Previous Next
129
SECTION 3.5 Encryption
Public-Key Encryption Dictionary
Encryption dictionaries for public-key security handlers contain the common
entries shown in Table 3.18, whose values are described below. In addition, they
may contain the entry shown in Table 3.21.
The Filter entry is the name of a public-key security handler. Examples of existing
security handlers that support public-key encryption are Entrust.PPKEF,
Adobe.PPKLite, and Adobe.PubSec. This handler will be the preferred handler
when encrypting the document.
Permitted values of the SubFilter entry for use with conforming public-key
security handlers are adbe.pkcs7.s3, adbe.pkcs7.s4, which are used when not
using crypt filters (see Section 3.5.4, “Crypt Filters”) and adbe.pkcs7.s5, which is
used when using crypt filters.
The CF, StmF, and StrF entries may be present when SubFilter is adbe.pkcs7.s5.
TABLE 3.21 Additional encryption dictionary entries for public-key security handlers
KEY TYPE VALUE
Recipients array (Required when SubFilter is adbe.pkcs7.s3 or adbe.pkcs7.s4; PDF 1.3) An array of
byte-strings, where each string is a PKCS#7 object listing recipients who have been
granted equal access rights to the document. The data contained in the PKCS#7 ob-
ject includes both a cryptographic key that is used to decrypt the encrypted data
and the access permissions (see Table 3.20) that apply to the recipient list. There
should be only one PKCS#7 object per unique set of access permissions; if a recipi-
ent appears in more than one list, the permissions used are those in the first match-
ing list.
Note: When SubFilter is adbe.pkcs7.s5, recipient lists are specified in the crypt filter
dictionary; see Table 3.24.
Previous Next