Products

TX Text Control .NET Server

ASP.NET Core Blazor Angular Javascript

TX Text Control .NET Server

Developer SDK for .NET

Overview

DS Server

DS Server

Low-code, containerized backend

Overview

.NET 8 .NET 9 .NET Framework
Server & Web
Windows Forms
WPF
ActiveX/VB6
ActiveX

Ready to evaluate?
Explore our Getting Started guides for step-by-step tutorials to kickstart your product journey!

Getting started

Technologies
Core Technologies

Add deep document processing to your applications.

Overview

Blog

Regular news, tutorials, code samples, and updates for Text Control products.

Read

Core Technologies

We would love to talk to you about how our technologies can help your business.

Call us on +1 704-544-7445 or schedule a meeting.

Schedule meeting

Demo Docs Blog
Blog

Regular news, tutorials, code samples, and updates for Text Control products.

Read

Authors

Meet our expert writers and technical contributors.

Overview

Latest Posts

We would love to talk to you about how our products can help your business.

Call us on +1 704-544-7445 or schedule a meeting.

Schedule meeting

Support
Support Resources

Full technical assistance for our product portfolio.

Overview

Documentation

Detailed guides and technical documentation library.

Overview

Support
Getting Started
Other Resources

Need technical support?
Contact our support team by opening a ticket - we'll get back to you within 1 business day.

New ticket

Company
About Us

Learn more about our company, our values and mission statement.

Learn more

Industry events

Text Control participates in leading technology conferences worldwide.

Learn more

Company
Contact
Newsletter
Legal

Let's start a conversation
Send us a message about your project, give us a call to discuss your requirements, or visit our office locations in Bremen (Germany) or Charlotte, NC (USA).

Contact us

ASP.NETASP.NET Core

Prev

PDF Security Explained: Passwords, Permissions, Encryption and Digital Signatures in C# .NET

Bjoern Meyer

Bjoern Meyer

In this article, we will explore the various security features available in PDF documents, including passwords, permissions, encryption, and digital signatures. We will also provide examples of how to implement these features in C# .NET using our PDF library.

PDF Security Explained: Passwords, Permissions, Encryption and Digital Signatures in C# .NET

PDF security is often misunderstood. Many developers assume that securing a PDF simply means setting a password. However, PDF security consists of several independent mechanisms that solve different problems.

For example, encryption protects document content from unauthorized access. Permissions define what users can do after opening the document. Digital signatures protect the document's integrity and authenticity by proving that it has not been altered since it was signed.

This article explains these concepts and demonstrates how to implement them using TX Text Control in C# .NET.

PDF Encryption

Encryption protects the content of a PDF document. If a user password is set, the PDF viewer will prompt the user to enter the password before opening the document.

using TXTextControl;

using var tx = new ServerTextControl();

tx.Create();

tx.Text = "This is a confidential PDF document.";

var saveSettings = new SaveSettings
{
    UserPassword = "user1234"
};

tx.Save(
    "encrypted.pdf",
    StreamType.AdobePDF,
    saveSettings
);

The generated PDF requires a password to open. This is the most important protection mechanism for ensuring confidentiality.

User Password and Master Password

PDF documents can have two different types of passwords. A user password is required to open the document. The master password, also known as the owner password, controls the document's permissions. When a master password is set, the PDF viewer prompts the user to enter the password when they attempt to change permissions or perform restricted actions.

using TXTextControl;

using var tx = new ServerTextControl();

tx.Create();

tx.Text = "This PDF allows only limited operations.";

var saveSettings = new SaveSettings
{
    UserPassword = "user1234",
    MasterPassword = "owner1234",
    DocumentAccessPermissions = DocumentAccessPermissions.AllowLowLevelPrinting |
                                DocumentAccessPermissions.AllowExtractContents
};

tx.Save("secured.pdf", StreamType.AdobePDF, saveSettings);

In this example, users need the password to open the document. However, the master password is required to change the security settings.

