CHAPTER 3
128
Syntax
Algorithm 3.7
Authenticating the owner password
1.
2.
Compute an encryption key from the supplied password string, as described in
steps 1 to 4 of Algorithm 3.3.
(Revision 2 only)
Decrypt the value of the encryption dictionary’s
O
entry, using
an RC4 encryption function with the encryption key computed in step 1.
(Revision 3 or greater)
Do the following 20 times: Decrypt the value of the encryp-
tion dictionary’s
O
entry (first iteration) or the output from the previous iteration
(all subsequent iterations), using an RC4 encryption function with a different en-
cryption key at each iteration. The key is generated by taking the original key (ob-
tained in step 1) and performing an XOR (exclusive or) operation between each
byte of the key and the single-byte value of the iteration counter (from 19 to 0).
3.
The result of step 2 purports to be the user password. Authenticate this user pass-
word using Algorithm 3.6. If it is correct, the password supplied is the correct
owner password.
3.5.3 Public-Key Security Handlers
Security handlers may use
public-key
encryption technology to encrypt a
document (or strings and streams within a document). When doing so, it is
possible to specify one or more lists of recipients, where each list has its own
unique access permissions. Only specified recipients can open the encrypted
document or content, unlike the standard security handler, where a password
determines access. The permissions defined for public-key security handlers are
identical to those defined for the standard security handler (see Section 3.5.2,
Public-key security handlers use the industry standard Public Key Cryptographic
Standard Number 7 (PKCS#7) binary encoding syntax to encode recipient list,
decryption key, and access permission information. The PKCS#7 specification is
in Internet RFC 2315,
PKCS #7: Cryptographic Message Syntax, Version 1.5
(see
the Bibliography).
When encrypting the data, each recipient’s X.509 public key certificate (as
described in ITU-T Recommendation X.509; see the Bibliography) must be
available. When decrypting the data, the application scans the recipient list for
which the content is encrypted and attempts to find a match with a certificate that
belongs to the user. If a match is found, the user requires access to the
corresponding private key, which may require authentication, possibly using a
password. Once access is obtained, the private key is used to decrypt the
encrypted data.