PDF encryption makes use of the following encryption algorithms:
RC4, a symmetric stream cipher (i.e. the same algorithm can be used to encrypt and decrypt). RC4 is an older proprietary algorithm.
AES (Advanced Encryption Standard) specified in the standard FIPS-197. AES is a modern block cipher which is used in a variety of applications.
Since the actual encryption keys are unwieldy binary sequences, they are derived from more user-friendly passwords which consist of plain characters. In the course of PDF and Acrobat development the PDF encryption methods have been enhanced to use stronger algorithms, longer encryption keys, and more sophisticated passwords.
Encryption algorithms, key lengths, and passwords in PDF versions |
||
PDF and Acrobat version |
encryption algorithm and key length |
max. password length and password encoding |
PDF 1.1 - 1.3 (Acrobat 2-4) |
RC4 40-bit |
32 characters (Latin-1) |
PDF 1.4 (Acrobat 5) |
RC4 128-bit |
32 characters (Latin-1) |
PDF 1.5 (Acrobat 6) |
same as PDF 1.4, but different application of encryption method |
32 characters (Latin-1) |
PDF 1.6 (Acrobat 7) and PDF 1.7 = ISO 32000-1 (Acrobat 8) |
AES-128 |
32 characters (Latin-1) |
PDF 1.7 Adobe Extension Level 3 (Acrobat 9) |
AES-256 with weakness in password handling |
127 UTF-8 bytes (Unicode) |
PDF 1.7 Adobe Extension Level 8 (Acrobat X/XI) and PDF 2.0 = ISO 32000-2 (specification not yet publicly available) |
AES-256, but different password handling |
127 UTF-8 bytes (Unicode) |
PDF encryption doesn’t apply the user or master password directly for encrypting the document contents, but calculates an encryption key from the password and other parameters including the permission settings. The length of the encryption key used for actually encrypting the document is independent from the length of the password (see table above).
Passwords
PDF encryption internally works with encryption keys of 40, 128, or 256 bit depending on the PDF version. The binary encryption key is derived from a password provided by the user. The password is subject to length and encoding constraints:
- Up to PDF 1.7 (ISO 32000-1) passwords were restricted to a maximum length of 32 characters and could contain only characters from the Latin-1 encoding.
- PDF 1.7 Adobe Extension Level 3 introduced Unicode characters and bumped the maximum length to 127 bytes in the UTF-8 representation of the password. Since UTF-8 encodes characters with a variable length of 1-4 bytes the allowed number of Unicode characters in the password is less than 127 if it contains non-ASCII characters. For example, since Japanese characters usually require 3 bytes in UTF-8 representation, up to 42 Japanese characters can be used in passwords.
In order to avoid ambiguities, Unicode passwords are normalized by a process called SASLprep (specified in RFC 4013 based on Stringprep in RFC 3454). This process eliminates non-text characters and normalizes certain character classes (e.g. non-ASCII space characters are mapped to the ASCII space character U+0020). The password is normalized to Unicode normalization form NFKC, and special bidirectional processing is applied to avoid ambiguities which may otherwise arise if right-to-left and left-to-right characters are mixed in a password.
The strength of PDF encryption is not only determined by the length of the encryption key, but also by the length and quality of the password. It is widely known that names, plain words, etc. should not be used as passwords since these can easily be guessed or systematically tried using a so-called dictionary attack. Surveys have shown that a significant number of passwords are chosen to be the spouse’s or pet’s name, the user’s birthday, the children’s nickname etc., and can therefore easily be guessed.
VeryPDF PDF Security and Signature (Shell & COM & SDK) has ability to protect PDF files with 128 and 256 bits AES encryption,
https://www.verypdf.com/app/pdf-security-and-signature/try-and-buy.html#buy
for example, you can use following command lines to encrypt your PDF files with 256bit AES arithmetic,
-stringcrypt <string> : Set the string crypt filter, e.g., rc4, aes128, aes256, default is rc4
-streamcrypt <string> : Set the stream crypt filter, e.g., rc4, aes128, aes256, default is rc4
pdfsecure.exe -cername "VeryPDF" -ownerpwd 456 -stringcrypt AES256 -streamcrypt AES256 -perm 0 readme.pdf _out_10.pdf
pdfsecure.exe -cername "VeryPDF" -ownerpwd 456 -stringcrypt AES128 -streamcrypt AES128 -perm 0 readme.pdf _out_11.pdf
pdfsecure.exe -cername "VeryPDF" -ownerpwd 456 -keylen 128 -stringcrypt AES128 -streamcrypt AES128 -perm 0 -linearize readme.pdf _out_12.pdf