A valid path and filename for the new document if the dest-parameter is set to "F". Otherwise the name of the new PDF document.

This parameter can be used in 2 ways:

1. Standard Security

The owner password. If you want to use standard security.

If it is set to NULL, the API will, for security reasons, generate a random password.

The password string has to be in PDFDocEncoding (which is simliar to cp1252) if $encryption_strength is NOT set to SETAPDF_ENC_AES_256. If $encryption_strength is set to SETAPDF_ENC_AES_256 the password string has to be in UTF-8.

2. Public Key Security

An array holding recipient certificates and individual permissions.

Each entry defines a set of certificates and individual persmissions:

certs: Either a lone X.509 certificate, or an array of X.509 certificates. (Details)

permissions (optional): an array identical to the $permissions-parameter. If not set the permissions of the $permissions-parameter are set.

owner (optional): A boolean value. When set to true permits the change of encryption and enables all other permissions for the recipients in certs.

Public Key Security is only available if the $encryption_strength-parameter is set to SETAPDF_ENC_RC4_128, SETAPDF_ENC_AES_128 or SETAPDF_ENC_AES_256

The user password. If a user password is set, it will be asked for when opening the processed document in a viewer.

The password string has to be in PDFDocEncoding (which is simliar to cp1252) if $encryption_strength is NOT set to SETAPDF_ENC_AES_256. If $encryption_strength is set to SETAPDF_ENC_AES_256 the password string has to be in UTF-8.

Has no meaning when using Public Key Security.

This parameter defines the user privileges for a user opening or viewing the document. Each privilege has to be entered in the permissions array. Depending on the encryption strength, the following entries are possible:

Privileges for 40bit encryption (standard):

print

The user is allowed to print the document. If the key length is 128bit or greater the print quality is defined by the "degraded-print" flag.

modify

The user is allowed to modify the contents of the document by operations other than those controlled by "annot-forms", "fill-in" (>=128bit) and "assemble" (>=128bit).

copy

40bit: The user is allowed to copy or otherwise extract text and graphics from the document, including extracting text and graphics (in support of accessibility to disabled users or for other purposes).

128bit: The user is allowed to copy or otherwise extract text and graphics from the document by operations other than those controlled by "screenreaders".

annot-forms

The user is allowed to add or modify text annotations, fill in interactive form fields, and, if "modify" is also set, create or modify interactive form fields (including signature fields).

More privileges for 128/256bit encryption:

fill-in

The user is allowed to fill in existing interactive form fields (including signature fields), even if "annot-forms" is not set.

screenreaders

The user is allowed to extract text and graphics (in support of accessibility to disabled users or for other purposes).

assemble

The user is allowed to assemble the document (insert, rotate, or delete pages and create bookmarks or thumbnail images), even if "modify" is not set.

degraded-print

The user is allowed to print the document in a form that is equivalent to a true copy of the original PDF. When this is not set (and "print" is set), printing is limited to a lesser quality (Print As Image).

Expects an integer or predefined constant.

SETAPDF_ENC_RC4_40 = 0 - The document will be encrypted with the standard algorithm with a 40-bit encryption key.

SETAPDF_ENC_RC4_128 = 1 - The document will be encrypted with the standard algorithm with a 128-bit encryption key.

SETAPDF_ENC_AES_128 = 2 - The document will be encrypted with the AES algorithm with a 128-bit encryption key.

SETAPDF_ENC_AES_256 = 3 - The document will be encrypted with the AES algorithm with a 256-bit encryption key. (Available since PDF 1.7 / Acrobat >=9)

Defines how the encrypted document is handled:

• "F" saves the file to the file system
• "D" the file will be send to the client with a download dialogue
• "I" the file will be displayed in the client's browser window.

This parameter is only used if dest is set to "D" or "I". If it is set to true, the document will be sent immediately as soon as the first content bytes are available. In this case the length-header will not be sent. If this parameter is set to false, the whole document is held in memory until it is completely assembled.

The streaming facility is very effective, because the client does not become aware of any script processing time.