CHAPTER 3
134
Syntax
KEY
TYPE
VALUE
Length
integer
(Optional)
The bit length of the encryption key. It must be a multiple of 8 in
the range of 40 to 128.
Note:
Security handlers can define their own use of the
Length
entry but are en-
couraged to use it to define the bit length of the encryption key.
Security handlers can add their own private data to crypt filter dictionaries.
Names for private data entries must conform to the PDF name registry (see
TABLE 3.23 Standard crypt filter names
NAME
DESCRIPTION
Identity
Input data is passed through without any processing.
security handlers (see Section 3.5.3, “Public-Key Security Handlers”). When
these entries are present, the value of
CFM
must be
V2
or
AESV2
.
TABLE 3.24 Additional crypt filter dictionary entries for public-key security handlers
KEY
TYPE
VALUE
Recipients
array or
string
(Required)
If the crypt filter is referenced from
StmF
or
StrF
in the encryption
dictionary, this entry is an array of byte strings, where each string is a binary-
encoded PKCS#7 object listing recipients that have been granted equal access
rights to the document. The enveloped data contained in the PKCS#7 object
includes both a 20-byte seed value used to compute the encryption key (see
missions settings (see Table 3.20) that apply to the recipient list. There should
be only one object per unique set of access permissions. If a recipient appears
in more than one list, the permissions used are those in the first matching list.
If the crypt filter is referenced from a
Crypt
filter decode parameter dictio-
nary (see Table 3.12), this entry is a string that is a binary-encoded PKCS#7
object containing a list of all recipients who are permitted to access the corre-
sponding encrypted stream. The enveloped data contained in the PKCS#7
object is a 20-byte seed value used to create the encryption key that is used by