SECTION 3.5
129
Encryption
Public-Key Encryption Dictionary
Encryption dictionaries for public-key security handlers contain the common
entries shown in Table 3.18, whose values are described below. In addition, they
may contain the entry shown in Table 3.21.
The
Filter
entry is the name of a public-key security handler. Examples of existing
security handlers that support public-key encryption are
Entrust.PPKEF
,
Adobe.PPKLite
, and
Adobe.PubSec
. This handler will be the preferred handler
when encrypting the document.
Permitted values of the
SubFilter
entry for use with conforming public-key
security handlers are
adbe.pkcs7.s3
,
adbe.pkcs7.s4
, which are used when not
using crypt filters (see Section 3.5.4, “Crypt Filters”) and
adbe.pkcs7.s5
, which is
used when using crypt filters.
The
CF
,
StmF
, and
StrF
entries may be present when
SubFilter
is
adbe.pkcs7.s5
.
TABLE 3.21 Additional encryption dictionary entries for public-key security handlers
KEY
TYPE
VALUE
Recipients
array
(Required when
SubFilter
is
adbe.pkcs7.s3
or
adbe.pkcs7.s4
; PDF 1.3)
An array of
byte-strings, where each string is a PKCS#7 object listing recipients who have been
granted equal access rights to the document. The data contained in the PKCS#7 ob-
ject includes both a cryptographic key that is used to decrypt the encrypted data
and the access permissions (see Table 3.20) that apply to the recipient list. There
should be only one PKCS#7 object per unique set of access permissions; if a recipi-
ent appears in more than one list, the permissions used are those in the first match-
ing list.
Note:
When
SubFilter
is
adbe.pkcs7.s5
, recipient lists are specified in the crypt filter
dictionary; see Table 3.24.