Set privileges on PDF document using owner password in C# with Aspose.PDF for .NET - Reading Password is removed in output

I have a site, where users upload PDF files, with the option to password protect them during upload with a user defined password.

During upload I add an “Owner Password” that is fixed for all PDFs and the password for reading the file, provided by the user.

Now, I would like to modify the security properties of the file (e.g. Allow Print, etc) using the Owner Password (which I know). I am using Aspose to do that and it seems to work, but I notice that the password for reading the document is removed.

Is there any way to keep the password protection for reading the file? I do not have the original user passwords stored anywhere, so I cannot re-protect the uploaded files. I would like to keep that protection intact and only modify the document “allow print” property.

Is this possible?

What I use now, to change the security, is this:

string password = null;
string ownerPassword = "sth";
PdfFileSecurity.EncryptFile(password, ownerPassword, docP, KeySize.x256, Algorithm.AES);

Notice that password is null.
Also, using :


…also removes the password protection for reading the document.


Since you are setting the user password as Null while specifying owner password, the reading password is getting removed. Furthermore, would you kindly provide a sample PDF document for our reference, which we can test in our environment and share our feedback with you.

I attach a demo project.
Just drop a PDF file on it.
It will first protect it using a “Owner-Password” and a “Read-Password”.

Then it tries to update the permissions by using the “Owner-Password”.
The “Read-Password” is unknown at that stage on my case, so it cannot be used.
But whatever I do, the new PDF (that has the updated permissions) is not protected with the old “Read-Password” anymore. (10.2 KB)


Thanks for further explanation.

We have logged an investigation ticket as PDFNET-47667 in our issue tracking system. We will further investigate the ticket in details and keep you posted with the status of its resolution. Please be patient and spare us little time.

We are sorry for the inconvenience.

Has this issue being corrected yet? PDFNET-47667


Please note that the earlier logged ticket is currently under the phase of investigation. It will be resolved on a first come first serve basis. We will surely inform you as soon as it is resolved. Please be patient and spare us some time.

We are sorry for the inconvenience.


We have further investigated the ticket. Sorry, but it is not possible.

More details:

Privilege change process = re-encryption process.
pdfOutput.SetPrivilege(docP); // really here used empty user passwords for encryption

Encryption based on (from pdf reference):
O string (Required) A 32-byte string, based on both the owner and user passwords, is used in computing the encryption key and in determining whether a valid owner password was entered.
U string (Required): A 32-byte string, based on the user password, that is used in determining whether to prompt the user for a password and, if so, whether a valid user or owner password was entered.

User password used in hash in it.
You cannot restore user passwords from hash.
Indeed, the user’s password was lost earlier, after the first encryption. The document contains only a hash of the user’s password.

pdfOutput.SetPrivilege(null, ownerPassword, docP);//here user password is empty
pdfOutput.SetPrivilege(docP);//here both passwords are empty (but the owner password is set as a random string in the process)

Privileges are closely related to user passwords. User password required to set Privilege.