安全性

加密

gpdf 支持使用所有者密码和用户密码的 AES-256 加密（ISO 32000-2，Rev 6）。

仅设置所有者密码

PDF 无需密码即可打开，但编辑受到限制。

import (
    "github.com/gpdf-dev/gpdf"
    "github.com/gpdf-dev/gpdf/encrypt"
)

doc := gpdf.NewDocument(
    gpdf.WithPageSize(gpdf.A4),
    gpdf.WithEncryption(
        encrypt.WithOwnerPassword("owner-secret-123"),
    ),
)

用户密码和所有者密码

打开 PDF 需要用户密码。

doc := gpdf.NewDocument(
    gpdf.WithPageSize(gpdf.A4),
    gpdf.WithEncryption(
        encrypt.WithOwnerPassword("owner-pass"),
        encrypt.WithUserPassword("user-pass"),
    ),
)

权限控制

限制特定操作，如打印、复制或修改。

doc := gpdf.NewDocument(
    gpdf.WithPageSize(gpdf.A4),
    gpdf.WithEncryption(
        encrypt.WithOwnerPassword("owner"),
        encrypt.WithUserPassword("user"),
        encrypt.WithPermissions(encrypt.PermPrint|encrypt.PermCopy|encrypt.PermPrintHighRes),
    ),
)

可用权限：

Constant	Description
`encrypt.PermPrint`	允许打印
`encrypt.PermModify`	允许修改
`encrypt.PermCopy`	允许复制文本
`encrypt.PermAnnotate`	允许注释
`encrypt.PermPrintHighRes`	允许高分辨率打印
`encrypt.PermAll`	所有权限（默认）

PDF/A 合规性

生成符合 PDF/A 标准的存档级 PDF。

PDF/A-1b

import (
    "github.com/gpdf-dev/gpdf"
    "github.com/gpdf-dev/gpdf/pdfa"
)

doc := gpdf.NewDocument(
    gpdf.WithPageSize(gpdf.A4),
    gpdf.WithPDFA(), // defaults to PDF/A-1b
)

带元数据的 PDF/A-2b

doc := gpdf.NewDocument(
    gpdf.WithPageSize(gpdf.A4),
    gpdf.WithPDFA(
        pdfa.WithLevel(pdfa.LevelA2b),
        pdfa.WithMetadata(pdfa.MetadataInfo{
            Title:      "Annual Report 2026",
            Author:     "ACME Corp",
            Subject:    "Financial Report",
            Creator:    "gpdf",
            CreateDate: "2026-01-15T10:30:00+09:00",
            ModifyDate: "2026-01-15T10:30:00+09:00",
        }),
    ),
)

Level	Standard	Description
`pdfa.LevelA1b`	ISO 19005-1	PDF/A-1b（默认）
`pdfa.LevelA2b`	ISO 19005-2	PDF/A-2b

数字签名

使用 RSA 或 ECDSA 密钥通过 CMS/PKCS#7 数字签名对 PDF 进行签名。

基本签名

import (
    "github.com/gpdf-dev/gpdf"
    "github.com/gpdf-dev/gpdf/signature"
)

// Generate the PDF first
data, _ := doc.Generate()

// Sign it
signed, err := gpdf.SignDocument(data, signature.Signer{
    Certificate: cert,
    PrivateKey:  key,
},
    signature.WithReason("Approved"),
    signature.WithLocation("Tokyo"),
)

带证书链和时间戳

signed, err := gpdf.SignDocument(data, signature.Signer{
    Certificate: cert,
    PrivateKey:  key,
    Chain:       []*x509.Certificate{intermediateCert},
},
    signature.WithReason("Contract signed"),
    signature.WithLocation("New York"),
    signature.WithTimestamp("http://tsa.example.com"),
)

Option	Description
`signature.WithReason(reason)`	签名理由
`signature.WithLocation(location)`	签名地点
`signature.WithTimestamp(tsaURL)`	RFC 3161 时间戳授权机构 URL
`signature.WithSignTime(t)`	明确的签名时间（默认：当前时间）