Previous Next
133
SECTION 3.5 Encryption
KEY TYPE VALUE
CFM name (Optional) The method used, if any, by the consumer application to decrypt
data. The following values are supported:
None The application does not decrypt data but directs the input stream
to the security handler for decryption. (See implementation note
30 in Appendix H.)
V2 The application asks the security handler for the encryption key
and implicitly decrypts data with Algorithm 3.1, using the RC4 al-
gorithm.
AESV2 (PDF 1.6) The application asks the security handler for the en-
cryption key and implicitly decrypts data with Algorithm 3.1, us-
ing the AES algorithm in Cipher Block Chaining (CBC) mode
with a 16-byte block size and an initialization vector that is ran-
domly generated and placed as the first 16 bytes in the stream or
string.
When the value is V2 or AESV2, the application may ask once for this encryp-
tion key and cache the key for subsequent use for streams that use the same
crypt filter. Therefore, there must be a one-to-one relationship between a
crypt filter name and the corresponding encryption key.
Only the values listed here are supported. Applications that encounter other
values should report that the file is encrypted with an unsupported algo-
rithm.
Default value: None.
AuthEvent name (Optional) The event to be used to trigger the authorization that is required
to access encryption keys used by this filter. If authorization fails, the event
should fail. Valid values are:
• DocOpen: Authorization is required when a document is opened.
• EFOpen: Authorization is required when accessing embedded files.
Default value: DocOpen.
If this filter is used as the value of StrF or StmF in the encryption dictionary
(see Table 3.18), the application should ignore this key and behave as if the
value is DocOpen.
Previous Next