Skip to content

Criptografar e descriptografar PDFs em Python, Rust, Go

Cobertura dos bindings. A descriptografia (abrir com senha) é suportada nos cinco bindings. Salvar um novo PDF já criptografado está disponível em Python, Rust, Go (DocumentEditor.SaveEncrypted) e WASM (saveEncryptedToBytes). A API pública de C# expõe a abertura com senha via PdfDocument.OpenWithPassword, mas ainda não há um wrapper público de SaveEncrypted — para gerar saída criptografada a partir de uma pipeline em C#, use o CLI em Rust ou os bindings de Go/Python.

Criptografe um PDF com senha:

Python

from pdf_oxide import PdfDocument

doc = PdfDocument("report.pdf")
doc.save_encrypted("protected.pdf", "userpass", "ownerpass")

WASM

import { WasmPdfDocument } from "pdf-oxide-wasm";

const doc = new WasmPdfDocument(bytes);
const encrypted = doc.saveEncryptedToBytes("userpass", "ownerpass", true, true, true, true);
// encrypted is a Uint8Array
doc.free();

Rust

use pdf_oxide::api::Pdf;

let mut doc = Pdf::open("report.pdf")?;
doc.save_encrypted("protected.pdf", "userpass", "ownerpass")?;

Go

package main

import (
    "log"
    pdfoxide "github.com/yfedoseev/pdf_oxide/go"
)

func main() {
    editor, err := pdfoxide.OpenEditor("report.pdf")
    if err != nil { log.Fatal(err) }
    defer editor.Close()

    if err := editor.SaveEncrypted("protected.pdf", "userpass", "ownerpass"); err != nil {
        log.Fatal(err)
    }
}

C++

#include <pdf_oxide/pdf_oxide.hpp>

auto editor = pdf_oxide::DocumentEditor::open("report.pdf");
editor.save_encrypted("protected.pdf", "userpass", "ownerpass");

Swift

import PdfOxide

let editor = try DocumentEditor.open("report.pdf")
try editor.saveEncrypted("protected.pdf", userPassword: "userpass", ownerPassword: "ownerpass")

Dart

import 'package:pdf_oxide/pdf_oxide.dart';

final editor = DocumentEditor.open('report.pdf');
editor.saveEncrypted('protected.pdf', 'userpass', 'ownerpass');
editor.close();

R

library(pdfoxide)

editor <- pdf_editor_open("report.pdf")
pdf_editor_save_encrypted(editor, "protected.pdf", "userpass", "ownerpass")
pdf_editor_close(editor)

Julia

using PdfOxide

editor = open_editor("report.pdf")
save_encrypted(editor, "protected.pdf", "userpass", "ownerpass")

Zig

const pdf_oxide = @import("pdf_oxide");

var editor = try pdf_oxide.DocumentEditor.open("report.pdf");
defer editor.deinit();
try editor.saveEncrypted("protected.pdf", "userpass", "ownerpass");

Objective-C

#import "POXPdfOxide.h"
NSError *err = nil;

POXDocumentEditor *editor = [POXDocumentEditor openEditor:@"report.pdf" error:&err];
[editor saveEncryptedToPath:@"protected.pdf"
               userPassword:@"userpass"
              ownerPassword:@"ownerpass"
                      error:&err];

Elixir

{:ok, editor} = PdfOxide.open_editor("report.pdf")
:ok = PdfOxide.editor_save_encrypted(editor, "protected.pdf", "userpass", "ownerpass")

Abra um PDF criptografado:

Python

from pdf_oxide import PdfDocument

doc = PdfDocument("protected.pdf", password="userpass")
text = doc.extract_text(0)
print(text)

WASM

const doc = new WasmPdfDocument(encryptedBytes);
doc.authenticate("userpass");
const text = doc.extractText(0);
console.log(text);
doc.free();

Rust

let mut doc = Pdf::open_with_password("protected.pdf", "userpass")?;
let text = doc.extract_text(0)?;
println!("{}", text);