PDF Permissions

Permissions determine what actions users can perform on a PDF document after opening it. For instance, you can allow or disallow printing, copying content, or modifying the document. Although permissions are enforced by PDF viewers, they are not a security mechanism since they can easily be bypassed if the user has access to the document.

TX Text Control supports permission flags through the DocumentAccessPermissions property:

Permission Description
AllowAll Allows all permissions.
AllowAuthoring Allows users to add content to the document.
AllowAuthoringFields Allows users to fill in form fields.
AllowContentAccessibility Allows content to be accessible for assistive technologies.
AllowDocumentAssembly Allows users to assemble the document by inserting, rotating, or deleting pages.
AllowExtractContents Allows users to extract content from the document.
AllowGeneralEditing Allows users to edit the document's content.
AllowHighLevelPrinting Allows users to print the document with high-quality settings.
AllowLowLevelPrinting Allows users to print the document with low-quality settings.

A common enterprise scenario involves a document that can be viewed and printed but not edited. This can be achieved by setting the permissions as follows:

var saveSettings = new SaveSettings
{
    UserPassword = "user1234",
    MasterPassword = "owner1234",
    DocumentAccessPermissions = DocumentAccessPermissions.AllowLowLevelPrinting |
                                DocumentAccessPermissions.AllowContentAccessibility
};

It's important to understand that permissions and encryption are not the same. Encryption protects access to content. Permissions instruct compliant PDF viewers which actions are allowed.

The Myth of PDF Permissions

PDF permissions are often misunderstood. For example, disabling printing or copying does not provide the same level of protection as encryption.

A compliant PDF viewer respects permission flags. However, permissions are not a cryptographic security boundary. Once a user can open and decrypt a document, the effectiveness of permissions depends on viewer support.

Therefore, permissions should be used as part of a document policy, not as the sole security mechanism.

Verifying PDF Encryption Programmatically

In automated workflows, assuming that encryption worked is not enough. Verify encryption by trying to load the document without a password. This attempt should fail. Then, load the document again with the correct password.

using TXTextControl;

public static bool VerifyPdfEncryption(
    ServerTextControl sourceTextControl,
    string userPassword,
    string destinationPath)
{
    sourceTextControl.Save(
        destinationPath,
        StreamType.AdobePDF,
        new SaveSettings
        {
            UserPassword = userPassword
        });

    using var verificationControl = new ServerTextControl();

    verificationControl.Create();

    try
    {
        verificationControl.Load(destinationPath, StreamType.AdobePDF);
        return false;
    }
    catch (FilterException)
    {
        verificationControl.Load(
            destinationPath,
            StreamType.AdobePDF,
            new LoadSettings
            {
                UserPassword = userPassword
            });

        return true;
    }
}

This approach is useful for server-side document pipelines in which security requirements must be automatically verified before documents are delivered or archived.

Digital Signatures

Encryption answers the question:

Who can read this document?

Digital signatures answer a different question:

Has this document been changed, and who signed it?

Digital signatures are an essential part of PDF security. They verify the authenticity and integrity of a document. A digital signature is created using a certificate containing the signer's public key. When a document is signed, a hash of its content is created and encrypted with the signer's private key. This encrypted hash is the digital signature.

A digitally signed PDF is cryptographically linked to a certificate. If the document is modified after signing, the signature becomes invalid.

using System.Security.Cryptography.X509Certificates;
using TXTextControl;

using var tx = new ServerTextControl();

tx.Create();

tx.Text = "This is a signed PDF document.";

var certificate = new X509Certificate2(
    "textcontrolself.pfx",
    "123");

var saveSettings = new SaveSettings
{
    DigitalSignature = new DigitalSignature(
        certificate,
        null)
};

tx.Save(
    "signed.pdf",
    StreamType.AdobePDF,
    saveSettings);

This signs the entire PDF document. Although the signature is invisible, PDF viewers such as Adobe Acrobat Reader can validate it and display its status.

