you attempt to perform an operation on an encrypted PDF document, you will generate an exception. After you unlock an encrypted PDF document, you can perform one or more operations on it. These operations can belong to other services, such as the Acrobat Reader DC extensions Service.
For more information about the Encryption service, see Services Reference for AEM Forms.
Summary of steps
To unlock an encrypted PDF document, perform the following steps:
- Include project files.
- Create an encryption service client.
- Get the encrypted PDF document.
- Unlock the document.
- Perform an AEM Forms operation.
Include project files
Include necessary files into your development project. If you are creating a client application using Java, include the necessary JAR files. If you are using web services, make sure that you include the proxy files.
The following JAR files must be added to your project’s class path:
- adobe-livecycle-client.jar
- adobe-usermanager-client.jar
- adobe-encryption-client.jar
- adobe-utilities.jar (required if AEM Forms is deployed on JBoss Application Server)
- jbossall-client.jar (required if AEM Forms is deployed on JBoss Application Server)
Create an encryption service client
To programmatically perform an Encryption service operation, you must create an Encryption service client. If you are using the Java Encryption Service API, create an EncrytionServiceClient object. If you are using the web service Encryption Service API, create an EncryptionServiceService object.
Get the encrypted PDF document
You must obtain an encrypted PDF document in order to unlock it. If you attempt to unlock a PDF document that is not encrypted, an exception is thrown.
Unlock the document
To unlock a password-encrypted PDF document, you require both an encrypted PDF document and a password value that is used to open a password-encrypted PDF document. This value is specified when encrypting the PDF document with a password. (See Encrypting PDF Documents with a Password.)
To unlock a certificate-encrypted PDF document, you require both an encrypted PDF document and the alias value of the public key that corresponds to the private key that was used to encrypt the PDF document.
Perform an AEM Forms operation
After an encrypted PDF document is unlocked, you can perform another service operation on it, such as applying usage rights to it. This operation belongs to the Acrobat Reader DC Extensions service.
See also
Unlock an encrypted PDF document using the Java API
Unlock an encrypted PDF document using the web service API
Including AEM Forms Java library files
Encryption Service API Quick Starts
Unlock an encrypted PDF document using the Java API
Unlock an encrypted PDF document by using the Encryption API (Java):
-
Include project files.
Include client JAR files, such as adobe-encryption-client.jar, in your Java project’s class path.
-
Create an encryption service client.
- Create a
ServiceClientFactoryobject that contains connection properties. - Create an
EncryptionServiceClientobject by using its constructor and passing theServiceClientFactoryobject.
- Create a
-
Get the encrypted PDF document.
- Create a
java.io.FileInputStreamobject that represents the encrypted PDF document by using its constructor and passing a string value that specifies the location of the encrypted PDF document. - Create a
com.adobe.idp.Documentobject by using its constructor and passing thejava.io.FileInputStreamobject.
- Create a
-
Unlock the document.
Unlock an encrypted PDF document by invoking the
EncryptionServiceClientobject’sunlockPDFUsingPasswordorunlockPDFUsingCredentialmethod.To unlock a PDF document that is encrypted with a password, invoke the
unlockPDFUsingPasswordmethod and pass the following values:- A
com.adobe.idp.Documentobject that contains the password-encrypted PDF document. - A string value that specifies the password value that is used to open a password-encrypted PDF document. This value is specified when encrypting the PDF document with a password.
To unlock a PDF document that is encrypted with a certificate, invoke the
unlockPDFUsingCredentialmethod and pass the following values:- A
com.adobe.idp.Documentobject that contains the certificate-encrypted PDF document. - A string value that specifies the alias name of the public key that corresponds to the private key used to encrypt the PDF document.
The
unlockPDFUsingPasswordandunlockPDFUsingCredentialmethods both return acom.adobe.idp.Documentobject that you pass to another AEM Forms Java method to perform an operation. - A
-
Perform a AEM Forms operation.
Perform a AEM Forms operation on the unlocked PDF document to meet your business requirements. For example, assuming that you want to apply usage rights to an unlocked PDF document, pass the
com.adobe.idp.Documentobject that was returned by either theunlockPDFUsingPasswordorunlockPDFUsingCredentialmethods to theReaderExtensionsServiceClientobject’sapplyUsageRightsmethod.
See also
Quick Start (SOAP mode): Unlocking an encrypted PDF document using the Java API (SOAP mode)
Applying Usage Rights to PDF Documents
Including AEM Forms Java library files
Unlock an encrypted PDF document using the web service API
Unlock an encrypted PDF document by using the Encryption API (web service):
-
Include project files.
Create a Microsoft .NET project that uses MTOM. Ensure that you use the following WSDL definition:
http://localhost:8080/soap/services/EncryptionService?WSDL&lc_version=9.0.1.NOTEReplace
localhostwith the IP address of the server hosting AEM Forms. -
Create an encryption service client.
-
Create an
EncryptionServiceClientobject by using its default constructor. -
Create an
EncryptionServiceClient.Endpoint.Addressobject by using theSystem.ServiceModel.EndpointAddressconstructor. Pass a string value that specifies the WSDL to the AEM Forms service (for example,http://localhost:8080/soap/services/EncryptionService?WSDL.) You do not need to use thelc_versionattribute. This attribute is used when you create a service reference.) -
Create a
System.ServiceModel.BasicHttpBindingobject by getting the value of theEncryptionServiceClient.Endpoint.Bindingfield. Cast the return value toBasicHttpBinding. -
Set the
System.ServiceModel.BasicHttpBindingobject’sMessageEncodingfield toWSMessageEncoding.Mtom. This value ensures that MTOM is used. -
Enable basic HTTP authentication by performing the following tasks:
- Assign the AEM forms user name to the field
EncryptionServiceClient.ClientCredentials.UserName.UserName. - Assign the corresponding password value to the field
EncryptionServiceClient.ClientCredentials.UserName.Password. - Assign the constant value
HttpClientCredentialType.Basicto the fieldBasicHttpBindingSecurity.Transport.ClientCredentialType. - Assign the constant value
BasicHttpSecurityMode.TransportCredentialOnlyto the fieldBasicHttpBindingSecurity.Security.Mode.
- Assign the AEM forms user name to the field
-
-
Get an encrypted PDF document.
- Create a
BLOBobject by using its constructor. - Create a
System.IO.FileStreamobject by invoking its constructor and passing a string value that represents the file location of the encrypted PDF document and the mode in which to open the file. - Create a byte array that stores the content of the
System.IO.FileStreamobject. You can determine the size of the byte array by getting theSystem.IO.FileStreamobject’sLengthproperty. - Populate the byte array with stream data by invoking the
System.IO.FileStreamobject’sReadmethod and passing the byte array, the starting position, and the stream length to read. - Populate the
BLOBobject by assigning the contents of the byte array to theBLOBobject’sMTOMdata member.
- Create a
-
Unlock the document.
Unlock an encrypted PDF document by invoking the
EncryptionServiceClientobject’sunlockPDFUsingPasswordorunlockPDFUsingCredentialmethod.To unlock a PDF document that is encrypted with a password, invoke the
unlockPDFUsingPasswordmethod and pass the following values:- A
BLOBobject that contains the password-encrypted PDF document. - A string value that specifies the password value that is used to open a password-encrypted PDF document. This value is specified when encrypting the PDF document with a password.
To unlock a PDF document that is encrypted with a certificate, invoke the
unlockPDFUsingCredentialmethod and pass the following values:- A
BLOBobject that contains the certificate-encrypted PDF document. - A string value that specifies the alias name of the public key that corresponds to the private key used to encrypt the PDf document.
The
unlockPDFUsingPasswordandunlockPDFUsingCredentialmethods both return acom.adobe.idp.Documentobject that you pass to another AEM Forms method to perform an operation. - A
-
Perform a AEM Forms operation.
Perform a AEM Forms operation on the unlocked PDF document to meet your business requirements. For example, assuming that you want to apply usage rights to the unlocked PDF document, pass the
BLOBobject that was returned by either theunlockPDFUsingPasswordorunlockPDFUsingCredentialmethods to theReaderExtensionsServiceClientobject’sapplyUsageRightsmethod.
See also
Invoking AEM Forms using SwaRef
Determining Encryption Type
You can programmatically determine the type of encryption that is protecting a PDF document by using the Java Encryption Service API or the web service Encryption Service API. Sometimes it is necessary to dynamically determine whether a PDF document is encrypted and, if so, the encryption type. For example, you can determine whether a PDF document is protected with password-based encryption or a Rights Management policy.
A PDF document can be protected by the following encryption types:
- Password-based encryption
- Certificate-based encryption
- A policy that is created by the Rights Management service
- Another type of encryption
For more information about the Encryption service, see Services Reference for AEM Forms.
Summary of steps
To determine the type of encryption that is protecting a PDF document, perform the following steps:
- Include project files.
- Create an encryption service client.
- Get the encrypted PDF document.
- Determine the encryption type.
Include project files
Include necessary files into your development project. If you are creating a client application using Java, include the necessary JAR files. If you are using web services, ensure that you include the proxy files.
The following JAR files must be added to your project’s class path:
- adobe-livecycle-client.jar
- adobe-usermanager-client.jar
- adobe-encryption-client.jar
- adobe-utilities.jar (required if AEM Forms is deployed on JBoss Application Server)
- jbossall-client.jar (required if AEM Forms is deployed on JBoss Application Server)
Create a service client
To programmatically perform an Encryption service operation, you must create an Encryption service client. If you are using the Java Encryption Service API, create an EncrytionServiceClient object. If you are using the web service Encryption Service API, create an EncryptionServiceService object.
