Adobe Acrobat SDK
Syntax (Chapter 3 in PDF Reference)
Adobe® Supplement to the ISO 32000
3.5.2 Standard Security Handler 18
Encryption Key Algorithm
Modify the first paragraph of this section as shown.
As noted earlier, one function of a security handler is to generate an encryption key for use in encrypting
and decrypting the contents of a document. Given a password string, the standard security handler
computes an encryption key.
For revision 4 and earlier, the algorithm is as shown in Algorithm 3.2. For
revision 5, the algorithm is as shown in Algorithm 3.2a.
Algorithm 3.2
Computing an encryption key
1. The password string is generated from OS codepage characters by first converting the string to
PDFDocEncoding. If the input is Unicode, first convert to a codepage encoding, and then to
PDFDocEncoding for backward compatibility.
2. Initialize the MD5 hash function and pass the result of step 1 as input to this function.
3. Pass the value of the encryption dictionary’s
O
entry to the MD5 hash function. (Algorithm 3.3 shows
how the
O
value is computed.)
4. Treat the value of the
P
entry as an unsigned 4-byte integer and pass these bytes to the MD5 hash
function, low-order byte first.
5. Pass the first element of the file’s file identifier array (the value of the
ID
entry in the document’s trailer
dictionary; see Table 3.13 on page 97) to the MD5 hash function. (See implementation note 26 in
Appendix H.)
6. (
Revision 4 or greater
) If document metadata is not being encrypted, pass 4 bytes with the value
0xFFFFFFFF to the MD5 hash function.
7. Finish the hash.
8. (
Revision 3 or greater
) Do the following 50 times: Take the output from the previous MD5 hash and pass
the first n bytes of the output as input into a new MD5 hash, where n is the number of bytes of the
encryption key as defined by the value of the encryption dictionary’s
Length
entry.
Perms
string
(
ExtensionLevel 3; required if
R
is
5
) A16-byte string,
encrypted with the file encryption key, that contains an
encrypted copy of the permission flags.
For more information, see “Password Algorithms” on page
126.
EncryptMetadata
boolean
(
Optional;
meaningful only when the value of
V
is
4
or
5
;
PDF 1.5
) Indicates whether the document-level metadata
stream (see Section 10.2.2, “Metadata Streams”) is to be
encrypted. Applications should respect this value.
Default value:
true
.
TABLE 3.19 Additional encryption dictionary entries for the standard security handler
KEY
TYPE
VALUE