Previous Next

                                             125
SECTION 3.5                                                                        Encryption



Algorithm 3.2 Computing an encryption key

   1.   Pad or truncate the password string to exactly 32 bytes. If the password string is
        more than 32 bytes long, use only its first 32 bytes; if it is less than 32 bytes long,
        pad it by appending the required number of additional bytes from the beginning
        of the following padding string:
            < 28 BF 4E 5E 4E 75 8A 41 64 00 4E 56 FF FA 01 08
              2E 2E 00 B6 D0 68 3E 80 2F 0C A9 FE 64 53 69 7A >

        That is, if the password string is n bytes long, append the first 32 − n bytes of the
        padding string to the end of the password string. If the password string is empty
        (zero-length), meaning there is no user password, substitute the entire padding
        string in its place.
   2.   Initialize the MD5 hash function and pass the result of step 1 as input to this func-
        tion.
   3.   Pass the value of the encryption dictionary’s O entry to the MD5 hash function.
        (Algorithm 3.3 shows how the O value is computed.)
   4.   Treat the value of the P entry as an unsigned 4-byte integer and pass these bytes to
        the MD5 hash function, low-order byte first.
   5.   Pass the first element of the file’s file identifier array (the value of the ID entry in
        the document’s trailer dictionary; see Table 3.13 on page 97) to the MD5 hash
        function. (See implementation note 26 in Appendix H.)
   6.   (Revision 4 or greater) If document metadata is not being encrypted, pass 4 bytes
        with the value 0xFFFFFFFF to the MD5 hash function.
   7.   Finish the hash.
   8.   (Revision 3 or greater) Do the following 50 times: Take the output from the previ-
        ous MD5 hash and pass the first n bytes of the output as input into a new MD5
        hash, where n is the number of bytes of the encryption key as defined by the value
        of the encryption dictionary’s Length entry.
   9.   Set the encryption key to the first n bytes of the output from the final MD5 hash,
        where n is always 5 for revision 2 but, for revision 3 or greater, depends on the val-
        ue of the encryption dictionary’s Length entry.

This algorithm, when applied to the user password string, produces the
encryption key used to encrypt or decrypt string and stream data according to
Algorithm 3.1 on page 119. Parts of this algorithm are also used in the algorithms
described below.

Previous Next