The PDF Security & Compliance Server
PDF security is a major concern for developers handling sensitive documents. Whether encrypting files, removing passwords, validating signatures, or redacting confidential information, choosing the right tool can save time and ensure compliance.
Two contenders in this space are StirlingPDF and IronSecureDoc. StirlingPDF is an open-source solution that offers a broad set of security-focused features, making it a flexible choice for developers. IronSecureDoc, on the other hand, is a structured enterprise-grade tool designed for stronger access control, digital signing, and document integrity verification.
This comparison will focus exclusively on security features, breaking down encryption, signature handling, password management, and redaction. By the end, you’ll have a clearer picture of which solution best meets your security needs, backed by practical insights to help you make the right choice.
For developers working with PDFs, security isn’t just about restricting access—it’s about ensuring documents remain protected, verifiable, and tamper-proof. Having the right security measures in place is critical for handling sensitive business reports, legal documents, or confidential records.
Different use cases demand different levels of security:
Basic Protection: Password encryption to restrict access.
Document Integrity: Digital signatures to verify authenticity.
Data Privacy: Redaction to permanently remove sensitive information.
Beyond just securing a document, organizations often require auditability and compliance to ensure legal validity and data protection standards are met.
This is where IronSecureDoc excels. It provides a comprehensive security suite designed for enterprise-grade encryption, signature verification, and advanced access control. While StirlingPDF offers a capable set of security tools, IronSecureDoc goes further with stronger encryption algorithms, enhanced redaction capabilities, and compliance-focused features built for industries handling sensitive data. We’ll break down how IronSecureDoc’s security features outperform standard open-source solutions, helping you determine the best choice for your document protection needs.
IronSecureDoc is a security-focused PDF library designed for developers who need robust encryption, digital signatures, redaction, and access control. Built for enterprise use, it provides a structured API that ensures sensitive documents remain protected, authenticated, and compliant with security standards.
IronSecureDoc isn’t just about locking PDFs—it offers fine-grained control over document permissions, advanced signature validation, and automated redaction of confidential information. With seamless integration into .NET applications, it’s a solid choice for organizations handling legal, financial, and confidential records that require a high level of security.
StirlingPDF is an open-source PDF toolkit offering a broad set of security features, including digital signatures, encryption, password removal, and redaction. It’s a flexible option for developers looking for free, customizable PDF security tools.
While StirlingPDF provides a strong set of features, it lacks some of the enterprise-focused security capabilities that IronSecureDoc offers. Compliance, deeper access control, and enhanced audit logging are areas where StirlingPDF may not be as strong, making it more suitable for general-use security rather than high-stakes document protection.
Setting up IronSecureDoc is straightforward, thanks to its Docker-based deployment. This allows developers to quickly integrate its security features without dealing with complex installations.
To get started, pull the latest IronSecureDoc Docker image:
docker pull ironsoftwareofficial/ironsecuredoc:latestOnce the image is downloaded, run the container with the necessary environment variables:
docker container run --rm -p 8080:8080 -e IronSecureDoc_LicenseKey=<IRONSECUREDOC_LICENSE_KEY> -e ENVIRONMENT=Development -e HTTP_PORTS=8080 ironsoftwareofficial/ironsecuredoc:latestReplace
Once the container is up and running, you can explore the API endpoints using Swagger:
With this setup, you can start integrating IronSecureDoc’s advanced security features into your application.
StirlingPDF is an open-source PDF processing tool that can be quickly deployed using Docker. Setting it up is simple and allows you to leverage its security and document manipulation features right away.
First, download the latest StirlingPDF Docker image by running:
docker pull casjaysdevdocker/stirlingpdf:latestOr search for it in Docker Desktop:
Once the image is available, you can start a new container. In the Docker interface, configure the settings as follows:
Container Name: StirlingPDF
Alternatively, you can run it via CLI:
docker run --rm -p 8090:8080 casjaysdevdocker/stirlingpdf:latest
Once the container is running, access the StirlingPDF Swagger UI to explore available API endpoints:
http://localhost:8090/swagger-ui/index.html#/
With this setup, you can start using StirlingPDF’s document security features.
When it comes to handling confidential information, one of the most important security features is redaction, the ability to remove sensitive content from PDF documents permanently. IronSecureDoc excels at this task, providing a user-friendly and efficient API endpoint to quickly redact specific words or phrases.
Flexible Text Redaction: Users can specify exact words or phrases for redaction. The API supports both partial and whole-word matching, configurable through query parameters.
Case Sensitivity Control: It allows toggling case-sensitive matching, giving precise control over redaction behavior.
To illustrate this, consider a PDF document containing the phrase "Dummy":
Using IronSecureDoc’s straightforward API, developers can easily issue a command to redact the sensitive text.
