SECTION 3.5
119
Encryption
ways be 16 bytes, as specified in FIPS 197,
Advanced Encryption Standard
(AES);
see the Bibliography).
Strings and streams encrypted with AES use a padding scheme that is de-
scribed in Internet RFC 2898,
PKCS #5: Password-Based Cryptography Specifi-
cation Version 2.0;
see the Bibliography. For an original message length of M,
the pad consists of 16 - (M mod 16) bytes whose value is also 16 - (M mod 16).
For example, a 9-byte message has a pad of 7 bytes, each with the value 0x07.
The pad can be unambiguously removed to determine the original message
length when decrypting. Note that the pad is present when M is evenly divisible
by 16; it contains 16 bytes of 0x10.
PDF’s standard encryption methods also make use of the MD5 message-digest
algorithm for key generation purposes (described in Internet RFC 1321,
The
MD5 Message-Digest Algorithm;
see the Bibliography).
The encryption of data in a PDF file is based on the use of an
encryption key
computed by the security handler. Different security handlers compute the
encryption key using their own mechanisms. Regardless of how the key is
computed, its use in the encryption of data is always the same (see Algorithm
sequence of steps can be used both to encrypt and to decrypt data.
Algorithm 3.1
Encryption of data using the RC4 or AES algorithms
1.
Obtain the object number and generation number from the object identifier of the
string or stream to be encrypted (see Section 3.2.9, “Indirect Objects”). If the
string is a direct object, use the identifier of the indirect object containing it.
Treating the object number and generation number as binary integers, extend the
original
n-byte
encryption key to
n
+ 5 bytes by appending the low-order 3 bytes
of the object number and the low-order 2 bytes of the generation number in that
order, low-order byte first. (n is 5 unless the value of
V
in the encryption dictio-
nary is greater than 1, in which case
n
is the value of
Length
divided by 8.)
If using the AES algorithm, extend the encryption key an additional 4 bytes by
adding the value "sAlT", which corresponds to the hexadecimal values 0x73, 0x41,
0x6C, 0x54. (This addition is done for backward compatibility and is not intended
to provide additional security.)
2.
3.
Initialize the MD5 hash function and pass the result of step 2 as input to this func-
tion.