Go

doc, _ := pdfoxide.Open("protected.pdf")
defer doc.Close()

if _, err := doc.Authenticate("userpass"); err != nil { log.Fatal(err) }
text, _ := doc.ExtractText(0)
fmt.Println(text)

C#

using PdfOxide;

using var doc = PdfDocument.OpenWithPassword("protected.pdf", "userpass");
Console.WriteLine(doc.ExtractText(0));

C++

auto doc = pdf_oxide::Document::open_with_password("protected.pdf", "userpass");
auto text = doc.extract_text(0);
std::cout << text << "\n";

Swift

let doc = try Document.openWithPassword("protected.pdf", password: "userpass")
let text = try doc.extractText(0)
print(text)

Dart

final doc = PdfDocument.openWithPassword('protected.pdf', 'userpass');
final text = doc.extractText(0);
print(text);

R

doc <- pdf_open_with_password("protected.pdf", "userpass")
text <- pdf_extract_text(doc, 0)
cat(text)

Julia

doc = open_with_password("protected.pdf", "userpass")
text = extract_text(doc, 0)
println(text)

Zig

var doc = try pdf_oxide.Document.openWithPassword("protected.pdf", "userpass");
defer doc.deinit();
const text = try doc.extractText(a, 0);
defer a.free(text);

Objective-C

POXDocument *doc = [POXDocument openWithPassword:@"protected.pdf" password:@"userpass" error:&err];
NSString *text = [doc extractText:0 error:&err];
NSLog(@"%@", text);

Elixir

{:ok, doc} = PdfOxide.open_with_password("protected.pdf", "userpass")
{:ok, text} = PdfOxide.extract_text(doc, 0)
IO.puts(text)

O PDF Oxide usa criptografia AES-256 por padrão. Licença MIT, sem restrições AGPL.

Instalação

pip install pdf_oxide

Criptografando PDFs

Criptografia básica

Python

from pdf_oxide import PdfDocument

doc = PdfDocument("input.pdf")
doc.save_encrypted("output.pdf", "user123", "owner456")

WASM

const doc = new WasmPdfDocument(bytes);
const encrypted = doc.saveEncryptedToBytes("user123", "owner456", true, true, true, true);
doc.free();

Rust

let mut doc = Pdf::open("input.pdf")?;
doc.save_encrypted("output.pdf", "user123", "owner456")?;

C++

auto editor = pdf_oxide::DocumentEditor::open("input.pdf");
editor.save_encrypted("output.pdf", "user123", "owner456");

Swift

let editor = try DocumentEditor.open("input.pdf")
try editor.saveEncrypted("output.pdf", userPassword: "user123", ownerPassword: "owner456")

Dart

final editor = DocumentEditor.open('input.pdf');
editor.saveEncrypted('output.pdf', 'user123', 'owner456');
editor.close();

R

editor <- pdf_editor_open("input.pdf")
pdf_editor_save_encrypted(editor, "output.pdf", "user123", "owner456")
pdf_editor_close(editor)

Julia

editor = open_editor("input.pdf")
save_encrypted(editor, "output.pdf", "user123", "owner456")

Zig

var editor = try pdf_oxide.DocumentEditor.open("input.pdf");
defer editor.deinit();
try editor.saveEncrypted("output.pdf", "user123", "owner456");

Objective-C

POXDocumentEditor *editor = [POXDocumentEditor openEditor:@"input.pdf" error:&err];
[editor saveEncryptedToPath:@"output.pdf"
               userPassword:@"user123"
              ownerPassword:@"owner456"
                      error:&err];

Elixir

{:ok, editor} = PdfOxide.open_editor("input.pdf")
:ok = PdfOxide.editor_save_encrypted(editor, "output.pdf", "user123", "owner456")
  • Senha de usuário — necessária para abrir e visualizar o documento
  • Senha de proprietário — necessária para acesso total (imprimir, copiar, modificar)

Apenas senha de abertura

Defina uma senha de usuário sem restrições:

doc = PdfDocument("input.pdf")
doc.save_encrypted("locked.pdf", "viewpass", "adminpass")

