Motivation – When the Recipient Has No PKI
External contacts often have neither S/MIME nor PGP certificates. In addition to the portal, PDF encryption provides another alternative to securely reach recipients without key material. Nevertheless, sensitive content (patient reports, audit documents, specifications) must arrive encrypted.
Secure Communication Without Key Material
PDF Container – Functional Principle
PDF containers enable secure email communication even when the recipient has no encryption keys. All content is packaged into an encrypted PDF container.
• AES-256 encryption for maximum security
• Flexible password provision
• Compatible with all standard PDF readers
The PDF container ensures that sensitive information can be transmitted securely even without own key infrastructure.
Password Options
Practical Application Cases
Use Cases
PDF encryption is used in various industries and situations where secure communication without own key infrastructure is required.
• Authority ↔ Company: Award documents with password letter according to § 55 UVgO
• Supply Chain Audit: Inspection report to supplier without own key
• Support Return Channel: Message contains reply button "Respond Securely" → Portal login
These use cases demonstrate the versatility of PDF encryption for various compliance requirements and industries.
Automated Processing
Technical Process
The technical process of PDF encryption runs fully automatically through the workflow engine and various services that work seamlessly together.
• Workflow Engine: Detects "No Key" or Tag #PDFSEC
• PDF Service: PDF-Lib creates encrypted container
• Password Service: Selects appropriate password source
• Delivery: Mail with .pdf attachment is sent
• Additional Channel: Optional SMS gateway, API or letter printing for password
The entire process runs automatically and requires no manual intervention while meeting all compliance requirements.
Compliance Map
| Requirement | Implementation |
|---|---|
| DSGVO Art. 32 | AES-256, password policy, audit log |
| NIS2 | Encryption when PKI is missing, incident webhook |
| ISO 19005 (PDF/A) | Long-term archiving ensured |
'%3e%3ccircle%20cx='493.5'%20cy='493.5'%20r='249.5'%20fill='url(%23paint0_linear_144_957)'/%3e%3c/g%3e%3cdefs%3e%3cfilter%20id='filter0_f_144_957'%20x='0'%20y='0'%20width='987'%20height='987'%20filterUnits='userSpaceOnUse'%20color-interpolation-filters='sRGB'%3e%3cfeFlood%20flood-opacity='0'%20result='BackgroundImageFix'/%3e%3cfeBlend%20mode='normal'%20in='SourceGraphic'%20in2='BackgroundImageFix'%20result='shape'/%3e%3cfeGaussianBlur%20stdDeviation='122'%20result='effect1_foregroundBlur_144_957'/%3e%3c/filter%3e%3clinearGradient%20id='paint0_linear_144_957'%20x1='371.5'%20y1='477.5'%20x2='680'%20y2='363'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%23E42FE8'/%3e%3cstop%20offset='0.265625'%20stop-color='%236FCBFE'/%3e%3cstop%20offset='0.494792'%20stop-color='%239FB4FC'/%3e%3cstop%20offset='0.776042'%20stop-color='%23B7E4BB'/%3e%3cstop%20offset='1'%20stop-color='%236CF760'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e)
