Documentation

Technical documentation for the PestControlOS CRM and Android app.

Architecture, security, Firestore model, and feature details for developers and technical reviewers.

PDF encryption (password-protected PDFs)

Technical specification for password protection and encryption of generated PDFs.

Scope

  • Create Report (Android): Optional "Password protect PDF" checkbox. When enabled, user sets an owner password; the generated PDF is encrypted. Viewing and printing allowed without password; editing (e.g. in PDF editors) requires the owner password.
  • Action Forms (Android): Optional password protection via checkbox; dialog prompts for owner password. Same semantics: view/print allowed; edit restricted.

Implementation (iText)

  • Encryption: Use iText’s encryption API (e.g. PdfWriter.setEncryption() or equivalent). Set user password to empty or a fixed value so opening for view/print does not prompt; set owner password to user-provided value. Permissions: allow printing, allow copying (optional), deny modification except with owner password.
  • Algorithm: Use standard PDF encryption (e.g. 128-bit or 256-bit AES per PDF spec). iText supports AES-256 and legacy RC4; prefer AES-256 for new documents.
  • Compression: All generated PDFs (including encrypted) use full compression. Apply compression before or after encryption per iText API order.

Key handling

  • Owner password is collected in-app via dialog; passed to PDF generator; not stored. PDF is written to file or stream and then uploaded or saved. No server-side password storage; decryption only by recipient with owner password in external editor if needed.
  • User password: if set to empty, any reader can open for view/print. If set to a value, opening requires that password; typically left empty for "view/print allowed, edit restricted" workflow.

Storage and distribution

  • Encrypted PDFs are stored in Firebase Storage or local external storage like unencrypted PDFs. Access control (who can download) is via Storage rules and application logic; encryption adds a second layer (edit restriction) after download.
  • Compliance: encryption supports "sensitive document" handling and audit (document was protected at creation). No key escrow or central decryption in this design; owner password is user-managed.

Testing

  • Generate PDF with password enabled; open in viewer: should open without password for view/print. Open in editor: should prompt for owner password to allow modifications. Verify compression is applied (file size reasonable).
We use essential cookies and local storage to run this website. See our Cookie Policy.