Link Search Menu Expand Document

User-controlled encryption of input files and decryption of output files.

PDF.co API supports strong AES encryption and decryption for input and output files.

Supported AES algorythms:

  • AES128 - 128-bit encryption.
  • AES192 - 192-bit encryption.
  • AES256 - 256-bit encryption.

With user-controlled encryption you can implement the following scenarios:

  1. Auto-encrypt output files for further storage locally or on public cloud services like Dropbox, Google Drive or similar. Even if a middleman obtains the link to this encrypted file then she/he can not open file content without having your encryption key.

  2. Auto-decrypt input files generated by 3rd party service or apps like SalesForce, Zapier, Integromat or custom Javascript/PHP/NET/Java apps where files were encrypted previously. PDF.co provides a set of encryption and decryption params for compatibility with 3rd party services.

  3. Auto-decrypt input files and automatically encrypt output files for compatibility with HIPAA or other compliance requirements.

Notes:

  • Encryption and decryption options are auto-redacted from API logs for security reasons.

User-Controlled Encryption

User-controlled encryption parameters must be set via profiles parameter in JSON format (as a string if you use Zapier or similar plugin or as escaped JSON string if you use direct calls to API).

Sample Profile:

{ 
    'DataEncryptionAlgorithm': 'AES128', 
    'DataEncryptionKey': 'HelloThisKey1234', 
    'DataEncryptionIV': 'TreloThisKey1234' 
}
  • DataEncryptionAlgorithm (string) defines AES algorithm to use. Supported values: AES128, AES192, AES256.
  • DataEncryptionKey (string) defines AES encryption key to use. Must use 16 characters for AES128, 24 characters for AES192, 32 characters for AES256.
  • DataEncryptionIV (string) defines AES initialization vector (IV). An initialization vector is used to avoid repetition during the data encryption process, making it impossible for hackers who use dictionary attack to decrypt the exchanged encrypted message by discovering a pattern. You may think of it as an additional password. Must use 16 characters for AES128, 24 characters for AES192, 32 characters for AES256.

Example

Running PDF to JPG and encrypting output JPG files with AES 128 encryption:

POST [https://api.pdf.co/v1/pdf/convert/to/jpg](https://api.pdf.co/v1/pdf/convert/to/jpg)

{
    "url": "https://bytescout-com.s3-us-west-2.amazonaws.com/files/demo-files/cloud-api/pdf-to-image/sample.pdf",
    "profiles": "{ 'DataEncryptionAlgorithm': 'AES128', 'DataEncryptionKey': 'HelloThisKey1234', 'DataEncryptionIV': 'TreloThisKey1234' }"
}

User-Controlled Decryption

User-controlled encryption parameters must be set via profiles parameter in JSON format (as a string if you use Zapier or similar plugin or as escaped JSON string if you use direct calls to API).

Sample Profile:

{ 
    'DataEncryptionAlgorithm': 'AES128', 
    'DataEncryptionKey': 'HelloThisKey1234', 
    'DataEncryptionIV': 'TreloThisKey1234' 
}
  • DataDecryptionAlgorithm (string) defines AES algorithm to use. Supported values: AES128, AES192, AES256.
  • DataDecryptionKey (string) defines AES decryption key to use. Must use 16 characters for AES128, 24 characters for AES192, 32 characters for AES256.
  • DataDecryptionIV (string) defines AES initialization vector (IV). An initialization vector is used to avoid repetition during the data encryption process, making it impossible for hackers who use dictionary attack to decrypt the exchanged encrypted message by discovering a pattern. You may think of it as an additional password. Must use 16 characters for AES128, 24 characters for AES192, 32 characters for AES256.

How to tell API to decrypt input file which was encrypted by AES128 encryption with some 3rd party tool:

POST [https://api.pdf.co/v1/pdf/convert/to/jpg](https://api.pdf.co/v1/pdf/convert/to/jpg)

{
    "url": "https://bytescout-com.s3-us-west-2.amazonaws.com/files/demo-files/cloud-api/encryption/sample_encrypted_aes128.pdf",
    "profiles": "{ 'DataDecryptionAlgorithm': 'AES128', 'DataDecryptionKey': 'HelloThisKey1234', 'DataDecryptionIV': 'TreloThisKey1234' }"
}

Decrypting input file and encrypting output file

You can also set options to decrypt content of input file and also encrypt content of output file simultaneously.

Sample Profile

{ 
    'DataDecryptionAlgorithm': 'AES256', 
    'DataDecryptionKey': 'HelloThisKeyForDecrypting1234', 
    'DataDecryptionIV': 'UniqueVectorForDecryption1234', 
    'DataEncryptionAlgorithm': 'AES128', 
    'DataEncryptionKey': 'HelloThisKeyForEncryptingOutput1234', 
    'DataEncryptionIV': 'TreloThisUniqueKeyForEncryptingOutput1234' }"

Example:

POST [https://api.pdf.co/v1/pdf/merge](https://api.pdf.co/v1/pdf/merge)

{
    "url": "https://bytescout-com.s3-us-west-2.amazonaws.com/files/demo-files/cloud-api/encryption/sample_encrypted_aes128.pdf, [https://bytescout-com.s3-us-west-2.amazonaws.com/files/demo-files/cloud-api/encryption/sample_encrypted_aes128.pdf",](https://bytescout-com.s3-us-west-2.amazonaws.com/files/demo-files/cloud-api/encryption/sample_encrypted_aes128.pdf",)

    "profiles": "{ 'DataDecryptionAlgorithm': 'AES128', 'DataDecryptionKey': 'HelloThisKey1234', 'DataDecryptionIV': 'TreloThisKey1234', 'DataEncryptionAlgorithm': 'AES128', 'DataEncryptionKey': 'HelloThisKey1234', 'DataEncryptionIV': 'TreloThisKey1234' }"
}