12. Encryption Service
The Encryption service enables you to encrypt and decrypt documents. When a document is encrypted, its contents become unreadable.
You can encrypt the entire PDF document (including its content, metadata, and attachments), everything other than its metadata, or only
the attachments. An authorized user can decrypt the document to obtain access to its contents. If a PDF document is encrypted with a
password, the user must specify the open password before the document can be viewed in Adobe Reader or Acrobat. If a PDF document is
encrypted with a certificate, the user must decrypt the PDF document with a private key (certificate) he/she owns. The private key used to
decrypt the PDF document must correspond to the public key used to encrypt it.
Using the Encryption service
For information about developing processes that use this service, see LiveCycle Workbench 9.5 Help. For information about developing
client applications that programmatically interact with this service, see Programming with LiveCycle ES2.5.
You can use the Applications and Services pages of LiveCycle Administration Console to configure default properties for this service. (See
Encryption service settings in LiveCycle ES2.5 Administration Help.)
Encrypting PDF documents with a password
You can use the Encryption service to encrypt PDF documents with a password. When you encrypt a PDF document with a password, a
user must specify the password to open the PDF document in Adobe Reader or Acrobat. You can choose to encrypt the entire PDF
document (content, metadata, and attachments), encrypt everything other than its metadata, or encrypt only the attachments. If you encrypt
only the document’s attachments, users are prompted for a password only when they attempt to access the file attachments.
When encrypting a PDF document with a password, you must specify two separate passwords. One password is used to encrypt and decrypt
the PDF document. The other password is used to remove encryption from the PDF document or to modify permissions.
When you use a password to encrypt a PDF document, you can add permissions that specify tasks that the users who receive the document
can do. For example, you can specify whether they can sign and fill, edit, or print the PDF document.
A password-encrypted PDF document must be unlocked before another LiveCycle ES2.5 operation, such as digitally signing the PDF
document, can be performed on it. (See “Unlocking encrypted PDF documents” on page40.)
Note: It is recommended that you do not encrypt a document prior to uploading it to the repository. If you upload an encrypted PDF document
to the repository, it cannot decrypt the PDF document and extract the XDP content.
Removing password encryption
You can use the Encryption service to remove password-based encryption from a PDF document. Then users can open the PDF document
in Adobe Reader or Acrobat without specifying a password. After password-based encryption is removed from a PDF document, the
document is no longer secure.
Encrypting PDF documents with certificates
You can use the Encryption service to encrypt PDF documents with certificates. Certificate-based encryption lets you use public-key
cryptography to encrypt documents for specific recipients. Public-key cryptography uses two types of keys:
• A public key, which is stored inside a certificate that can be shared with other users. The public key certificate is in X.509 format and
contains a user’s public key and identifying information.