Previous Next

                                              131
      SECTION 3.5                                                               Encryption



         • When SubFilter is adbe.pkcs7.s3, the relevant permissions are restricted to
           those specified for revision 2 of the standard security handler.
         • For adbe.pkcs7.s4, revision 3 permissions apply.
         • For adbe.pkcs7.s5, which supports the use of crypt filters, the permissions
           are the same as adbe.pkcs7.s4 when the crypt filter is referenced from the
           StmF or StrF entries of the encryption dictionary. When referenced from the
           Crypt filter decode parameter dictionary of a stream object (see Table 3.12),
           the 4 bytes of permissions are absent from the enveloped data.

      The algorithms that may be used to encrypt the enveloped data in the PKCS#7
      object are: RC4 with key lengths up to 256-bits, DES, Triple DES, RC2 with key
      lengths up to 128 bits, 128-bit AES in Cipher Block Chaining (CBC) mode, 192-
      bit AES in CBC mode, 256-bit AES in CBC mode. Acrobat products have used
      Triple DES to encrypt the enveloped data, and support all of these listed
      algorithms when decrypting the enveloped data. The PKCS#7 specification is in
      Internet RFC 2315, PKCS #7: Cryptographic Message Syntax, Version 1.5 (see the
      Bibliography).

      The encryption key that is used by Algorithm 3.1 is calculated by means of an
      SHA-1 message digest operation that digests the following data, in order:

      1. The 20 bytes of seed
      2. The bytes of each item in the Recipients array of PKCS#7 objects in the order
         in which they appear in the array
      3. 4 bytes with the value 0xFF if the key being generated is intended for use in
         document-level encryption and the document metadata is being left as plain-
         text

      The first n/8 bytes of the resulting digest is used as the encryption key, where n is
      the bit length of the RC4 key.

3.5.4 Crypt Filters

      PDF 1.5 introduces crypt filters, which provide finer granularity control of
      encryption within a PDF file. The use of crypt filters involves the following
      structures:
      • The encryption dictionary (see Table 3.18) contains entries that enumerate the
        crypt filters in the document (CF) and specify which ones are used by default to

Previous Next