Signing Signature Fields

In addition to signing the entire document, you can also sign specific signature fields. This allows for multiple signatures in a document, each with its own validation status. TX Text Control can create signature fields and bind them to digital certificates during PDF export.

using System.Drawing;
using System.Security.Cryptography.X509Certificates;
using TXTextControl;

using var tx = new ServerTextControl();

tx.Create();

var signatureField = new SignatureField(
    new Size(2000, 2000),
    "txsign",
    10);

signatureField.Image = new SignatureImage(
    "signature.svg",
    0);

tx.SignatureFields.Add(signatureField, -1);

var certificate = new X509Certificate2(
    "textcontrolself.pfx",
    "123");

var digitalSignature = new DigitalSignature(
    certificate,
    null,
    "txsign");

var saveSettings = new SaveSettings
{
    SignatureFields = new[]
    {
        digitalSignature
    }
};

tx.Save(
    "signed-field.pdf",
    StreamType.AdobePDF,
    saveSettings);

This approach is useful for contracts, approvals, consent forms, and other documents where signatures must be visible.

Adding Signer Information and Time Stamps

When signing a document, you can include additional information, such as the signer's name, the reason for signing, and the location. You can also add a timestamp to show when the document was signed. This information is displayed in the signature details of supported PDF viewers.

using System.Security.Cryptography.X509Certificates;
using TXTextControl;

using var tx = new ServerTextControl();

tx.Create();

tx.Load(
    "signature.tx",
    StreamType.InternalUnicodeFormat);

var certificate = new X509Certificate2(
    "textcontrolself.pfx",
    "123");

const string timeStampServer =
    "http://timestamp.digicert.com";

var digitalSignatures = new List<DigitalSignature>();

foreach (SignatureField signatureField in tx.SignatureFields)
{
    signatureField.SignerData = new SignerData(
        "John Doe",
        "CEO",
        "11 Main Street, New York, NY 10001, USA",
        "john@doe.com",
        "Contract signature");

    digitalSignatures.Add(
        new DigitalSignature(
            certificate,
            timeStampServer,
            signatureField.Name));
}

tx.Save(
    "signed-with-timestamp.pdf",
    StreamType.AdobePDFA,
    new SaveSettings
    {
        CreatorApplication = "Your Application",
        SignatureFields = digitalSignatures.ToArray()
    });

In long-term validation scenarios, time stamps are important because they help prove when a document was signed.

Encryption vs Digital Signatures

Encryption and digital signatures serve different purposes. Encryption protects the confidentiality of a document, while digital signatures ensure its integrity and authenticity. A document can be encrypted without being signed, and it can be signed without being encrypted.

Feature Encryption Digital Signature
Goal Protect document content from unauthorized access. Verify document integrity and authenticity.
Hide content Yes No
Require password to open Yes No
Restrict actions With permissions No
Detect document changes No Yes
Verify signer identity No Yes
Support legal integrity workflows Partly Yes

Secure workflows often use both mechanisms. For instance, an HR system might encrypt payroll reports to keep them confidential and then digitally sign them to show that the document hasn't been altered.

Enterprise Workflow Example

Consider an enterprise document management system that generates PDF reports containing sensitive information. The system must ensure that only authorized users can access the reports and provide a way to verify that they haven't been tampered with.

A typical secure document workflow could look like this:

  1. Generate a document from a DOCX template.
  2. Merge business data into the template.
  3. Export the result to PDF.
  4. Encrypt the PDF with a user password.
  5. Set permissions to restrict editing.
  6. Digitally sign the final PDF.
  7. Deliver or archive the document.

This automated process combines confidentiality, controlled usage, integrity, and authenticity. By using TX Text Control's PDF security features, developers can implement robust document workflows that meet enterprise security requirements.

Conclusion

PDF security encompasses more than just password protection.

Encryption protects confidential content. Permissions define how viewers can use the document. Digital signatures ensure the document's integrity and authenticity.

With TX Text Control, you can integrate these mechanisms directly into .NET document workflows. Using one consistent API, developers can generate, encrypt, restrict, sign, verify, and archive PDF documents.