Sem senha de abertura, mas com restrição de ações

Deixe qualquer pessoa visualizar, mas restrinja impressão e cópia:

Python

doc = PdfDocument("input.pdf")
doc.save_encrypted(
    "restricted.pdf",
    "",            # No password to open
    "adminpass",   # Owner password for full access
    allow_print=False,
    allow_copy=False,
    allow_modify=False,
    allow_annotate=False,
)

WASM

const doc = new WasmPdfDocument(bytes);
const restricted = doc.saveEncryptedToBytes(
    "",           // No password to open
    "adminpass",  // Owner password for full access
    false,        // allowPrint
    false,        // allowCopy
    false,        // allowModify
    false         // allowAnnotate
);
doc.free();

Rust

let config = EncryptionConfig::new("", "adminpass")
    .with_permissions(Permissions::none());
doc.save_with_encryption("restricted.pdf", config)?;

Somente impressão

Libere visualização e impressão, mas bloqueie cópia e modificação:

Python

doc = PdfDocument("input.pdf")
doc.save_encrypted(
    "print-only.pdf",
    "",
    "adminpass",
    allow_print=True,
    allow_copy=False,
    allow_modify=False,
)

WASM

const doc = new WasmPdfDocument(bytes);
const printOnly = doc.saveEncryptedToBytes(
    "",           // No password to open
    "adminpass",
    true,         // allowPrint
    false,        // allowCopy
    false,        // allowModify
    true          // allowAnnotate
);
doc.free();

Rust

let config = EncryptionConfig::new("", "adminpass")
    .with_permissions(Permissions::print_only());
doc.save_with_encryption("print-only.pdf", config)?;

Opções de permissão

Parâmetro Padrão Descrição
allow_print True Permitir imprimir o documento
allow_copy True Permitir copiar texto e gráficos
allow_modify True Permitir modificar o conteúdo
allow_annotate True Permitir adicionar anotações

Descriptografando PDFs

Abrir com senha

Python

from pdf_oxide import PdfDocument

doc = PdfDocument("encrypted.pdf", password="secret")
text = doc.extract_text(0)
print(f"Pages: {doc.page_count()}")

WASM

const doc = new WasmPdfDocument(encryptedBytes);
doc.authenticate("secret");
const text = doc.extractText(0);
console.log(`Pages: ${doc.pageCount()}`);
doc.free();

Rust

let mut doc = Pdf::open_with_password("encrypted.pdf", "secret")?;
let text = doc.extract_text(0)?;
println!("Pages: {}", doc.page_count()?);

C++

auto doc = pdf_oxide::Document::open_with_password("encrypted.pdf", "secret");
auto text = doc.extract_text(0);
std::cout << "Pages: " << doc.page_count() << "\n";

Swift

let doc = try Document.openWithPassword("encrypted.pdf", password: "secret")
let text = try doc.extractText(0)
print("Pages: \(try doc.pageCount())")

Dart

final doc = PdfDocument.openWithPassword('encrypted.pdf', 'secret');
final text = doc.extractText(0);
print('Pages: ${doc.pageCount}');

R

doc <- pdf_open_with_password("encrypted.pdf", "secret")
text <- pdf_extract_text(doc, 0)
cat("Pages:", pdf_page_count(doc), "\n")

Julia

doc = open_with_password("encrypted.pdf", "secret")
text = extract_text(doc, 0)
println("Pages: ", page_count(doc))

Zig

var doc = try pdf_oxide.Document.openWithPassword("encrypted.pdf", "secret");
defer doc.deinit();
const text = try doc.extractText(a, 0);
defer a.free(text);
std.debug.print("Pages: {d}\n", .{try doc.pageCount()});

Objective-C

POXDocument *doc = [POXDocument openWithPassword:@"encrypted.pdf" password:@"secret" error:&err];
NSString *text = [doc extractText:0 error:&err];
NSLog(@"Pages: %ld", (long)[doc pageCountError:&err]);

