Graphics Programs Reference
In-Depth Information
The Encryption Dictionary
Look again at
Example 8-1
. An encryption dictionary has been included (object 5) and
referenced by the
/Encrypt
entry in the trailer dictionary. This encryption dictionary
contains, in this instance:
• The
/R
and
/V
entries which, together, define which encryption algorithms are to
be used.
• The
/P
entry, which is a bitfield indicating the permissions (view, print etc.) which
are attached to the use of the user password.
• The
/O
and
/U
entries which are used to verify the owner and user passwords re-
spectively.
• The
/Filter
entry which is
/Standard
for Adobe security methods.
Standard encryption methods provided are:
40-bit RC4 (PDF 1.1)
128-bit RC4 (PDF 1.4)
128-bit AES Encryption (PDF 1.5)
256-bit AES Encryption (PDF 1.7 ExtensionLevel 3)
The permissions bitfield for 40-bit RC4 (the first method to be introduced) allows for
a
/P
entry allowing a combination of printing, modification of the document, extraction
of text and graphics, and annotation. The 128-bit RC4 and later methods allow more
permission options.
The permissions are described in prose by the ISO standard and so the consistency of
their implementation by different PDF processing programs cannot be relied upon.
Reading Encrypted Documents
Any encrypted file may be read as usual, and parsed into an object graph, without regard
to its encryption. We can then inspect it for encryption by checking for the existence
of an
/Encrypt
entry in the trailer dictionary. Then, we try to decrypt the file using the
blank user password:
1. The contents of the encryption dictionary are read, and the encryption type
determined.
2. The user password is authenticated (it is processed using a one-way algorithm, and
compared with the
/U
entry in the encryption dictionary).
3. Using a further algorithm, an encryption key is calculated.
4. This key is used to decrypt each stream and string in the file. This can be done all
at once or, more efficiently, only when an object is actually needed.
5. The permissions are read, and enforced in any further operations done on the file.