This is especially important for enterprise applications. Contracts, invoices, medical records, HR documents, financial reports, and compliance documents require more than simple PDF generation. They require secure, reliable, and verifiable document processing.

Frequently Asked Questions

PDF encryption protects confidentiality by requiring a password to open a document. Digital signatures protect integrity and authenticity by proving who signed a document and whether it has been modified after signing. These mechanisms solve different security requirements and are often used together.

Not necessarily. Password protection controls access to the document, while editing restrictions are controlled through PDF permissions. To protect both access and usage, PDFs are typically encrypted and configured with appropriate permission settings.

A user password is required to open a PDF document. A master password, also known as an owner password, controls security settings and permissions such as printing, copying content, or editing the document.

No. PDF permissions are best viewed as usage policies rather than strong security controls. Compliant PDF viewers respect these settings, but permissions do not provide cryptographic protection. Encryption remains the primary mechanism for protecting document content.

Yes. TX Text Control can generate PDF documents protected by user passwords and master passwords. Developers can also define document permissions and automatically verify encryption in server-side workflows.

Yes. TX Text Control supports digital signatures using X.509 certificates. Documents can be signed during PDF export to provide proof of authenticity and to detect unauthorized modifications after signing.

Yes. TX Text Control supports PDF signature fields that can be displayed directly in the document. These fields can be bound to digital certificates during export, making them suitable for contracts, approvals, consent forms, and other business documents.

Encryption answers the question "Who can read the document?" A digital signature answers the question "Has the document been changed and who signed it?" For secure enterprise workflows, both confidentiality and integrity are often required.

Yes. TX Text Control supports timestamping during the signing process. Trusted timestamps help prove when a document was signed and are important for long-term validation and compliance scenarios.

Common scenarios include contracts, invoices, HR documents, payroll reports, medical records, financial statements, and compliance documents. These workflows often require encryption, permissions, digital signatures, and long-term validation to meet business and regulatory requirements.

Stay in the loop!

Subscribe to the newsletter to receive the latest updates.

ASP.NET

Integrate document processing into your applications to create documents such as PDFs and MS Word documents, including client-side document editing, viewing, and electronic signatures.

ASP.NET Core
Angular
Blazor
JavaScript
React
  • Angular
  • Blazor
  • React
  • JavaScript
  • ASP.NET MVC, ASP.NET Core, and WebForms

Learn more Trial token Download trial

Related Posts

ASP.NETASP.NET CoreConference

NDC Copenhagen 2026: Great Days in the Heart of Copenhagen's Developer Community

This week, we had the pleasure of exhibiting at NDC Copenhagen 2026, one of the most prestigious developer conferences in the Nordic region. The event was a fantastic opportunity to connect with…

ASP.NETASP.NET CoreForm Fields

Automatically Mapping TX Text Control Form Fields to JSON Data in .NET C#

In this article, we will explore how to automatically map TX Text Control form fields to JSON data in a .NET C# application. This process can help streamline data handling and improve the…

ASP.NETASP.NET CoreeSignatures

Getting Started with SignFabric: From Clone to Your First Signature Envelope

In this blog post, we will guide you through the process of getting started with SignFabric, from cloning the repository to creating your first signature envelope. Whether you are new to…

ASP.NETASP.NET CoreConference

We Never Pause - Join Us at NDC Copenhagen 2026

Join us at NDC Copenhagen 2026 for an unforgettable experience filled with insightful sessions, networking opportunities, and the latest trends in software development. Don't miss out on this…

ASP.NETASP.NET CoreConference

MD DevDays 2026: Record Attendance, Packed Expo Hall, and Three Great Days…

This week, we packed up the booth, loaded the demo machines, and headed to MD DevDays 2026 in Magdeburg, Germany. Once again, MD DevDays proved why it is one of our favorite community conferences…

Chat with this article in your favorite LLM:

Copy for LLMs
ChatGPT
Gemini
Claude
Grok
Perplexity

Share on this blog post on: