Encryption
The encryption object adds password protection to the generated PDF. You can set separate user and owner passwords and control what actions readers are allowed to perform.
Properties
| Property | Type | Default | Description |
|---|---|---|---|
encryptionType | string | — | Encryption algorithm: RC4_40, RC4_128, AES128, or AES256 |
userPassword | string | — | Password required to open the document |
ownerPassword | string | — | Password required to change permissions or remove protection |
permissions | object | — | Granular permission flags (see below) |
doNotEncryptMetadata | boolean | false | When true, document metadata remains unencrypted |
encryptEmbeddedFilesOnly | boolean | false | When true, only embedded file attachments are encrypted |
Encryption types
| Type | Key length | Notes |
|---|---|---|
RC4_40 | 40-bit | Legacy, weak — use only for backward compatibility |
RC4_128 | 128-bit | Legacy, supported by older viewers |
AES128 | 128-bit | Modern, widely supported |
AES256 | 256-bit | Strongest available, recommended for sensitive documents |
Permissions
The permissions object controls what a user who opens the document with the user password is allowed to do.
| Property | Type | Default | Description |
|---|---|---|---|
print | boolean | false | Allow printing |
modify | boolean | false | Allow modifying document content |
copy | boolean | false | Allow copying text and graphics |
annotate | boolean | false | Allow adding annotations |
fillForm | boolean | false | Allow filling form fields |
extract | boolean | false | Allow text extraction for accessibility |
assemble | boolean | false | Allow inserting, rotating, or deleting pages |
Examples
Basic password protection
{
"document": {
"encryption": {
"encryptionType": "AES256",
"userPassword": "viewerPass123",
"ownerPassword": "adminPass456"
},
"content": [
{ "p": "This document requires a password to open." }
]
}
}
Read-only with print allowed
{
"document": {
"encryption": {
"encryptionType": "AES256",
"userPassword": "readonly",
"ownerPassword": "owner",
"permissions": {
"print": true,
"copy": false,
"modify": false,
"annotate": false,
"fillForm": false,
"extract": true,
"assemble": false
}
},
"content": [
{ "p": "This document can be viewed and printed, but not edited or copied." }
]
}
}
Form-fillable only
{
"document": {
"encryption": {
"encryptionType": "AES128",
"userPassword": "",
"ownerPassword": "formsAdmin",
"permissions": {
"print": true,
"fillForm": true,
"modify": false,
"copy": false,
"annotate": false,
"extract": false,
"assemble": false
}
},
"content": [
{ "p": "Fill in the fields below:" }
]
}
}
An empty userPassword allows opening without a password while still enforcing permission restrictions.
Unencrypted metadata
{
"document": {
"metadata": {
"title": "Confidential Report",
"author": "Operations Team"
},
"encryption": {
"encryptionType": "AES256",
"userPassword": "secure",
"ownerPassword": "admin",
"doNotEncryptMetadata": true
},
"content": [
{ "p": "Metadata is searchable even though the document is encrypted." }
]
}
}
This is useful when documents need to be indexed by a document management system without requiring the password.