Previous Next

                                                            134
             CHAPTER 3                                                                                Syntax



KEY                     TYPE            VALUE

Length                  integer         (Optional) The bit length of the encryption key. It must be a multiple of 8 in
                                        the range of 40 to 128.
                                        Note: Security handlers can define their own use of the Length entry but are en-
                                        couraged to use it to define the bit length of the encryption key.

             Security handlers can add their own private data to crypt filter dictionaries.
             Names for private data entries must conform to the PDF name registry (see
             Appendix E, “PDF Name Registry”).

                                        TABLE 3.23 Standard crypt filter names
             NAME                 DESCRIPTION

             Identity             Input data is passed through without any processing.

             Table 3.24 lists the additional crypt filter dictionary entries used by public-key
             security handlers (see Section 3.5.3, “Public-Key Security Handlers”). When
             these entries are present, the value of CFM must be V2 or AESV2.

              TABLE 3.24 Additional crypt filter dictionary entries for public-key security handlers
KEY                       TYPE          VALUE

Recipients                array or      (Required) If the crypt filter is referenced from StmF or StrF in the encryption
                          string        dictionary, this entry is an array of byte strings, where each string is a binary-
                                        encoded PKCS#7 object listing recipients that have been granted equal access
                                        rights to the document. The enveloped data contained in the PKCS#7 object
                                        includes both a 20-byte seed value used to compute the encryption key (see
                                        “Public-Key Encryption Algorithms” on page 130) followed by 4 bytes of per-
                                        missions settings (see Table 3.20) that apply to the recipient list. There should
                                        be only one object per unique set of access permissions. If a recipient appears
                                        in more than one list, the permissions used are those in the first matching list.
                                        If the crypt filter is referenced from a Crypt filter decode parameter dictio-
                                        nary (see Table 3.12), this entry is a string that is a binary-encoded PKCS#7
                                        object containing a list of all recipients who are permitted to access the corre-
                                        sponding encrypted stream. The enveloped data contained in the PKCS#7
                                        object is a 20-byte seed value used to create the encryption key that is used by
                                        Algorithm 3.1.

Previous Next