Elixir

{:ok, doc} = PdfOxide.open_with_password("encrypted.pdf", "secret")
{:ok, text} = PdfOxide.extract_text(doc, 0)
{:ok, pages} = PdfOxide.page_count(doc)
IO.puts("Pages: #{pages}")

Salvar sem criptografia

Abra um PDF criptografado e salve uma cópia sem criptografia:

Python

from pdf_oxide import PdfDocument

doc = PdfDocument("encrypted.pdf", password="secret")
doc.save("decrypted.pdf")

WASM

const doc = new WasmPdfDocument(encryptedBytes);
doc.authenticate("secret");
const decrypted = doc.save();
// decrypted is an unencrypted Uint8Array
doc.free();

Rust

let mut doc = Pdf::open_with_password("encrypted.pdf", "secret")?;
doc.save("decrypted.pdf")?;

Criptografar novamente com outra senha

Python

from pdf_oxide import PdfDocument

doc = PdfDocument("old-protected.pdf", password="oldpass")
doc.save_encrypted("new-protected.pdf", "newuser", "newowner")

WASM

const doc = new WasmPdfDocument(encryptedBytes);
doc.authenticate("oldpass");
const reEncrypted = doc.saveEncryptedToBytes("newuser", "newowner", true, true, true, true);
doc.free();

Rust

let mut doc = Pdf::open_with_password("old-protected.pdf", "oldpass")?;
doc.save_encrypted("new-protected.pdf", "newuser", "newowner")?;

Criptografia em lote

Criptografe todos os PDFs de um diretório:

from pdf_oxide import PdfDocument, PdfError
from pathlib import Path

input_dir = Path("reports/")
output_dir = Path("protected/")
output_dir.mkdir(exist_ok=True)

for pdf_path in input_dir.glob("*.pdf"):
    try:
        doc = PdfDocument(str(pdf_path))
        out_path = output_dir / pdf_path.name
        doc.save_encrypted(
            str(out_path),
            "company2025",
            "admin2025",
            allow_print=True,
            allow_copy=False,
        )
        print(f"Encrypted: {pdf_path.name}")
    except PdfError as e:
        print(f"Failed: {pdf_path.name}: {e}")

Descriptografia em lote

Descriptografe todos os PDFs com uma senha conhecida:

from pdf_oxide import PdfDocument, PdfError
from pathlib import Path

input_dir = Path("protected/")
output_dir = Path("decrypted/")
output_dir.mkdir(exist_ok=True)

for pdf_path in input_dir.glob("*.pdf"):
    try:
        doc = PdfDocument(str(pdf_path), password="company2025")
        out_path = output_dir / pdf_path.name
        doc.save(str(out_path))
        print(f"Decrypted: {pdf_path.name}")
    except PdfError as e:
        print(f"Failed: {pdf_path.name}: {e}")

Algoritmos suportados

O PDF Oxide é compatível com todos os algoritmos padrão de criptografia de PDF:

Algoritmo Tamanho da chave Segurança
AES-256 256 bits Mais forte (padrão)
AES-128 128 bits Forte
RC4-128 128 bits Legado
RC4-40 40 bits Fraco (apenas compatibilidade)

save_encrypted() usa AES-256 por padrão. Para selecionar o algoritmo explicitamente, use a API do Rust com EncryptionConfig.

Por que não pdfplumber ou pdfminer?

Nem pdfplumber nem pdfminer lidam com PDFs criptografados:

  • pdfplumber — dispara erro em PDFs protegidos por senha. Sem suporte a descriptografia.
  • pdfminer — suporte limitado à criptografia; falha em arquivos protegidos com AES-256.
  • pypdf — suporta descriptografia, mas é 15× mais lento que o PDF Oxide para extração de texto após descriptografar.

Se você precisa processar PDFs criptografados em escala, o PDF Oxide resolve tanto a descriptografia quanto a criptografia de forma nativa, com AES-128 e AES-256.

Páginas relacionadas