Here's a practical example using Curl:
curl -X 'POST' \
'http://localhost:8080/v1/document-services/pdfs/redact-text?draw_black_box=true&match_whole_word=false&words_to_redact=Dummy&match_case=false&save_as_pdfa=false&save_as_pdfua=false' \
-H 'accept: */*' \
-H 'Content-Type: multipart/form-data' \
-F 'pdf_file=@test.pdf;type=application/pdf'Once the command executes successfully, you'll receive a response similar to the following:
The resulting PDF demonstrates IronSecureDoc's effective redaction capability. Sensitive content is obscured permanently, ensuring that confidential information remains secure:
IronSecureDoc also supports advanced redaction methods, such as redacting content using regular expressions or specific regions within a PDF:
/v1/document-services/pdfs/redact-regular-expression
This simple yet powerful feature ensures documents maintain privacy and comply with strict data protection standards.
Certifying documents ensures the authenticity and integrity of PDF files. IronSecureDoc simplifies this process using a dedicated API. Here is how you can certify a PDF document using Swagger UI:
curl -X 'POST' \
'http://localhost:8080/v1/document-services/pdfs/certify?certificate_password=P%40ssw0rd123&certificate_permissions=3' \
-H 'accept: */*' \
-H 'Content-Type: multipart/form-data' \
-F 'pdf_file=@test.pdf;type=application/pdf' \
-F 'certificate_file=@certificate.p12;type=application/x-pkcs12'When this API is called, the PDF is signed with a digital certificate, which locks down its content and proves its legitimacy. The certificate_permissions parameter determines what recipients can do with the document after certification, such as printing or filling out forms.
The server response includes a downloadable, certified file. This provides a seamless way to automate the certification process and ensure that your PDFs are secure, verifiable, and compliant.
Alongside certification, IronSecureDoc provides another crucial capability—digitally signing PDF documents. Unlike certification, which locks the entire document, a digital signature adds verification without necessarily restricting edits.
Using the /v1/document-services/pdfs/sign endpoint in the Swagger UI, you can place a visible signature image onto a specific page of the document. You can even customize its location and dimensions by adjusting the signature_image_x, signature_image_y, signature_image_w, and signature_image_h parameters.
In addition to signature placement, you can provide a user or owner password, apply a certificate for enhanced trust, and optionally convert the document to PDF/A or PDF/UA formats for compliance.
To sign a document:
Upload the PDF you want to sign.
Upload a valid digital certificate file (.p12 format).
Upload an image file of the signature (PNG or JPEG).
Set signature placement coordinates and size.
Once complete, the server will return a digitally signed PDF ready for distribution. This feature is great for automating approval workflows, confirming authorship, or adding branding to official documents—all while maintaining document integrity.
One of the most important pillars of PDF security is encryption. With IronSecureDoc, developers can encrypt documents using strong user and owner passwords while also fine-tuning permission settings for document usage. To perform this action using Swagger UI, navigate to the /v1/document-services/pdfs/encrypt endpoint and configure the required fields:
You can restrict a variety of document features, such as:
Content extraction
Form filling
Annotations
Printing
Just set all these options to false if you want a completely locked-down document. Here’s the equivalent CURL command for reference:
curl -X 'POST' \
'http://localhost:8080/v1/document-services/pdfs/encrypt?allow_extracting_content=false&allow_form_filling=false&allow_annotations=false&allow_printing=false&allow_modifications=false&new_user_password=123&new_owner_password=123' \
-H 'accept: */*' \
-H 'Content-Type: multipart/form-data' \
-F 'pdf_file=@test.pdf;type=application/pdf'
Once executed, the output will be a fully encrypted PDF file that prompts the user to enter a password upon opening.
This functionality is essential for protecting sensitive records, limiting access, and ensuring document control even after distribution. Whether it's for internal memos, legal documents, or client reports, IronSecureDoc makes it easy to enforce document security without breaking your development flow.
Need to pull content out of a PDF file? IronSecureDoc offers a fast and accurate way to extract text using the /v1/document-services/pdfs/extract endpoint. This feature is especially handy when you want to automate content retrieval from invoices, reports, or large documents without manually copying and pasting. To extract text, head over to the Swagger UI and upload your file using the provided form:
The parameters allow you to enter passwords (if the PDF is protected) and even specify page numbers if you only need content from selected pages. Alternatively, you can use the following CURL command:
curl -X 'POST' \
'http://localhost:8080/v1/document-services/pdfs/extract' \
-H 'accept: */*' \
-H 'Content-Type: multipart/form-data' \
-F 'pdf_file=@long_text_test.pdf;type=application/pdf'Once executed, the API returns the extracted text as a plain response body:
This output can then be parsed, stored, or analyzed as needed. It's simple, fast, and doesn’t require any special plugins or manual review. Whether you're building a document processing pipeline or want quick access to a file’s content, this feature gets the job done.
