Previous Next

                                             127
SECTION 3.5                                                                        Encryption



Algorithm 3.5 Computing the encryption dictionary’s U (user password) value (Revision 3
or greater)

   1.   Create an encryption key based on the user password string, as described in Algo-
        rithm 3.2.
   2.   Initialize the MD5 hash function and pass the 32-byte padding string shown in
        step 1 of Algorithm 3.2 as input to this function.
   3.   Pass the first element of the file’s file identifier array (the value of the ID entry in
        the document’s trailer dictionary; see Table 3.13 on page 97) to the hash function
        and finish the hash. (See implementation note 26 in Appendix H.)
   4.   Encrypt the 16-byte result of the hash, using an RC4 encryption function with the
        encryption key from step 1.
   5.   Do the following 19 times: Take the output from the previous invocation of the
        RC4 function and pass it as input to a new invocation of the function; use an en-
        cryption key generated by taking each byte of the original encryption key (ob-
        tained in step 1) and performing an XOR (exclusive or) operation between that
        byte and the single-byte value of the iteration counter (from 1 to 19).
   6.   Append 16 bytes of arbitrary padding to the output from the final invocation of
        the RC4 function and store the 32-byte result as the value of the U entry in the en-
        cryption dictionary.

The standard security handler uses Algorithms 3.6 and 3.7 to determine whether
a supplied password string is the correct user or owner password. Note too that
Algorithm 3.6 can be used to determine whether a document’s user password is
the empty string, and therefore whether to suppress prompting for a password
when the document is opened.

Algorithm 3.6 Authenticating the user password

   1.   Perform all but the last step of Algorithm 3.4 (Revision 2) or Algorithm 3.5 (Revi-
        sion 3 or greater) using the supplied password string.
   2.   If the result of step 1 is equal to the value of the encryption dictionary’s U entry
        (comparing on the first 16 bytes in the case of Revision 3 or greater), the password
        supplied is the correct user password. The key obtained in step 1 (that is, in the
        first step of Algorithm 3.4 or 3.5) can be used to decrypt the document using Al-
        gorithm 3.1 on page 119.

Previous Next