Get the encrypted PDF document
You must obtain a PDF document to determine the type of encryption that is protecting it.
Determine the encryption type
You can determine the type of encryption that is protecting a PDF document. If the PDF document is not protected, then the Encryption service informs you that the PDF document is not secured.
See also
Determine the encryption type using the Java API
Determine the encryption type using the web service API
Including AEM Forms Java library files
Encryption Service API Quick Starts
Protecting Documents with Policies
Determine the encryption type using the Java API
Determine the type of encryption that is protecting a PDF document by using the Encryption API (Java):
-
Include project files.
Include client JAR files, such as adobe-encryption-client.jar, in your Java project’s class path.
-
Create a service client.
- Create a
ServiceClientFactoryobject that contains connection properties. - Create an
EncryptionServiceClientobject by using its constructor and passing theServiceClientFactoryobject.
- Create a
-
Get the encrypted PDF document.
- Create a
java.io.FileInputStreamobject that represents the PDF document by using its constructor and passing a string value that specifies the location of the PDF document. - Create a
com.adobe.idp.Documentobject by using its constructor and passing thejava.io.FileInputStreamobject.
- Create a
-
Determine the encryption type.
- Determine the encryption type by invoking the
EncryptionServiceClientobject’sgetPDFEncryptionmethod and passing thecom.adobe.idp.Documentobject that contains the PDF document. This method returns anEncryptionTypeResultobject. - Invoke the
EncryptionTypeResultobject’sgetEncryptionTypemethod. This method returns anEncryptionTypeenum value that specifies the encryption type. For example, if the PDF document is protected with password-based encryption, this method returnsEncryptionType.PASSWORD.
- Determine the encryption type by invoking the
See also
Quick Start (SOAP mode): Determining encryption type using the Java API
Including AEM Forms Java library files
Determine the encryption type using the web service API
Determine the type of encryption that is protecting a PDF document by using the Encryption API (web service):
-
Include project files.
Create a Microsoft .NET project that uses MTOM. Ensure that you use the following WSDL definition:
http://localhost:8080/soap/services/EncryptionService?WSDL&lc_version=9.0.1.NOTEReplace
localhostwith the IP address of the server hosting AEM Forms. -
Create a service client.
-
Create an
EncryptionServiceClientobject by using its default constructor. -
Create an
EncryptionServiceClient.Endpoint.Addressobject by using theSystem.ServiceModel.EndpointAddressconstructor. Pass a string value that specifies the WSDL to the AEM Forms service (for example,http://localhost:8080/soap/services/EncryptionService?WSDL.) You do not need to use thelc_versionattribute. This attribute is used when you create a service reference.) -
Create a
System.ServiceModel.BasicHttpBindingobject by getting the value of theEncryptionServiceClient.Endpoint.Bindingfield. Cast the return value toBasicHttpBinding. -
Set the
System.ServiceModel.BasicHttpBindingobject’sMessageEncodingfield toWSMessageEncoding.Mtom. This value ensures that MTOM is used. -
Enable basic HTTP authentication by performing the following tasks:
- Assign the AEM forms user name to the field
EncryptionServiceClient.ClientCredentials.UserName.UserName. - Assign the corresponding password value to the field
EncryptionServiceClient.ClientCredentials.UserName.Password. - Assign the constant value
HttpClientCredentialType.Basicto the fieldBasicHttpBindingSecurity.Transport.ClientCredentialType. - Assign the constant value
BasicHttpSecurityMode.TransportCredentialOnlyto the fieldBasicHttpBindingSecurity.Security.Mode.
- Assign the AEM forms user name to the field
-
-
Get the encrypted PDF document.
- Create a
BLOBobject by using its constructor. - Create a
System.IO.FileStreamobject by invoking its constructor and passing a string value that represents the file location of the encrypted PDF document and the mode in which to open the file. - Create a byte array that stores the content of the
System.IO.FileStreamobject. You can determine the size of the byte array by getting theSystem.IO.FileStreamobject’sLengthproperty. - Populate the byte array with stream data by invoking the
System.IO.FileStreamobject’sReadmethod and passing the byte array, the starting position, and the stream length to read. - Populate the
BLOBobject by assigning the contents of the byte array to theBLOBobject’sMTOMdata member.
- Create a
-
Determine the encryption type.
- Invoke the
EncryptionServiceClientobject’sgetPDFEncryptionmethod and pass theBLOBobject that contains the PDF document. This method returns anEncryptionTypeResultobject. - Get the value of the
EncryptionTypeResultobject’sencryptionTypedata method. For example, if the PDF document is protected with password-based encryption, the value of this data member isEncryptionType.PASSWORD.
- Invoke the
See also
Invoking AEM Forms using SwaRef
Business.Adobe.com resources
Resources
Adobe Account