Before processing any secured PDF, it’s a good idea to check whether your password is valid. IronSecureDoc provides a quick and reliable way to verify both user and owner passwords using the /v1/document-services/pdfs/verify-password endpoint. This is especially helpful when automating workflows that involve third-party documents or archived files, where password accuracy must be confirmed before further action.
In the Swagger UI, upload the secured PDF, then fill in the relevant user_password or owner_password field, depending on your access level:
Once submitted, the API will return a success (200 OK) if the password is valid, or an error if it’s not. This lightweight validation step can save time, prevent unnecessary failures, and help streamline automated PDF handling.
Verifying a digital signature is a crucial step to ensure that a PDF document has not been altered since it was signed and that the signature is valid. IronSecureDoc provides this functionality through the /v1/document-services/pdfs/verify-signatures endpoint. This endpoint is especially useful when documents are received from external sources or when compliance and trust are essential.
In the Swagger UI, all you need to do is upload the signed PDF file and, if necessary, enter the user_password or owner_password to access the file:
You can also run this process using a CURL request:
curl -X 'POST' \
'http://localhost:8080/v1/document-services/pdfs/verify-signatures' \
-H 'accept: */*' \
-H 'Content-Type: multipart/form-data' \
-F 'pdf_file=@test_Signed.pdf;type=application/pdf'After executing the request, the API returns detailed verification results in JSON format. If the signature is intact and authentic, it will return true. If tampered with or invalid, you'll see detailed failure indicators.
This feature ensures every signature in your PDF workflow is verifiable and secure—an essential step for legal, financial, and compliance-sensitive documents.
StirlingPDF offers a straightforward and flexible way to redact content from PDF documents using its /api/v1/security/auto-redact endpoint. This feature is ideal for developers looking to remove sensitive words or patterns from PDFs without needing advanced setup.
In the Swagger UI, you can easily configure redaction parameters. You upload a PDF, enter the list of text to redact (such as "Dummy"), and adjust options like:
useRegex – Redact based on regular expressions
wholeWordSearch – Match whole words only
redactColor – Customize the redaction color (e.g., black #000000)
customPadding – Add spacing around redacted areas
Once you click Execute, StirlingPDF processes the file and removes all matching content based on your configuration.
Using the /api/v1/security/validate-signature endpoint, you can quickly check the authenticity of digital signatures embedded in a PDF file. The endpoint supports both default and custom certificate validation. All you need to do is submit a request body containing the fileInput (your PDF in base64 or file string) and optionally provide a certFile if you want to validate against a specific certificate.
This API responds with a JSON structure outlining the verification status.
StirlingPDF enables you to digitally sign PDF files using your certificates with the /api/v1/security/cert-sign endpoint. Through Swagger UI, you can upload your PDF and configure the digital signing options. Here’s what you’ll need:
fileInput – The PDF file to be signed
certType – The certificate type you’re using
privateKeyFile, certFile, p12File, or jksFile – Depending on the certificate type
You can also enhance the signing experience with:
showSignature – Visually display the signature in the PDF
reason, location, name – Metadata for the signature
pageNumber – The page where the signature should appear
Once you hit Execute, StirlingPDF processes the input and returns a digitally signed PDF.
StirlingPDF lets you lock documents with password protection using the /api/v1/security/add-password endpoint. This feature allows you to define user and owner passwords, along with fine-tuned permission settings.
Using Swagger UI, here’s how you set it up:
fileInput – Upload the PDF you want to secure
password – The user's password is required to open the document
ownerPassword – Controls editing permissions within the file
Beyond that, you can toggle document restrictions, such as:
canPrint, canModify, canFillInForm
canExtractContent, canExtractForAccessibility
When you hit Execute, the output will be a password-protected PDF with permissions exactly as configured.
IronSecureDoc offers enterprise-level licensing options tailored to meet diverse organizational requirements. Customers can choose between a standalone IronSecureDoc Enterprise License or the comprehensive Iron Suite Enterprise License, which includes IronSecureDoc along with other products.
Price: USD 14,999
Features:
Enterprise PDF Server supporting no code or any programming language, hosted locally or on the cloud
Unlimited PDF redaction, signing, and encryption to secure your documents
Supports offline air-gapped environments
Price: USD 19,995
Features:
Includes all Iron Software products: IronPDF, IronOCR, IronXL, IronWord, IronBarcode, and more
Unlimited developers, locations, and projects, including OEM redistribution
Bespoke perpetual enterprise license
Supports offline air-gapped environments
Enterprise-only options available
Iron Software provides various support and product update options to ensure uninterrupted service:
Yearly Subscription: $7,500 per year (renews yearly, cancel anytime)
1-Year Package: $10,000 (one-time purchase)
These packages offer access to ongoing product updates, security feature upgrades, and support from Iron Software's engineering team.
