SECTION 3.5
133
Encryption
KEY
TYPE
VALUE
CFM
name
(Optional)
The method used, if any, by the consumer application to decrypt
data. The following values are supported:
None
The application does not decrypt data but directs the input stream
to the security handler for decryption. (See implementation note
The application asks the security handler for the encryption key
and implicitly decrypts data with Algorithm 3.1, using the RC4 al-
gorithm.
cryption key and implicitly decrypts data with Algorithm 3.1, us-
ing the AES algorithm in Cipher Block Chaining (CBC) mode
with a 16-byte block size and an initialization vector that is ran-
domly generated and placed as the first 16 bytes in the stream or
string.
V2
AESV2
(PDF 1.6)
The application asks the security handler for the en-
When the value is
V2
or
AESV2
, the application may ask once for this encryp-
tion key and cache the key for subsequent use for streams that use the same
crypt filter. Therefore, there must be a one-to-one relationship between a
crypt filter name and the corresponding encryption key.
Only the values listed here are supported. Applications that encounter other
values should report that the file is encrypted with an unsupported algo-
rithm.
Default value:
None
.
AuthEvent
name
(Optional)
The event to be used to trigger the authorization that is required
to access encryption keys used by this filter. If authorization fails, the event
should fail. Valid values are:
•
DocOpen
: Authorization is required when a document is opened.
•
EFOpen
: Authorization is required when accessing embedded files.
Default value:
DocOpen
.
If this filter is used as the value of
StrF
or
StmF
in the encryption dictionary
(see Table 3.18), the application should ignore this key and behave as if the
value is
DocOpen
.