Previous Next 


                                             115
    SECTION 3.5                                                                Encryption



      might also be defined in the update table. Since they are part of the hidden sec-
      tion, however, it makes sense to define them in the cross-reference stream.
    • The update cross-reference section must appear at the end of the file, but other-
      wise, there are no ordering restrictions on any of the objects or on the main
      cross-reference section. However, a file that uses both the hybrid-reference for-
      mat and the linearized format has ordering requirements (see Appendix F,
      “Linearized PDF”).


3.5 Encryption

    A PDF document can be encrypted (PDF 1.1) to protect its contents from un-
    authorized access. Encryption applies to all strings and streams in the document’s
    PDF file, but not to other object types such as integers and boolean values, which
    are used primarily to convey information about the document’s structure rather
    than its content. Leaving these values unencrypted allows random access to the
    objects within a document, whereas encrypting the strings and streams protects
    the document’s substantive contents.

    Note: When a PDF stream object (see Section 3.2.7, “Stream Objects”) refers to an
    external file, the stream’s contents are not encrypted, since they are not part of the
    PDF file itself. However, if the contents of the stream are embedded within the PDF
    file (see Section 3.10.3, “Embedded File Streams”), they are encrypted like any other
    stream in the file. Beginning with PDF 1.5, embedded files may be encrypted in an
    otherwise unencrypted document (see Section 3.5.4, “Crypt Filters”).

    Encryption-related information is stored in a document’s encryption dictionary,
    which is the value of the Encrypt entry in the document’s trailer dictionary (see
    Table 3.13 on page 97). The absence of this entry from the trailer dictionary
    means that the document is not encrypted. The entries shown in Table 3.18 are
    common to all encryption dictionaries.

    The encryption dictionary’s Filter entry identifies the file’s security handler, a
    software module that implements various aspects of the encryption process and
    controls access to the contents of the encrypted document. PDF specifies a
    standard password-based security handler that all consumer applications are
    expected to support, but applications may optionally provide security handlers of
    their own.

Previous Next