Previous Next
132
CHAPTER 3 Syntax
decrypt all the streams (StmF) and strings (StrF) in the document. In addition,
the value of the V entry must be 4 to use crypt filters.
• Each crypt filter specified in the CF entry of the encryption dictionary is repre-
sented by a crypt filter dictionary, whose entries are shown in Table 3.22.
• A stream filter type, the Crypt filter (see Section 3.3.9, “Crypt Filter”) can be
specified for any stream in the document to override the default filter for
streams. A standard Identity filter is provided (see Table 3.23) to allow specific
streams, such as document metadata, to be unencrypted in an otherwise en-
crypted document. The stream’s DecodeParms entry must contain a Crypt filter
decode parameters dictionary (see Table 3.12) whose Name entry specifies the
particular crypt filter to be used (if missing, Identity is used). Different streams
may specify different crypt filters; however, see implementation notes 28 and
29 in Appendix H.
Authorization to decrypt a stream must always be obtained before the stream can
be accessed. This typically occurs when the document is opened, as specified by a
value of DocOpen for the AuthEvent entry in the crypt filter dictionary. PDF
consumer applications and security handlers should treat any attempt to access a
stream for which authorization has failed as an error. AuthEvent may also be
EFOpen, which indicates the presence of an embedded file that is encrypted with
a crypt filter that may be different from the crypt filters used by default to encrypt
strings and streams in the document; see implementation note 31 in Appendix H.
By specifying a value of None for the CFM entry in the crypt filter dictionary, the
security handler can do its own decryption. This allows the handler to tightly
control key management and use any preferred symmetric-key cryptographic
algorithm.
TABLE 3.22 Entries common to all crypt filter dictionaries
KEY TYPE VALUE
Type name (Optional) If present, must be CryptFilter for a crypt filter dictionary.
Previous Next