For organizations interested in assessing IronSecureDoc before making a purchase, a free trial is available. This trial provides full functionality, allowing comprehensive evaluation in a live environment without immediate financial commitment.
By selecting the appropriate licensing option, businesses can ensure robust document security tailored to their specific needs.
StirlingPDF offers a simple, open-source model:
Available under the AGPL v3 license, the core features are free to use and self-host. Suitable for developers or small internal use.
A commercial license is available for businesses that require non-AGPL compliance or additional support. Pricing is custom and requires contacting their team.
IronSecureDoc offers a comprehensive suite of documentation and support resources designed to facilitate seamless integration and operation within your organization.
IronSecureDoc provides detailed documentation that encompasses:
Quick Start Guides: Step-by-step instructions to get IronSecureDoc up and running in various environments, including local servers and cloud platforms.
API References: Comprehensive RESTful API documentation, detailing endpoints for tasks such as PDF redaction, encryption, and digital signing.
IronSecureDoc ensures robust support through:
Direct Engineering Assistance: Access to a team of dedicated engineers via live chat, email, or screen sharing, providing timely and knowledgeable responses to technical inquiries.
This structured approach to documentation and support underscores IronSecureDoc's dedication to delivering a user-centric experience, facilitating efficient implementation and ongoing utilization within enterprise environments.
StirlingPDF provides comprehensive documentation covering installation guides for various platforms, advanced configuration options, and an extensive list of features.
As an open-source project, StirlingPDF relies on community-driven support. Users can seek assistance through platforms like GitHub and Discord, where they can report issues, request features, and collaborate with other users and contributors.
When working with PDF documents, especially in enterprise environments, it's critical to have a reliable solution that goes beyond basic tools. Whether you're dealing with digital signing, encryption, redaction, or text extraction, the platform you choose should be capable of handling all your PDF requirements securely and efficiently.
IronSecureDoc delivers a comprehensive set of enterprise-ready features designed for professionals who take document protection seriously. Its Docker-based deployment, rich API surface, and dedicated engineering support team make it more than just a redaction tool. From signing contracts to verifying identities and restricting access to confidential files, IronSecureDoc supports a wide range of operations while ensuring seamless task execution within your infrastructure.
A standout feature of IronSecureDoc is its ability to function in a locally hosted web application, ideal for teams that need complete control over their data with zero outbound calls. Whether you're building an internal platform or automating document processing within a locally hosted system, the tool ensures your PDF documents are secured without compromising performance or server memory.
For users who regularly need to pdf convert, extract content based on page numbers, or restrict sensitive actions like copying or printing, IronSecureDoc provides a reliable set of APIs for integration. Additionally, every file downloaded from its platform can be tailored to your workflow, maintaining security standards for record-keeping and tracking purposes. It’s an ideal choice for secure and automated handling of PDF documents across teams and departments.
On the other hand, while StirlingPDF is a strong open-source tool that checks the box for basic features, it lacks the advanced configuration and long-term reliability expected in enterprise solutions. It may suit individual developers or small teams with limited PDF needs. However, organizations looking to centralize and scale their PDF tools will find limitations in community support, customizability, and update frequency.
Whether you’re running a legal department, automating HR workflows, or securing customer communications, PDFs exist at the heart of digital documentation. And when those documents demand encryption, digital trust, and compliant handling, IronSecureDoc meets those challenges with professional-grade precision.
In short, if you want to fulfill all your PDF needs, from digital signing and adding images to encryption and redaction, within a secure, scalable, and support-driven solution, IronSecureDoc is your answer. You can try it out with a free trial and see how it fits into your blog post or production environment. With its proven architecture and enterprise-grade focus, it's the smarter choice for developers and businesses managing secure PDF workflows.
docker pull ironsoftwareofficial/ironsecuredoc
docker pull ironsoftwareofficial/ironsecuredoc:latest
docker container run --rm -p 8080:8080 -e IronSecureDoc_LicenseKey=-e ENVIRONMENT=Development -e HTTP_PORTS=8080 ironsecuredoc:latest
No credit card required
Your trial key should be in the email.
The trial form was submitted
successfully.
If it is not, please contact
support@ironsoftware.com
No credit card required
Get started for FREE
No credit card required
Test in production without watermarks.
Works wherever you need it to.
Get 30 days of fully functional product.
Have it up and running in minutes.
Full access to our support engineering team during your product trial
No credit card or account creation required
Your trial key should be in the email.
If it is not, please contact
support@ironsoftware.com
Get started for FREE
No credit card required
Test in production without watermarks.
Works wherever you need it to.
Get 30 days of fully functional product.
Have it up and running in minutes.
Full access to our support engineering team during your product trial
Licenses from $749. Have a question? Get in touch.
Book a 30-minute, personal demo.
No contract, no card details, no commitments.
10 .NET API products for your office documents
