Features - Security
PDF Security Tools
Password Protection
-
add-password: Secure your PDFs by adding password protection. Supports user passwords (opens PDF) and owner passwords (controls permissions). -
remove-password: Remove password protection from secured PDFs (requires the original password).
Permissions & Access Control
-
change-permissions: Control how others can view and edit your PDFs. Set restrictions on printing, copying, editing, form filling, and more. -
flatten: Flatten PDF form fields by merging them into the document, making them non-editable. Prevents further modifications to form data and interactive elements. -
unlock-pdf-forms: Unlock form fields in a PDF document, allowing users to edit previously locked form fields and interactive elements.
Signatures
-
sign: Add handwritten, text, or image signatures to PDFs. Draw signatures with mouse/touchscreen, type your name, or upload signature images. For cryptographic digital signatures, usecert-signinstead.Learn more: Sign PDF (Handwritten Signatures)
-
cert-sign: Digitally sign PDFs using X.509 certificates. Cryptographic signatures that prove identity and document integrity. Supports server-generated certificates, custom certificates, and organization certificates.Learn more: Certificate Signing Guide
-
shared-signing(Pro/Enterprise, Alpha): Collaborative multi-participant signing workflows. A document owner uploads a PDF, invites registered users as participants, and each participant signs with their own certificate and optional wet signature. Includes progress tracking, signature summary pages, and automatic post-finalization data cleanup.Learn more: Shared Signing Guide
-
validate-signature: Verify digital signatures and certificates in PDF documents. Check against trusted certificate chains including system trust, Adobe AATL, EU EUTL, and Mozilla CA bundle.Learn more: Certificate Signing - Validation
-
remove-cert-sign: Remove digital certificate signatures from PDFs. Useful when you need to edit a signed document.
Content Security
-
add-watermark: Add custom watermarks to PDFs. Supports text and image watermarks with configurable position, opacity, and rotation. -
sanitize-pdf: Remove potentially dangerous elements from PDFs including JavaScript, embedded files, external links, fonts, and metadata. Essential for security-conscious workflows. -
auto-redact: Redact (black out) sensitive information from PDFs. Supports text search and regex patterns to find and permanently remove sensitive content.
Information & Metadata
get-info-on-pdf: Extract comprehensive PDF information including version, fonts, dimensions, permissions, metadata, and more. Output as JSON or visual tables.
Certificate Signature Validation
Stirling PDF provides enterprise-grade PDF signature validation with configurable trust chains.
Trust Sources
Configure which certificate authorities to trust:
- System Trust Store - Operating system's trusted CAs
- Mozilla CA Bundle - Mozilla's curated CA list
- Adobe AATL - Adobe Approved Trust List
- EU EUTL - EU Trusted List (eIDAS compliance)
- Server Certificates - Trust server-generated certificates
Revocation Checking
Verify certificates haven't been revoked:
- OCSP - Online Certificate Status Protocol (fast, real-time)
- CRL - Certificate Revocation Lists (works offline)
- Dual Mode - Try OCSP first, fall back to CRL
Configuration
security:
validation:
trust:
serverAsAnchor: true # Trust server-generated certificates
useSystemTrust: true # Use OS trust store
useMozillaBundle: true # Mozilla CA bundle
useAATL: false # Adobe Approved Trust List
useEUTL: false # EU Trusted List
allowAIA: false # Fetch intermediate certificates
revocation:
mode: none # Options: none, ocsp, crl, ocsp+crl
hardFail: false # Fail if revocation check fails
Learn more: Certificate Signing - Configuration
Related Configuration
For advanced security configuration, see:
- System and Security Settings - JWT, session management, server certificates
- Certificate Signing - Comprehensive signing and validation guide
- Single Sign-On - Enterprise authentication