Public-key encryption


Is it possible to determine whether a PDF document has public-key (certificate) encryption (section 7.6.4 of the PDF specification, PDF 32000-1:2008)?

When a PDFDoc object is created from a public-key encrypted PDF then ‘IsEncrypted()’ returns true, as expected, but is it possible to then determine whether the encryption is by password or by public-key?

Calling ‘InitSecurityHandler()’ throws a "Requested security handler was not found."exception, but presumably this would also be thrown for a non-standard password security handler as well as a public-key security handler.

Any ideas or help would be appreciated. Thanks.


To find out whether a PDF document uses Public-Key Security Handlers, the SubFilter value of the Encrypt dictionary must match to any one of the following values:

  • adbe.pkcs7.s3

  • adbe.pkcs7.s4

  • adbe.pkcs7.s5

These values, however, only applies to the specification based on the standard Public-Key Security Handlers. Other PDF documents may not store any of these values when using its own custom security handler.

The Encrypt dictionary can usually be obtained directly via the trailer. If not, it will be a child of the DecodeParms dictionary.

Okay, thanks Vincent. There appears to be no fail-safe method to determine whether a document uses certificate encryption or non-standard password encryption.

Also, if the document cannot be decrypted can PDFNet be used to access the Encrypt dictionary?

Are there any plans for the PDFNet SDK to support certificate encryption in the future?


The /Encrypt dictionary will never be encrypted. It is the key content of a PDF document that contains information how to decrypt data strings and streams. If the /Encrypt dictionary is not present (or inaccessible in some manner), it either means the PDF is not encrypted or the PDF is encrypted but corrupted.

PDFNet offers low-level SDF API which allows you to work with any aspect of a PDF document. You can use the SDF API to encrypt PDF documents with Public-Key Security Handlers.

We value your feedback and we are always improving PDFNet SDK. An API specific to Public-Key Security Handlers will be considered for future releases of PDFNet.

Okay, thanks for your help Vincent.